valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,471 Commits 2 Branches 1 Tag 33 MiB
f9697cd833
Commit Graph

1471 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rintaro KOIKE
f9697cd833
Replace "neo_sec" to "nao_sec" 2021-04-05 18:08:55 +09:00
Florian Roth
a8049a6705 Add more Exchange related ASP webshells 2021-04-01 10:00:59 +02:00
Florian Roth
e53fd2c242
Merge pull request #139 from 2d4d/master 
Update gen_webshells.yar
 2021-04-01 08:08:25 +02:00
Florian Roth
cb0ac1d7a6 APT10 hash IOCs 
https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
 2021-04-01 07:58:27 +02:00
Arnim Rupp
b37f503aa3 Update gen_webshells.yar 2021-03-31 17:35:41 +02:00
Arnim Rupp
9117d3d380 Update gen_webshells.yar 
fix fp in webshell_php_generic_eval and webshell_asp_by_string
 2021-03-31 00:29:24 +02:00
Florian Roth
753b48069a Create crime_socgholish.yar 2021-03-29 14:32:56 +02:00
Florian Roth
29ee22a895 Backdoored PHP Zlib 2021-03-29 10:57:01 +02:00
Florian Roth
7c5bd51a17 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-25 23:40:19 +01:00
Florian Roth
93f5f200ed fix: FPs with webshell_asp_runtime_compile on .NET 2021-03-25 23:40:17 +01:00
Florian Roth
b01ea67ecd
Merge pull request #136 from 2d4d/master 
Update gen_webshells.yar
 2021-03-25 18:53:39 +01:00
Florian Roth
2599879ccf docs: reference links 2021-03-25 16:54:57 +01:00
Florian Roth
b912bf91de CISA HAFNIUM webshell rules 2021-03-25 16:53:21 +01:00
Florian Roth
003b4dde7f WshRAT .NET packer 2021-03-25 14:16:31 +01:00
Arnim Rupp
591d1868e3
Merge branch 'master' into master 2021-03-24 00:00:32 +01:00
Arnim Rupp
4ace506661 Update gen_webshells.yar 
- make jsp matching less fp prone
- move webshell_php_generic_nano_input to hunting
- also exclude dey
 2021-03-23 23:44:51 +01:00
Arnim Rupp
706ea4a127 Update gen_webshells.yar 
- fix fp with <script language=javascript>
- add ProcessStartInfo payload
 2021-03-22 23:56:45 +01:00
Florian Roth
da803ad027
Merge pull request #137 from 0xThiebaut/yara-build 
Assemble and publish Yara rules through GitHub Workflows
 2021-03-22 10:37:41 +01:00
Maxime THIEBAUT
b1659b9154 Assemble and publish Yara rules through GitHub Actions 2021-03-20 19:06:49 +01:00
Florian Roth
e43efd446c F5 BIGIP CVE-2021-22986 exploitation 2021-03-20 18:20:58 +01:00
Florian Roth
13562f5232 fix: FP 2021-03-19 18:34:39 +01:00
Florian Roth
6cf8c1404d SilverFish Hash and Filename IOCs 2021-03-19 10:29:45 +01:00
Arnim Rupp
33ec1f9863 Update gen_webshells.yar 
fix some fp
 2021-03-19 00:08:56 +01:00
Florian Roth
0dab84da9d fix: FPs with Webshell rule on memory 2021-03-18 15:06:42 +01:00
Florian Roth
7ea1473302 fix: FP with old IOC 
https://www.virustotal.com/gui/file/16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a/details
 2021-03-18 14:36:07 +01:00
Florian Roth
b3b0de3ff7 fix: typo in CVE number 2021-03-18 08:30:12 +01:00
Florian Roth
cf23f092e1 webshell_in_image score reduced - prone to FPs in Browser cache 2021-03-17 13:34:22 +01:00
Florian Roth
b9ad6f9e0d fix: FPs with MSG files - OLE header 2021-03-17 13:28:00 +01:00
Florian Roth
5efc8e1d64 fix: FPs with webshell_asp_generic_tiny 2021-03-17 13:18:21 +01:00
Florian Roth
9db1ec5af8 TINY webshell rule with bug in size 2021-03-17 12:42:57 +01:00
Florian Roth
c866ca6663 new rule for compiled ASPX files 2021-03-17 12:42:44 +01:00
Florian Roth
edce667378 fix: FP with Avira DLL 2021-03-16 16:54:06 +01:00
Florian Roth
f42ad75846 fix: non-ASCII character in rule 2021-03-16 16:44:22 +01:00
Florian Roth
c270cf69d2 BSI compiled webshell 2021-03-16 16:11:30 +01:00
Florian Roth
7d1d98b422 FIN8 rule by Frank Boldewin 2021-03-16 15:14:34 +01:00
Florian Roth
965f002fb0 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-16 11:58:25 +01:00
Florian Roth
dec1b287ba fix: FPs with opera_browser.dll 2021-03-16 11:58:23 +01:00
Florian Roth
4539053ab0
Merge pull request #132 from 2d4d/master 
Update gen_webshells.yar
 2021-03-16 08:27:02 +01:00
Arnim Rupp
f91594b68b Update gen_webshells.yar 
fix some fp
 2021-03-16 08:21:14 +01:00
Florian Roth
6ef76cf00e More Filename IOCs 2021-03-15 18:26:08 +01:00
Florian Roth
cbdad99ef9 MSF update HAFNIUM rule 2021-03-15 16:20:06 +01:00
Florian Roth
a6ac0b3c37 fix: FPs 2021-03-15 09:36:00 +01:00
Florian Roth
b0afe35b5b
Merge pull request #131 from 2d4d/master 
Update gen_webshells.yar
 2021-03-15 09:01:29 +01:00
Florian Roth
ab47ba7992
Merge branch 'master' into master 2021-03-15 08:54:24 +01:00
Florian Roth
9f9de02e24 fix: FPs with webshell_asp_obfuscated 2021-03-15 08:53:30 +01:00
Arnim Rupp
b0cfd66c6d Update gen_webshells.yar 
fix 2 fp
 2021-03-15 08:16:08 +01:00
Arnim Rupp
aa911e2611 Update gen_webshells.yar 
new rules:
webshell_asp_sql
webshell_asp_scan_writable
webshell_asp_generic_registry_reader
webshell_asp_sniffer
 2021-03-15 01:39:03 +01:00
Florian Roth
0ea3fc531d fix: FPs with webshell rule 2021-03-13 11:37:11 +01:00
Florian Roth
2615f54888 Merge branch 'master' of https://github.com/Neo23x0/signature-base 2021-03-13 09:25:55 +01:00
Florian Roth
88f3af304e fix: FPs 2021-03-13 09:25:52 +01:00