valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
498 Commits 2 Branches 1 Tag 33 MiB
f11f0b27c1
Commit Graph

498 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
f11f0b27c1 Malicious lnk file rule 2017-11-22 16:46:31 +01:00
Florian Roth
8515a0b301 Improved description and added note for known false positives 2017-11-22 13:42:44 +01:00
Florian Roth
30610ff120 Webshell FOPO Obfuscation 2017-11-18 20:04:29 +01:00
Florian Roth
6943c01fc2 Alert (TA17-318B) HIDDEN COBRA – Volgmer 
https://www.us-cert.gov/ncas/alerts/TA17-318B
 2017-11-15 21:45:49 +01:00
Florian Roth
b7621bcb99 Alert (TA17-318A) HIDDEN COBRA – FALLCHILL 
https://www.us-cert.gov/ncas/alerts/TA17-318A
 2017-11-15 21:45:10 +01:00
Florian Roth
c0ab6f8453 False Positives 2017-11-12 18:35:04 +01:00
Florian Roth
b187609d40 Reaver and SunOrcal malware 
https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/
 2017-11-12 15:13:38 +01:00
Florian Roth
55868b5eff False Positive Reduction 2017-11-08 18:39:40 +01:00
Florian Roth
5bd15e9651 Bronze Butler Daserf malware 2017-11-08 12:52:38 +01:00
Florian Roth
3795d702b3 CrunchRAT 
https://github.com/t3ntman/CrunchRAT
 2017-11-04 01:57:05 +01:00
Florian Roth
be700a3c42 PowerShell Obfuscated Invoke - PE Loader 2017-11-03 08:28:52 +01:00
Florian Roth
b6522edf1f KeyBoys malware 
http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html
 2017-11-03 08:28:16 +01:00
Florian Roth
b08dc91116 OTX IOCs Update Nov 17 2017-11-02 09:08:22 +01:00
Florian Roth
f33f0140eb Silence malware 
https://securelist.com/the-silence/83009/
 2017-11-02 09:07:58 +01:00
Florian Roth
6d85ad4e2e Missing "pe" module import in Kasper rule 2017-10-31 12:11:27 +01:00
Florian Roth
1e22089eee Missing "pe" module import in APT28 rule 2017-10-31 11:29:48 +01:00
Florian Roth
8ffdc4c43c Kasper malware update 2017-10-31 10:44:39 +01:00
Florian Roth
49ce0546e9 APT Sofacy Hospitality report malware by CSECybsec 
http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf
 2017-10-31 10:44:17 +01:00
Florian Roth
c83cf1a6ed Improved DDE in Office documents rules by NVISO Labs 2017-10-25 23:44:30 +02:00
Florian Roth
85c8608499 False Positive Reduction 2017-10-25 23:43:56 +02:00
Florian Roth
957ac24585 BadRabbit ransomware 2017-10-25 08:57:00 +02:00
Florian Roth
04825e634c Sofacy Campaign IOCs 2017-10-23 19:10:44 +02:00
Florian Roth
e2e253c2f2 APT28 / Sofacy malware 
http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
 2017-10-23 16:56:32 +02:00
Florian Roth
b542e0635c Cleanup 2017-10-23 16:54:53 +02:00
Florian Roth
81e2977704 False Positive Reduction 2017-10-23 16:54:34 +02:00
Florian Roth
3947d5adfd Changed wording after quality checks 2017-10-21 19:56:50 +02:00
Florian Roth
bce45632c9 US-CERT TA17-293A - modified YARA rule set 
https://www.us-cert.gov/ncas/alerts/TA17-293A
 2017-10-21 19:53:02 +02:00
Florian Roth
c9a9932b7b Bad Patch report YARA signatures 
https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/
 2017-10-21 16:27:18 +02:00
Florian Roth
4755027693 US-CERT TA17-293A - Part 1 - Filename, Hash, C2 IOCs 
https://www.us-cert.gov/ncas/alerts/TA17-293A
 2017-10-21 16:26:07 +02:00
Florian Roth
7db1c95466 Added AirBnb / BinaryAlert YARA rules in new vendor directory 2017-10-20 11:21:49 +02:00
Florian Roth
43d5b1737f Bugfix in Puppy RAT rule 2017-10-20 09:54:59 +02:00
Florian Roth
cda2de3d94 HKDoor report IOCs 2017-10-19 12:01:37 +02:00
Florian Roth
bd33c27075 OilRig filename IOCs 2017-10-19 12:01:23 +02:00
Florian Roth
8e01421bc4 Leviathan APT - Maritime and Defense Targets 
https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets
 2017-10-19 09:34:07 +02:00
Florian Roth
75101b02ce Black Oasis IOCs 2017-10-19 09:30:40 +02:00
Florian Roth
32fe1a4906 OilRig YARA rules derived from PaloAltoNetwork reports Sep/Oct 17 2017-10-19 09:29:59 +02:00
Florian Roth
1f8312fad0 Replaced non-ASCII character 2017-10-19 01:17:59 +02:00
Florian Roth
8da0b76701 False Positive Reduction - apply to files only (not memory) 2017-10-18 21:58:57 +02:00
Florian Roth
6f3e4bd79c Activate pe.imphash() expressions in my rules 2017-10-18 21:58:30 +02:00
Florian Roth
2ffd97c1d9 HKDoor Rules by Cylance Inc. 
https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html
 2017-10-18 21:57:37 +02:00
Florian Roth
ae643f78d9 FEIB Report - by BEA systems 
https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html
 2017-10-17 08:31:59 +02:00
Florian Roth
8c994452c4 Improved Reflective Loaders Rule 2017-10-15 10:53:06 +02:00
Florian Roth
04b278d87b Bronze Butler malware 
https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses
 2017-10-15 10:52:49 +02:00
Florian Roth
568aa89d4f PowerShell Casing Anomaly Adjustments 2017-10-14 23:00:13 +02:00
Florian Roth
3f27b85df6 False Positive Reduction 2017-10-14 12:59:00 +02:00
Florian Roth
430b1b88a2 Saudi Aramco Phishing campaign malware 2017-10-12 09:15:20 +02:00
Florian Roth
96d9ba4858 Results for the DDEAUTO rules are much better 2017-10-11 20:58:16 +02:00
Florian Roth
d3f19e9bf4 Too many false positives 2017-10-11 20:46:16 +02:00
Florian Roth
dca5a3dcf7 Missing PE module imports, minor changes 2017-10-11 18:43:19 +02:00
Florian Roth
ae9f920a2a Reduced score due to possible false positives 2017-10-11 16:21:43 +02:00