valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
533 Commits 2 Branches 1 Tag 33 MiB
e58a67f5ad
Commit Graph

533 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
e58a67f5ad False Positive Reduction 2017-12-19 01:36:08 +01:00
Florian Roth
33560d9876 HatMan Sigs 
https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware
 2017-12-19 01:35:54 +01:00
Florian Roth
05a203dc7b False Positive Reduction 2017-12-17 23:55:33 +01:00
Florian Roth
ef4e347960 Suspicious Autoit by Microsoft 2017-12-16 15:43:56 +01:00
Florian Roth
0d4043a273 OTX filename and hash IOC update Dec 17 1 2017-12-16 13:22:06 +01:00
Florian Roth
201c5e55c3 OTX C2 IOC update - extracted IPv4 and IPv6 IOCs from default file 2017-12-16 13:21:38 +01:00
Florian Roth
9ba8762a64 Various changes, SIEM export options extended by Scott Carpenter 2017-12-16 13:20:50 +01:00
Florian Roth
7d526b9892 Minor changes, make it compatible with Python3 2017-12-16 13:18:27 +01:00
Florian Roth
142e856eca Lazarus group malware hash IOCs 2017-12-16 13:17:33 +01:00
Florian Roth
fef2d161cc APT Triton rule extended with my own rule 2017-12-16 10:47:55 +01:00
Florian Roth
8d7ae7128b OTX Hash IOCs: Update and False Positives removed 2017-12-15 14:30:00 +01:00
Florian Roth
c101ec5ea0 ICS Attack Framework TRITON 
https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html
 2017-12-14 16:23:43 +01:00
Florian Roth
2dde4ad69a ZXShell Update 2017-12-12 01:00:22 +01:00
Florian Roth
5f17ceeb5e APT xRAT 
http://blog.trendmicro.com/trendlabs-security-intelligence/untangling-the-patchwork-cyberespionage-group/
 2017-12-12 01:00:00 +01:00
Florian Roth
c13e07a8b5 False Positive Reduction 2017-12-12 00:59:36 +01:00
Florian Roth
0e26cdfb37 Chrome file size anomaly false positive 2017-12-08 12:19:45 +01:00
Florian Roth
7d90aa1737 APT34 rules 
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
 2017-12-08 12:19:27 +01:00
Florian Roth
14137908cc False Positive Reduction 2017-12-07 15:23:59 +01:00
Florian Roth
ba3802d816 Universal exploit strings 2017-12-06 22:38:09 +01:00
Florian Roth
80c5113b02 Suspicious JS content 2017-12-06 22:37:57 +01:00
Florian Roth
41e0956fdc Remote Admin - tool 2017-12-06 22:37:40 +01:00
Florian Roth
2c1e768adc Charming Kitten Hash IOCs 2017-12-06 22:37:12 +01:00
Florian Roth
4c893df291 Carbanak Hash IOCs 2017-12-06 22:37:01 +01:00
Florian Roth
f34bf9d9c8 Reduced false positives with PowerShell casing anomaly rule 2017-11-30 15:13:36 +01:00
Florian Roth
2f9ac3fe8f UBoatRAT 
https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
 2017-11-30 15:13:21 +01:00
Florian Roth
500e6c2da2 ROKRAT Update 
http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html
 2017-11-29 16:04:36 +01:00
Florian Roth
beb91736c3 Improved CVE 2017 8759 rule 2017-11-28 10:56:48 +01:00
Florian Roth
eaf9756bc9 Greenbug Malware 2017-11-27 16:55:43 +01:00
Florian Roth
7a9d7b9abd APT Turla Neuron 2017-11-25 00:40:07 +01:00
Florian Roth
dc521f581d Fixed OilRig rule - missing pe module 2017-11-24 13:06:18 +01:00
Florian Roth
864ca6c808 Put the threat intel receivers under the Apache License 2017-11-23 22:04:51 +01:00
Florian Roth
10607e7268 Updated Hash IOCs 2017-11-23 21:48:56 +01:00
Florian Roth
a6383df158 CVE-2017-11882 by John Davison 2017-11-23 20:33:58 +01:00
Florian Roth
f8f8193249 Typo in ALFA shell rule 2017-11-22 18:15:00 +01:00
Florian Roth
15cbfd9048 New OilRig signature 
https://twitter.com/ClearskySec/status/933280188733018113
 2017-11-22 18:14:50 +01:00
Florian Roth
f11f0b27c1 Malicious lnk file rule 2017-11-22 16:46:31 +01:00
Florian Roth
8515a0b301 Improved description and added note for known false positives 2017-11-22 13:42:44 +01:00
Florian Roth
30610ff120 Webshell FOPO Obfuscation 2017-11-18 20:04:29 +01:00
Florian Roth
6943c01fc2 Alert (TA17-318B) HIDDEN COBRA – Volgmer 
https://www.us-cert.gov/ncas/alerts/TA17-318B
 2017-11-15 21:45:49 +01:00
Florian Roth
b7621bcb99 Alert (TA17-318A) HIDDEN COBRA – FALLCHILL 
https://www.us-cert.gov/ncas/alerts/TA17-318A
 2017-11-15 21:45:10 +01:00
Florian Roth
c0ab6f8453 False Positives 2017-11-12 18:35:04 +01:00
Florian Roth
b187609d40 Reaver and SunOrcal malware 
https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/
 2017-11-12 15:13:38 +01:00
Florian Roth
55868b5eff False Positive Reduction 2017-11-08 18:39:40 +01:00
Florian Roth
5bd15e9651 Bronze Butler Daserf malware 2017-11-08 12:52:38 +01:00
Florian Roth
3795d702b3 CrunchRAT 
https://github.com/t3ntman/CrunchRAT
 2017-11-04 01:57:05 +01:00
Florian Roth
be700a3c42 PowerShell Obfuscated Invoke - PE Loader 2017-11-03 08:28:52 +01:00
Florian Roth
b6522edf1f KeyBoys malware 
http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html
 2017-11-03 08:28:16 +01:00
Florian Roth
b08dc91116 OTX IOCs Update Nov 17 2017-11-02 09:08:22 +01:00
Florian Roth
f33f0140eb Silence malware 
https://securelist.com/the-silence/83009/
 2017-11-02 09:07:58 +01:00
Florian Roth
6d85ad4e2e Missing "pe" module import in Kasper rule 2017-10-31 12:11:27 +01:00