valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,440 Commits 2 Branches 1 Tag 33 MiB
edce667378
Commit Graph

1440 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
9a2ca27f35 rule improvements 2021-02-16 10:27:53 +01:00
Arnim Rupp
187b76efbe fix 2021-02-15 12:57:19 +01:00
Florian Roth
36b02fc49e
Merge pull request #121 from utkonos/patch-1 
Add a new named pipe found in recent Winexe sample
 2021-02-11 09:00:26 +01:00
Malware Utkonos
2f3f686992
Add a new named pipe found in recent Winexe sample 
Example: d19dfdbe747e090c5aa2a70cc10d081ac1aa88f360c3f378288a3651632c4429
 2021-02-10 21:47:29 -05:00
Florian Roth
f66a9068c7 Bitter APT 0day exploit 2021-02-10 13:25:18 +01:00
Arnim Rupp
54c952aeaa final version 2021-02-09 23:00:43 +01:00
Arnim Rupp
29df350bfe Create gen_webshell_no_priv.yar 2021-02-09 01:15:25 +01:00
Arnim Rupp
92ce2ff93d Update gen_webshells.yar 2021-02-08 00:19:10 +01:00
Arnim Rupp
30d3eb27ff Update gen_webshells.yar 2021-02-07 01:45:19 +01:00
Arnim Rupp
862cb1e904 46 new webshell rules 
sorry, they use private rules so they won't properly show the matching strings in thor & loki but it's just convenient
 2021-02-06 22:53:20 +01:00
Florian Roth
3c663233b7 fix: FPs 2021-02-05 08:46:11 +01:00
Florian Roth
c7dbbb507f fix: FP with IOC for Evilnum 2021-02-04 19:18:08 +01:00
Florian Roth
9cb7c9932a fix: FPs and hash IOCs 2021-02-04 11:08:46 +01:00
Florian Roth
42ef9af7ff fix: Unicode characters in rule 2021-02-02 13:54:00 +01:00
Florian Roth
5aa84eb356 Kobalos malware 2021-02-02 13:45:03 +01:00
Florian Roth
4c0d474926 Lazarus IOCs 2021-01-30 11:42:33 +01:00
Florian Roth
0a28b3e0cb SYS Driver negative matches 2021-01-28 12:34:53 +01:00
Florian Roth
07e14acbd0 TLB FPs 2021-01-28 12:34:33 +01:00
Florian Roth
e15cdda433 Lazarus VEST rule 2021-01-28 12:34:12 +01:00
Florian Roth
13230a6911 TLB Exploit Scripts 2021-01-26 13:18:26 +01:00
Florian Roth
712a2b45bd Lazarus Campaign C2s 2021-01-26 13:18:08 +01:00
Florian Roth
39fbce61e7 Lazarus IOCs 2021-01-26 10:25:36 +01:00
Florian Roth
7ff273f3a0 fix: FPs 2021-01-25 21:21:40 +01:00
Florian Roth
885b5c1f70 fix: FP 2021-01-25 21:20:16 +01:00
Florian Roth
d580ec3759
Merge pull request #117 from 2d4d/master 
some more guid tools + search by names for the ones without guid
 2021-01-22 08:23:48 +01:00
Arnim Rupp
0d1648a850 Update gen_github_net_redteam_tools_names.yara 2021-01-22 00:43:31 +01:00
Arnim Rupp
a1f88b4e49 Create gen_github_net_redteam_tools_names.yara 2021-01-22 00:39:25 +01:00
Arnim Rupp
8f4cfc2196 Update gen_github_net_redteam_tools_guids.yara 
rule HKTL_NET_GUID_Manager {
rule HKTL_NET_GUID_neo_ConfuserEx {
rule HKTL_NET_GUID_SharpAllowedToAct {
rule HKTL_NET_GUID_SuperSQLInjectionV1 {
rule HKTL_NET_GUID_ADSearch {
rule HKTL_NET_GUID_privilege_escalation_awesome_scripts_suite {
rule HKTL_NET_GUID_CVE_2020_1206_POC {
rule HKTL_NET_GUID_DInvoke {
rule HKTL_NET_GUID_SharpChisel {
rule HKTL_NET_GUID_SharpScribbles {
rule HKTL_NET_GUID_SharpReg {
rule HKTL_NET_GUID_MemeVM {
rule HKTL_NET_GUID_SharpDir {
rule HKTL_NET_GUID_AtYourService {
rule HKTL_NET_GUID_LockLess {
rule HKTL_NET_GUID_EasyNet {
rule HKTL_NET_GUID_SharpByeBear {
rule HKTL_NET_GUID_SharpHide {
rule HKTL_NET_GUID_SharpSvc {
rule HKTL_NET_GUID_SharpCrashEventLog {
rule HKTL_NET_GUID_DotNetToJScript_LanguageModeBreakout {
rule HKTL_NET_GUID_SharPermission {
rule HKTL_NET_GUID_RegistryStrikesBack {
rule HKTL_NET_GUID_CloneVault {
rule HKTL_NET_GUID_donut {
rule HKTL_NET_GUID_SharpHandler {
rule HKTL_NET_GUID_Driver_Template {
rule HKTL_NET_GUID_NashaVM {
 2021-01-21 23:25:30 +01:00
Florian Roth
3161b48ad6 Sunburst IOCs 2021-01-21 12:44:22 +01:00
Florian Roth
44320fb365 fix: FPs 2021-01-21 12:44:22 +01:00
Florian Roth
e98be813f2
Merge pull request #114 from 2d4d/master 
Update gen_github_net_redteam_tools_guids.yara
 2021-01-20 20:54:58 +01:00
Arnim Rupp
97537b7595 add solarwinds credential stealer + PHPs <?= to filetypes 2021-01-20 19:45:10 +01:00
Florian Roth
06a460012d More rules 2021-01-19 18:04:13 +01:00
Arnim Rupp
3fd60afc62 Update gen_github_net_redteam_tools_guids.yara 2021-01-04 18:05:13 +01:00
Florian Roth
58f30c5b94 CryptoMiners January 2020 2021-01-04 16:55:55 +01:00
Florian Roth
6d6367447f filename IOC FPs 2021-01-04 16:55:44 +01:00
Florian Roth
5669558578 fix: duplicates 2021-01-04 16:55:36 +01:00
Florian Roth
5d6e724525 fix: FPs with KeePass 2 2020-12-30 09:40:39 +01:00
Florian Roth
bbdd0ffb1e fix: dysfunctional rule 2020-12-30 09:40:31 +01:00
Florian Roth
d214ef7ce3 Lucky Mouse campaign hashes 2020-12-29 16:01:37 +01:00
Florian Roth
5856edf570
Merge pull request #113 from 2d4d/master 
+80 tools to gen_github_net_redteam_tools_guids.yara
 2020-12-29 14:03:02 +01:00
Arnim Rupp
cd83f5a2b8 Update gen_github_net_redteam_tools_guids.yara 
+5
 2020-12-29 12:42:37 +01:00
Arnim Rupp
bc0deedfdc Update gen_github_net_redteam_tools_guids.yara 
+2
 2020-12-29 12:24:44 +01:00
Arnim Rupp
61ca1ef2a6 Merge branch 'master' of https://github.com/2d4d/signature-base 2020-12-29 00:35:57 +01:00
Arnim Rupp
f547352fca Update gen_github_net_redteam_tools_guids.yara 2020-12-29 00:26:23 +01:00
Florian Roth
95cfe7a225
Merge pull request #111 from 2d4d/master 
more c# tools, rules for standard fnv1a + sunburst like XOR + RET
 2020-12-24 11:04:25 +01:00
Florian Roth
c5c6720a15
style: changed file name to lowercase 2020-12-24 09:39:22 +01:00
Arnim Rupp
9fba4e159f Create APT_Backdoor_SUNBURST_fnv1a_experimental.yar 2020-12-23 20:37:38 +01:00
Arnim Rupp
02d159ad93 Update gen_github_net_redteam_tools_guids.yara 
some more tools
 2020-12-23 20:24:42 +01:00
Florian Roth
c898053424 fix: FPs with Lazarus IOCs 2020-12-23 16:19:52 +01:00