valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
964 Commits 2 Branches 1 Tag 33 MiB
e56ff47bb4
Commit Graph

964 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
e56ff47bb4 False Positive Reduction - pwhash 2019-04-24 10:34:32 +02:00
Florian Roth
89b893219f APT34 / OilRig PowerShell malware 
https://twitter.com/0xffff0800/status/1118406371165126656
 2019-04-17 13:52:03 +02:00
Florian Roth
b8451ac254 APT NK HiddenCobra HOPLIGHT 2019-04-14 18:07:07 +02:00
Florian Roth
6b51398f01 fix: deactivate rule due to missing support for md5() 2019-04-10 11:12:21 +02:00
Florian Roth
989a5fb54d Duqu 1_5, Flame2 Orchestrator, Stuxshop YARA 2019-04-09 08:47:58 +02:00
Florian Roth
ce4b185127 Ransomware Wadhrama 2019-04-07 20:20:11 +02:00
Florian Roth
d1b9c48fea docs: sig-base-rules.csv 2019-04-06 19:35:41 +02:00
Florian Roth
c1e2b7bc11 Suspicious RAR with .pdf ext obfuscation 2019-04-06 15:18:59 +02:00
Florian Roth
88101050ff APT37 rule by Steve Miller 2019-04-06 15:18:28 +02:00
Florian Roth
4c9d93b316 False Positives with SysInternals_Tool_Anomaly 2019-04-02 15:57:33 +02:00
Florian Roth
4511fcdc46 Fixed date values 2019-04-01 16:29:36 +02:00
Florian Roth
6b0f487d2b Signature-Base rule list with YARA rule hash 2019-04-01 16:29:25 +02:00
Florian Roth
4e7795e86b ATM Malware JavaDispCache by Frank Boldewin 
https://twitter.com/r3c0nst/status/1111254169623674882
 2019-03-28 14:25:44 +01:00
Florian Roth
ad2e653549 Elfin APT33 Hash IOCs 2019-03-28 14:25:11 +01:00
Florian Roth
aad4925d37 Improved TA17-293A rule by Kyle O'Meara 
https://insights.sei.cmu.edu/cert/2019/03/api-hashing-tool-imagine-that.html
 2019-03-26 11:41:00 +01:00
Florian Roth
c4b6c032f9 Operation ShadowHammer YARA rule 2019-03-25 18:37:42 +01:00
Florian Roth
3b15bd805b Improved LockerGoga rule (ransom note) 2019-03-19 16:53:29 +01:00
Florian Roth
d249f94c12 LockerGoga 
https://www.bleepingcomputer.com/news/security/lockergoga-ransomware-sends-norsk-hydro-into-manual-mode/
 2019-03-19 15:36:56 +01:00
Florian Roth
e9f0b5c239 False Positive Reduction 2019-03-19 15:36:34 +01:00
Florian Roth
9c1aff0963 False Positive Reduction 2019-03-08 10:13:00 +01:00
Florian Roth
0c1d02a6ef fix: fix in rule improvement 2019-03-02 17:14:36 +01:00
Florian Roth
78706dbe46 Reworked many rules based on YARA performance guidelines 
https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7
 2019-03-02 16:02:11 +01:00
Florian Roth
f3371f2cfd Obfuscated Batch Script 2019-03-01 08:30:35 +01:00
Florian Roth
9e051bd768 ATM malware dispenserXFS 2019-02-28 13:17:16 +01:00
Florian Roth
7c7ae36887 IOC fix in commented rule 2019-02-28 12:51:04 +01:00
Florian Roth
3327c8a9e4 BRONZE UNION hash IOCs 2019-02-28 12:50:53 +01:00
Florian Roth
fe92bee246 FP: sublime package - recon commands 2019-02-26 11:46:00 +01:00
Florian Roth
cb46d0e0ba False Positive Reduction 2019-02-24 13:15:53 +01:00
Florian Roth
11bbd517f8 APT BabyShark rule 
https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
 2019-02-24 13:15:40 +01:00
Florian Roth
d0b1e17dec False Positive Reduction 2019-02-19 23:46:28 +01:00
Florian Roth
4c5cbb4ee2 FP ntds.dit location 2019-02-19 12:57:36 +01:00
Florian Roth
e6264d4740 ntds.dit FP 2019-02-19 12:55:29 +01:00
Florian Roth
0448d97e8f FP: svchost.exe size 2019-02-19 12:53:01 +01:00
Florian Roth
8f7335c6ad Author adjustments 2019-02-19 08:25:27 +01:00
Florian Roth
4ed1ebc730 Improved suspicious LNK file rule 2019-02-19 08:25:15 +01:00
Florian Roth
63999ebad9 AUS parliament network compromise 
https://cyber.gov.au/government/news/parliament-house-network-compromise/
 2019-02-18 11:03:18 +01:00
Florian Roth
1b85e40833 Suspicious Word VBA Macro strings 2019-02-16 07:49:44 +01:00
Florian Roth
50b0a91ee0 FP: adjusted size of svchost.exe rule 2019-02-16 07:49:25 +01:00
Florian Roth
31be267244 Removed problematic string from rule 2019-02-14 08:42:04 +01:00
Florian Roth
77825e574c Merged suspicious Office Droppers rule with new rule 2019-02-13 08:27:24 +01:00
Florian Roth
a8e639a559 Sigbase rules CSV update 2019-02-11 15:26:17 +01:00
Florian Roth
692282b9d8 Renamed AutoCAD rule 2019-02-11 15:20:13 +01:00
Florian Roth
1b42ce45fa
Merge pull request #60 from JohnLaTwC/patch-11 
Create SUSP_autocad_lsp_malware.yar
 2019-02-11 15:17:06 +01:00
Florian Roth
6a1f8cc3a0
0x28 is subset of other condition 2019-02-11 15:13:47 +01:00
John Lambert
7ef2cad740
Create SUSP_autocad_lsp_malware.yar 2019-02-07 16:05:49 -08:00
Florian Roth
46075a8040 CSV now has sorted tags - makes diffs smaller 2019-02-07 18:57:48 +01:00
Florian Roth
2d096775a2
Merge pull request #59 from JohnLaTwC/patch-10 
Create gen_macro_StarOffice_suspicious.yar
 2019-02-07 18:48:14 +01:00
Florian Roth
ab3b967216
Minor changes 2019-02-07 18:09:34 +01:00
John Lambert
eba6596861
Create gen_macro_StarOffice_suspicious.yar 
Performed a retrohunt to narrow down to the malicious hashes listed
 2019-02-07 09:06:43 -08:00
Florian Roth
d919249ebd Signature base rules CSV update 2019-02-07 09:51:20 +01:00