valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
337 Commits 2 Branches 1 Tag 33 MiB
f55f9b5205
Commit Graph

88 Commits

Author SHA1 Message Date
Florian Roth
2b8f5e9249 False Positive Reduction 2017-07-13 08:00:52 -06:00
Florian Roth
84c16ca050 FP services.exe 2017-07-10 21:30:07 -06:00
Florian Roth
9e41c78351 Typical malware names evaluation July 2017 2017-07-06 10:26:56 -06:00
Florian Roth
b6d157b0f1 Paranoid PlugX Hashes 2017-06-28 15:44:23 +02:00
Florian Roth
be27942292 Commented 3rd gen filenames 2017-06-27 20:40:17 +02:00
Florian Roth
d2cb411ddc NoPetya renamed 2017-06-27 20:37:21 +02:00
Florian Roth
017241e881 Waterbear Hashes 2017-06-23 17:03:50 +02:00
Florian Roth
8063fe00df Short file names on drive root directories 2017-06-23 13:21:31 +02:00
Florian Roth
530134921a False Positive 2017-06-21 15:55:04 +02:00
Florian Roth
9fba9246dc Numerous new file name signatures 
Many of them imported from Luis Rocha's https://github.com/mbevilacqua/appcompatprocessor
 2017-06-18 09:20:29 +02:00
Florian Roth
024e26df96 Hidden Cobra IOCs and YARA Sigs 2017-06-14 09:16:23 +02:00
Florian Roth
c9e26ccac5 Industroyer / CrashOverride IOCs (Filenames, Hashes) 2017-06-13 13:23:43 +02:00
Florian Roth
c9f60eb9d5 False Positive from OTX 2017-06-08 17:23:18 +02:00
Florian Roth
890c6f122b FireEye - EternalBlue Non-Wannacry attack 
https://www.fireeye.com/blog/threat-research/2017/05/threat-actors-leverage-eternalblue-exploit-to-deliver-non-wannacry-payloads.html
 2017-06-04 17:00:14 +02:00
Florian Roth
fbb3719ab4 Fireball: Another File Name IOC 
https://www.hybrid-analysis.com/sample/f964a4b95d5c518fd56f06044af39a146d84b801d9472e022de4c929a5b8fdcc?environmentId=100
 2017-06-03 14:51:10 +02:00
Florian Roth
d80a434473 Fireball Malware 2017-06-03 14:34:20 +02:00
Florian Roth
a564c714e5 False Positive - nltest.exe 2017-06-01 19:46:22 +02:00
Florian Roth
fc807db9ce False Positives 2017-05-25 11:36:50 +02:00
Florian Roth
fec50df702 False Positives 2017-05-22 16:46:08 +02:00
Florian Roth
d14126699f Merge pull request #15 from msenturk/patch-1 
wannacry hashes
 2017-05-21 18:35:52 +02:00
Florian Roth
d8956eabe8 False Positives 2017-05-20 10:18:37 +02:00
msenturk
d3fe119760 wannacry hashes 2017-05-15 22:11:46 +03:00
Florian Roth
b110d022ed Fixed WannaCry extensions to the end of string 2017-05-13 10:50:43 +02:00
Florian Roth
5342cf8057 WannaCry Ransomware file names 2017-05-13 10:49:48 +02:00
Florian Roth
cbb45ab017 FP Hash DA5EE020BEF41DC95C3532CBAA1EA8F4 2017-05-12 15:48:50 +02:00
Florian Roth
7404d697ca Keylogging HP Audio Driver 2017-05-11 13:34:10 +02:00
Florian Roth
3344486b9c Vault7 Archimedes File Name Pattern (low scoring) 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:55 +02:00
Florian Roth
af4b03df31 Vault7 Archimedes File Hashes 
https://wikileaks.org/vault7/document/#archimedes
 2017-05-05 15:14:29 +02:00
Florian Roth
340c60d9b7 ISM RAT Filenames 2017-05-04 13:10:04 +02:00
Florian Roth
2c84ae6371 Kazuar Hashes 2017-05-04 11:30:08 +02:00
Florian Roth
00b8270b65 Snake/Turla, FIN7, Kazuar 2017-05-04 11:28:03 +02:00
Florian Roth
e10ea9642d Bugfix 2017-05-03 13:41:29 +02:00
Florian Roth
276c899901 Oilrig Filenames 2017-05-03 09:01:44 +02:00
Florian Roth
adc742e6c3 US CERT Alert TA17-117A https://goo.gl/fZhL9H 2017-04-28 11:14:52 +02:00
Florian Roth
886e005fb3 OTX Update 2017-04-14 14:31:58 +02:00
Florian Roth
52ab2fc0aa Lazarus Group FileNames 2017-04-12 11:25:02 +02:00
Florian Roth
801026a0e5 Removed false positives 2017-04-09 23:50:47 +02:00
Florian Roth
8c7d67fc4d More Cloud Hopper File Names 2017-04-07 17:56:19 +02:00
Florian Roth
8f0d08d8f8 Bugfix in filename IOCs 2017-04-07 15:53:34 +02:00
Florian Roth
58bc8e6e38 Cloud Hopper File Name IOCs 2017-04-07 15:42:51 +02:00
Jonas Lejon
e5a69a304d Added APT10 / Cloud Hopper from the PwC report 2017-04-07 09:29:35 +02:00
Florian Roth
940d0efe74 Typical malware names 2017-04-01 11:55:58 +02:00
Florian Roth
c3374cd9a9 APT29 File Names 2017-03-28 08:32:38 +02:00
Florian Roth
a4271452c3 Unicode left-to-right override trick 2017-03-13 12:17:04 +01:00
Florian Roth
48a8a94196 StoneDrill Threat: YARA rules and filename IOCs 2017-03-07 11:24:27 +01:00
Florian Roth
d47b918c2e OTX Update 2017-02-25 17:28:39 +01:00
Florian Roth
501eb60b33 OTX Update 2017-02-25 17:28:25 +01:00
Florian Roth
c19ef7de0d OTX Update 2017-02-11 12:14:11 +01:00
Florian Roth
d0ff872894 OTX Update 2017-02-01 17:57:23 +01:00
Florian Roth
1f78a4e321 OTX Update 2016-12-27 23:18:34 +01:00