valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,440 Commits 2 Branches 1 Tag 33 MiB
edce667378
Commit Graph

1440 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
edce667378 fix: FP with Avira DLL 2021-03-16 16:54:06 +01:00
Florian Roth
f42ad75846 fix: non-ASCII character in rule 2021-03-16 16:44:22 +01:00
Florian Roth
c270cf69d2 BSI compiled webshell 2021-03-16 16:11:30 +01:00
Florian Roth
7d1d98b422 FIN8 rule by Frank Boldewin 2021-03-16 15:14:34 +01:00
Florian Roth
965f002fb0 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-16 11:58:25 +01:00
Florian Roth
dec1b287ba fix: FPs with opera_browser.dll 2021-03-16 11:58:23 +01:00
Florian Roth
4539053ab0
Merge pull request #132 from 2d4d/master 
Update gen_webshells.yar
 2021-03-16 08:27:02 +01:00
Arnim Rupp
f91594b68b Update gen_webshells.yar 
fix some fp
 2021-03-16 08:21:14 +01:00
Florian Roth
6ef76cf00e More Filename IOCs 2021-03-15 18:26:08 +01:00
Florian Roth
cbdad99ef9 MSF update HAFNIUM rule 2021-03-15 16:20:06 +01:00
Florian Roth
a6ac0b3c37 fix: FPs 2021-03-15 09:36:00 +01:00
Florian Roth
b0afe35b5b
Merge pull request #131 from 2d4d/master 
Update gen_webshells.yar
 2021-03-15 09:01:29 +01:00
Florian Roth
ab47ba7992
Merge branch 'master' into master 2021-03-15 08:54:24 +01:00
Florian Roth
9f9de02e24 fix: FPs with webshell_asp_obfuscated 2021-03-15 08:53:30 +01:00
Arnim Rupp
b0cfd66c6d Update gen_webshells.yar 
fix 2 fp
 2021-03-15 08:16:08 +01:00
Arnim Rupp
aa911e2611 Update gen_webshells.yar 
new rules:
webshell_asp_sql
webshell_asp_scan_writable
webshell_asp_generic_registry_reader
webshell_asp_sniffer
 2021-03-15 01:39:03 +01:00
Florian Roth
0ea3fc531d fix: FPs with webshell rule 2021-03-13 11:37:11 +01:00
Florian Roth
2615f54888 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-13 09:25:55 +01:00
Florian Roth
88f3af304e fix: FPs 2021-03-13 09:25:52 +01:00
Florian Roth
e264117f77
Merge pull request #130 from 2d4d/master 
Update gen_webshells.yar
 2021-03-12 19:12:14 +01:00
Florian Roth
868d2a2c7e More webshell coverage 2021-03-12 16:55:51 +01:00
Arnim Rupp
21ebebf999 Update gen_webshells.yar 
fix to find proxy logon webshells
 2021-03-12 15:16:09 +01:00
Florian Roth
58edc4f723 fix: duplicate identifier 2021-03-12 14:15:47 +01:00
Florian Roth
90b2bd4462 Another DearCry rule 2021-03-12 14:08:54 +01:00
Florian Roth
f681f82640 refactor: rule strings 2021-03-12 13:44:53 +01:00
Florian Roth
f6990305ab fix: meta data hashes 2021-03-12 13:42:20 +01:00
Florian Roth
83e2659c82 rule: DearCry ransomware 2021-03-12 13:41:22 +01:00
Florian Roth
ed2851b7ae HAFNIUM IOC 2021-03-11 18:21:17 +01:00
Florian Roth
ce11d60f5e HAFNIUM forensic artefact 2021-03-11 17:58:27 +01:00
Florian Roth
9568f16cd8 HAFNIUM filename IOC 2021-03-11 13:59:07 +01:00
Florian Roth
6b9ba64b6c fix: filename IOCs 2021-03-11 12:11:43 +01:00
Florian Roth
07cd5d31e3
Merge pull request #128 from 2d4d/master 
Update gen_webshells.yar
 2021-03-11 09:40:23 +01:00
Arnim Rupp
08bd7513bc Update gen_webshells.yar 
find more php obfuscation
 2021-03-11 08:22:32 +01:00
Florian Roth
51404deb0b
Merge pull request #123 from 2d4d/master 
Update gen_webshells.yar
 2021-03-10 19:35:14 +01:00
Florian Roth
acf101377f fix: FPs 2021-03-10 19:04:47 +01:00
Florian Roth
ceef742cdb score adjusted 2021-03-10 18:51:06 +01:00
Florian Roth
05ae6337b8 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-10 15:33:24 +01:00
Florian Roth
097f3fde5a fix: rule prone to FPs 2021-03-10 15:33:22 +01:00
Florian Roth
e970616b43
Merge pull request #126 from svch0stz/patch-2 
Added additional URI seen in intrusions
 2021-03-10 11:22:30 +01:00
Florian Roth
326a672188
Merge branch 'master' into patch-2 2021-03-10 11:19:27 +01:00
Florian Roth
24486c6499 Update apt_hafnium_log_sigs.yar 2021-03-10 11:18:54 +01:00
Florian Roth
c31303aa12
Merge branch 'master' into patch-2 2021-03-10 11:17:14 +01:00
Florian Roth
87bbd063f1 Update apt_hafnium_log_sigs.yar 2021-03-10 11:09:15 +01:00
Florian Roth
cf4fb5366b refactor: refactored hafnium log rule 2021-03-10 10:50:18 +01:00
svch0stz
7d06449912
Added additional URL seen in intrusions 
Added "/owa/auth/x.js" ascii wide
 2021-03-10 19:55:59 +11:00
Florian Roth
d921acf6e8 adjusted size of samples 2021-03-10 08:28:47 +01:00
Florian Roth
ba3cf1a5c7 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-10 08:19:05 +01:00
Florian Roth
3b94ca4b7f extended HAFNIUM log sig 2021-03-10 08:19:03 +01:00
Florian Roth
e62942ccf3
Merge pull request #125 from svch0stz/patch-1 
Detection for CVE-2021-27055 activity
 2021-03-10 08:18:27 +01:00
Florian Roth
b060a45e48
One more slash to tighten rule 2021-03-10 08:16:36 +01:00