Florian Roth
02b006d92b
RAT YARA rules from malwareconfig.com
...
Thx to Kevin Breen
2016-12-27 23:26:07 +01:00
Florian Roth
ceb33d261d
Telebots YARA Rule
2016-12-27 23:23:59 +01:00
Florian Roth
473ca25339
Promethium Neodymium YARA Rules
2016-12-27 23:23:46 +01:00
Florian Roth
54e1276cd1
False Positive - PipeList
2016-12-27 23:20:01 +01:00
Florian Roth
a568be5030
File Type Signature - Windows Registry Files
2016-12-27 23:19:03 +01:00
Florian Roth
1f78a4e321
OTX Update
2016-12-27 23:18:34 +01:00
Florian Roth
50f14d7d1d
ShadowBroker Screens File Names
2016-12-18 12:20:09 +01:00
Florian Roth
f485f9bc93
Merged branch master into master
2016-12-18 11:43:28 +01:00
Florian Roth
524bee2139
ShadowBroker Screens / README Extractions
2016-12-18 11:41:35 +01:00
Florian Roth
230713a9e7
SysInternals Anomalies
2016-12-09 00:20:38 +01:00
Florian Roth
cb85ea73ca
GoldenEye Ransomware
2016-12-06 17:13:12 +01:00
Florian Roth
86e45a3e70
Shamoon 2.0 Rev1
2016-12-01 23:02:21 +01:00
Florian Roth
a9ff4c43c1
Regshell False Positive
2016-12-01 22:44:48 +01:00
Florian Roth
83daf31b8e
Shamoon 2.0
2016-12-01 22:44:35 +01:00
Florian Roth
86de943e70
False Positive Reduced
2016-11-29 17:50:21 +01:00
Florian Roth
3e7ce48830
Changed duplicate rule name
2016-11-12 12:26:55 +01:00
Florian Roth
ad1adfb497
APT29 Post-Election Activity
2016-11-11 11:01:17 +01:00
Florian Roth
4391fec217
Empire YARA Sigs
2016-11-05 19:57:12 +01:00
Florian Roth
f584562c7e
Suspicious String - Ping in EXE
2016-11-05 10:32:30 +01:00
Florian Roth
ab8405b5ab
Empire - Out-MiniDump
2016-11-05 10:32:19 +01:00
Florian Roth
2473afce79
Minor Changes
2016-11-05 10:31:58 +01:00
Florian Roth
0633e4fdf0
Webshell AJAX False Positive
2016-11-05 10:31:43 +01:00
Florian Roth
eab4b5131b
False Positives
2016-10-29 12:28:54 +02:00
Florian Roth
c1d9a5379c
Improved DirtyCOW Rule
2016-10-24 16:40:54 +02:00
Florian Roth
7a219e5a4b
DirtyCOW Update
2016-10-24 09:50:52 +02:00
Florian Roth
0b503ee5a7
Dirty COW
2016-10-22 17:34:30 +02:00
Florian Roth
a0d9c25014
PassCV YARA Rules
...
https://blog.cylance.com/digitally-signed-malware-targeting-gaming-compa
nies
2016-10-21 11:44:38 +02:00
Florian Roth
cc4ca36975
OilRig Campaign
...
http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware
-campaign-updates-toolset-and-expands-targets/
2016-10-13 09:40:36 +02:00
Florian Roth
4f9a5cf384
False Positive on NT
2016-10-13 09:40:36 +02:00
Florian Roth
784a38464b
Odinaff Hash IOCs
2016-10-13 09:40:36 +02:00
Florian Roth
7f3a863862
False Positive
2016-10-13 09:40:36 +02:00
Florian Roth
3e98d30987
GPL Statement in README
2016-10-13 09:01:52 +02:00
Florian Roth
e7dd247fa3
Signature Update October 2016 A
2016-10-09 11:33:29 +02:00
Florian Roth
2f4147b6bb
Mirai Botnet Malware and Improvements
2016-10-06 08:48:52 +02:00
Florian Roth
cb0c06d4b5
Removed PHP in images sections - FPs
...
[ALERT] File Name IOC matched PATTERN:
\\(images|img|js|fonts|css|swf)\\[^\\]{,20}\.(php|jsp|jspx|asp|aspx)
MATCH:
G:\Part2\Joomla_3.3.6-Stable-Full\administrator\components\com_media\vie
ws\images\view.html.php
2016-09-16 09:26:41 +02:00
Florian Roth
eca1aacf8c
File Name Characteristics Update
2016-09-16 08:53:24 +02:00
Florian Roth
3b47e3ecd2
Antic Webshell
2016-09-11 16:43:47 +02:00
Florian Roth
dcd5367120
Webshell Name
2016-09-11 16:30:01 +02:00
Florian Roth
5f673df5f6
New Webshell Rules
2016-09-11 15:59:52 +02:00
Florian Roth
80849d2434
APT29 IOCs and Pirpi YARA Rules
2016-09-11 15:59:36 +02:00
Florian Roth
5744546da1
Fixed duplicate rule name bug
2016-09-11 15:58:57 +02:00
Florian Roth
a3ed8d33b3
New Hacktool Signatures
2016-09-10 01:16:40 +02:00
Florian Roth
bf93ee34d5
APT Buckeye
2016-09-10 01:16:28 +02:00
Florian Roth
0a1648519f
PowerShell Toolkit YARA Rules
2016-09-04 18:19:57 +02:00
Florian Roth
c8617942ce
Malware Set QA
2016-09-02 08:50:46 +02:00
Florian Roth
54f6aecd44
Removed duplicate rule
2016-08-31 14:34:21 +02:00
Florian Roth
0dfc21592c
WCE in-memory rule
2016-08-30 19:41:30 +02:00
Florian Roth
8b303b41e3
JSP Webshell Names by Cisco Talos
2016-08-30 19:41:19 +02:00
Florian Roth
ffe3aca416
Removed C2 prone to false positives
2016-08-27 00:21:23 +02:00
Florian Roth
08ebcc5b36
OTX Update and b374k back connect shell
2016-08-26 21:43:11 +02:00