valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
303 Commits 2 Branches 1 Tag 33 MiB
d5892fdbc6
Commit Graph

303 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
d5892fdbc6 HTA File Anomalies 2017-06-21 15:56:24 +02:00
Florian Roth
33c2a7fcc8 New Mimikatz Strings Rule 2017-06-21 15:56:06 +02:00
Florian Roth
530134921a False Positive 2017-06-21 15:55:04 +02:00
Florian Roth
9fba9246dc Numerous new file name signatures 
Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor
 2017-06-18 09:20:29 +02:00
Florian Roth
91862d2006 False positive with KAV 2017-06-17 10:53:32 +02:00
Florian Roth
78c49917db Invoke-TheHash 2017-06-14 21:46:43 +02:00
Florian Roth
024e26df96 Hidden Cobra IOCs and YARA Sigs 2017-06-14 09:16:23 +02:00
Florian Roth
9e830da305 Industroyer YARA Sigs 2017-06-14 09:05:54 +02:00
Florian Roth
c9e26ccac5 Industroyer / CrashOverride IOCs (Filenames, Hashes) 2017-06-13 13:23:43 +02:00
Florian Roth
b08898cbb2 Crash Override YARA Sigs 
https://t.co/h8QaIP4FU8
 2017-06-12 19:49:08 +02:00
Florian Roth
c9f60eb9d5 False Positive from OTX 2017-06-08 17:23:18 +02:00
Florian Roth
32ec315e97 False Positive Reduction 2017-06-08 17:08:04 +02:00
Florian Roth
054a4f3061 Generic Credential Stealer 2017-06-07 16:21:24 +02:00
Florian Roth
0082d91da8 APT 19 - FireEye report 
https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html
 2017-06-07 16:20:34 +02:00
Florian Roth
f4c725bb84 False Positive Reduction 2017-06-07 09:18:52 +02:00
Florian Roth
346b903485 Removed hacktoolset from rules 2017-06-06 23:21:29 +02:00
Florian Roth
ba81dfbebf False Positive Reduction 2017-06-06 09:16:02 +02:00
Florian Roth
890c6f122b FireEye - EternalBlue Non-Wannacry attack 
https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html
 2017-06-04 17:00:14 +02:00
Florian Roth
fbb3719ab4 Fireball: Another File Name IOC 
https://www.hybrid-analysis.com/sample/f964a4b95d5c518fd56f06044af39a146d84b801d9472e022de4c929a5b8fdcc?environmentId=100
 2017-06-03 14:51:10 +02:00
Florian Roth
8e5c129124 Renamed Rule 2017-06-03 14:36:07 +02:00
Florian Roth
d80a434473 Fireball Malware 2017-06-03 14:34:20 +02:00
Florian Roth
e0bb3b902e TA459 Malware 2017-06-01 19:46:36 +02:00
Florian Roth
a564c714e5 False Positive - nltest.exe 2017-06-01 19:46:22 +02:00
Florian Roth
fc807db9ce False Positives 2017-05-25 11:36:50 +02:00
Florian Roth
fec50df702 False Positives 2017-05-22 16:46:08 +02:00
Florian Roth
d14126699f Merge pull request #15 from msenturk/patch-1 
wannacry hashes
 2017-05-21 18:35:52 +02:00
Florian Roth
d8956eabe8 False Positives 2017-05-20 10:18:37 +02:00
Florian Roth
27ca4a3c23 EternalRocks 2017-05-18 08:51:29 +02:00
Florian Roth
9359eee461 Kaspersky's lazaruswannacry rule 2017-05-15 23:24:22 +02:00
msenturk
d3fe119760 wannacry hashes 2017-05-15 22:11:46 +03:00
Florian Roth
e65845f278 Malware Dropper - DOCM in PDF 2017-05-15 19:36:58 +02:00
Florian Roth
6b66ad72b8 Updated WannCry Ransomware Rule 2017-05-15 19:36:40 +02:00
Florian Roth
b519e7cc51 WannaCry - New Generic Rule 2017-05-14 16:13:18 +02:00
Florian Roth
629337be4e Update on WannaCry Rules 2017-05-13 19:30:36 +02:00
Florian Roth
a8a3ec5348 Update on WannaCry Rules 2017-05-13 19:27:58 +02:00
Florian Roth
e785dcc509 Added WannaCry string for ZIP password 2017-05-13 11:27:40 +02:00
Florian Roth
b110d022ed Fixed WannaCry extensions to the end of string 2017-05-13 10:50:43 +02:00
Florian Roth
5342cf8057 WannaCry Ransomware file names 2017-05-13 10:49:48 +02:00
Florian Roth
3ce5d5a213 WannaCry YARA Rules 2017-05-13 10:05:08 +02:00
Florian Roth
4b9d80d4bd Mirai Malware Update 2017-05-12 16:49:51 +02:00
Florian Roth
cbb45ab017 FP Hash DA5EE020BEF41DC95C3532CBAA1EA8F4 2017-05-12 15:48:50 +02:00
Florian Roth
b43cf3b185 Rule cleanup 2017-05-11 13:34:28 +02:00
Florian Roth
7404d697ca Keylogging HP Audio Driver 2017-05-11 13:34:10 +02:00
Florian Roth
3344486b9c Vault7 Archimedes File Name Pattern (low scoring) 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:55 +02:00
Florian Roth
af4b03df31 Vault7 Archimedes File Hashes 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:29 +02:00
Florian Roth
7522ec6f7e Impacket Generic Rule FPs 2017-05-05 15:13:57 +02:00
Florian Roth
340c60d9b7 ISM RAT Filenames 2017-05-04 13:10:04 +02:00
Florian Roth
dd145e731a ISMRAT 2017-05-04 12:22:58 +02:00
Florian Roth
0208aef709 Update on Snake/Turla - Shell scripts 2017-05-04 11:55:50 +02:00
Florian Roth
2c84ae6371 Kazuar Hashes 2017-05-04 11:30:08 +02:00