valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,471 Commits 2 Branches 1 Tag 33 MiB
f9697cd833
Commit Graph

1471 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth
13230a6911 TLB Exploit Scripts 2021-01-26 13:18:26 +01:00
Florian Roth
712a2b45bd Lazarus Campaign C2s 2021-01-26 13:18:08 +01:00
Florian Roth
39fbce61e7 Lazarus IOCs 2021-01-26 10:25:36 +01:00
Florian Roth
7ff273f3a0 fix: FPs 2021-01-25 21:21:40 +01:00
Florian Roth
885b5c1f70 fix: FP 2021-01-25 21:20:16 +01:00
Florian Roth
d580ec3759
Merge pull request #117 from 2d4d/master 
some more guid tools + search by names for the ones without guid
 2021-01-22 08:23:48 +01:00
Arnim Rupp
0d1648a850 Update gen_github_net_redteam_tools_names.yara 2021-01-22 00:43:31 +01:00
Arnim Rupp
a1f88b4e49 Create gen_github_net_redteam_tools_names.yara 2021-01-22 00:39:25 +01:00
Arnim Rupp
8f4cfc2196 Update gen_github_net_redteam_tools_guids.yara 
rule HKTL_NET_GUID_Manager {
rule HKTL_NET_GUID_neo_ConfuserEx {
rule HKTL_NET_GUID_SharpAllowedToAct {
rule HKTL_NET_GUID_SuperSQLInjectionV1 {
rule HKTL_NET_GUID_ADSearch {
rule HKTL_NET_GUID_privilege_escalation_awesome_scripts_suite {
rule HKTL_NET_GUID_CVE_2020_1206_POC {
rule HKTL_NET_GUID_DInvoke {
rule HKTL_NET_GUID_SharpChisel {
rule HKTL_NET_GUID_SharpScribbles {
rule HKTL_NET_GUID_SharpReg {
rule HKTL_NET_GUID_MemeVM {
rule HKTL_NET_GUID_SharpDir {
rule HKTL_NET_GUID_AtYourService {
rule HKTL_NET_GUID_LockLess {
rule HKTL_NET_GUID_EasyNet {
rule HKTL_NET_GUID_SharpByeBear {
rule HKTL_NET_GUID_SharpHide {
rule HKTL_NET_GUID_SharpSvc {
rule HKTL_NET_GUID_SharpCrashEventLog {
rule HKTL_NET_GUID_DotNetToJScript_LanguageModeBreakout {
rule HKTL_NET_GUID_SharPermission {
rule HKTL_NET_GUID_RegistryStrikesBack {
rule HKTL_NET_GUID_CloneVault {
rule HKTL_NET_GUID_donut {
rule HKTL_NET_GUID_SharpHandler {
rule HKTL_NET_GUID_Driver_Template {
rule HKTL_NET_GUID_NashaVM {
 2021-01-21 23:25:30 +01:00
Florian Roth
3161b48ad6 Sunburst IOCs 2021-01-21 12:44:22 +01:00
Florian Roth
44320fb365 fix: FPs 2021-01-21 12:44:22 +01:00
Florian Roth
e98be813f2
Merge pull request #114 from 2d4d/master 
Update gen_github_net_redteam_tools_guids.yara
 2021-01-20 20:54:58 +01:00
Arnim Rupp
97537b7595 add solarwinds credential stealer + PHPs <?= to filetypes 2021-01-20 19:45:10 +01:00
Florian Roth
06a460012d More rules 2021-01-19 18:04:13 +01:00
Arnim Rupp
3fd60afc62 Update gen_github_net_redteam_tools_guids.yara 2021-01-04 18:05:13 +01:00
Florian Roth
58f30c5b94 CryptoMiners January 2020 2021-01-04 16:55:55 +01:00
Florian Roth
6d6367447f filename IOC FPs 2021-01-04 16:55:44 +01:00
Florian Roth
5669558578 fix: duplicates 2021-01-04 16:55:36 +01:00
Florian Roth
5d6e724525 fix: FPs with KeePass 2 2020-12-30 09:40:39 +01:00
Florian Roth
bbdd0ffb1e fix: dysfunctional rule 2020-12-30 09:40:31 +01:00
Florian Roth
d214ef7ce3 Lucky Mouse campaign hashes 2020-12-29 16:01:37 +01:00
Florian Roth
5856edf570
Merge pull request #113 from 2d4d/master 
+80 tools to gen_github_net_redteam_tools_guids.yara
 2020-12-29 14:03:02 +01:00
Arnim Rupp
cd83f5a2b8 Update gen_github_net_redteam_tools_guids.yara 
+5
 2020-12-29 12:42:37 +01:00
Arnim Rupp
bc0deedfdc Update gen_github_net_redteam_tools_guids.yara 
+2
 2020-12-29 12:24:44 +01:00
Arnim Rupp
61ca1ef2a6 Merge branch 'master' of https://github.com/2d4d/signature-base 2020-12-29 00:35:57 +01:00
Arnim Rupp
f547352fca Update gen_github_net_redteam_tools_guids.yara 2020-12-29 00:26:23 +01:00
Florian Roth
95cfe7a225
Merge pull request #111 from 2d4d/master 
more c# tools, rules for standard fnv1a + sunburst like XOR + RET
 2020-12-24 11:04:25 +01:00
Florian Roth
c5c6720a15
style: changed file name to lowercase 2020-12-24 09:39:22 +01:00
Arnim Rupp
9fba4e159f Create APT_Backdoor_SUNBURST_fnv1a_experimental.yar 2020-12-23 20:37:38 +01:00
Arnim Rupp
02d159ad93 Update gen_github_net_redteam_tools_guids.yara 
some more tools
 2020-12-23 20:24:42 +01:00
Florian Roth
c898053424 fix: FPs with Lazarus IOCs 2020-12-23 16:19:52 +01:00
Florian Roth
c29e9da838 SUNBURST web shell access in logs 2020-12-21 11:52:19 +01:00
Florian Roth
1a398bb12d fix: deactivated until January 2020-12-19 23:02:06 +01:00
Florian Roth
357944cd25
Merge pull request #109 from 2d4d/master 
Update gen_github_net_redteam_tools_guids.yara
 2020-12-19 20:38:36 +01:00
Arnim Rupp
27b81470cb Update gen_github_net_redteam_tools_guids.yara 
pe not needed
 2020-12-19 01:17:38 +01:00
Florian Roth
eef73fc545 Lazarus filename IOCs 2020-12-18 16:28:29 +01:00
Florian Roth
08a6e184a7 SUNBURST Filename IOCs 2020-12-18 16:25:59 +01:00
Florian Roth
1acc47475f SUNBURST filename IOCs 2020-12-18 16:25:26 +01:00
Florian Roth
1e660d7698 FP with Casper Backdoor rule 2020-12-18 16:23:54 +01:00
Florian Roth
073e729c2a Solarwinds SUNBURST Revoked Certificate 2020-12-18 16:23:54 +01:00
Florian Roth
9f66d9f537 rule: Solarwinds SUNBURST config 2020-12-18 16:23:54 +01:00
Florian Roth
ff0d0e2e15 fix: Lazarus rule non-ascii chars in comment 2020-12-18 16:23:54 +01:00
Florian Roth
620fc57a04 fix: non-ascii characters in rule comment 2020-12-18 16:23:54 +01:00
Arnim Rupp
2ad31056ae Update gen_github_net_redteam_tools_guids.yara 2020-12-18 00:58:55 +01:00
Florian Roth
95afb49099 Lazarus Dec 20 2020-12-15 17:02:30 +01:00
Florian Roth
013719fa75 SUNBURST comment 2020-12-15 17:02:30 +01:00
Florian Roth
32bafcf61e
Merge pull request #108 from 2d4d/master 
Update gen_github_net_redteam_tools_guids.yara
 2020-12-15 12:49:00 +01:00
Arnim Rupp
ed6da3b42c Update gen_github_net_redteam_tools_guids.yara 
add solarflare
 2020-12-15 12:46:15 +01:00
Florian Roth
b14dd9a15e
Merge pull request #107 from 2d4d/master 
Create gen_github_net_redteam_tools_guids.yara
 2020-12-15 12:43:30 +01:00
Arnim Rupp
d7f026261f Create gen_github_net_redteam_tools_guids.yara 2020-12-15 12:38:06 +01:00