Signature base for my scanner tools
Go to file
2017-12-28 20:04:31 +01:00
iocs Hidden Cobra Hash IOCs 2017-12-26 01:09:29 +01:00
misc Mimikatz log file type 2017-12-20 15:48:00 +01:00
threatintel Various changes, SIEM export options extended by Scott Carpenter 2017-12-16 13:20:50 +01:00
vendor/yara Added AirBnb / BinaryAlert YARA rules in new vendor directory 2017-10-20 11:21:49 +02:00
yara Suspicious recon strings in file 2017-12-28 20:04:31 +01:00
.gitignore Travis Tests and makefile 2017-08-11 16:00:44 +02:00
.travis.yml Travis Tests and makefile 2017-08-11 16:00:44 +02:00
build-rules.py Travis test script 2017-08-07 14:23:03 +02:00
LICENSE Initial commit 2016-02-15 10:16:53 +01:00
makefile Makefile adjusted to reflect prebuilt YARA 3.6.2 features 2017-08-15 21:14:31 +02:00
README.md Build image in README 2017-08-07 14:25:11 +02:00

Build Status

Signature-Base

signature-base is a submodule for my scanner tools LOKI and SPARK

Directory Structure

  • iocs - Simple IOC files (CSV)
  • yara - YARA rules
  • threatintel - Threat Intel API Receiver (MISP, OTX)
  • misc - Other input files (not IOCs or signatures)

License

The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with the signature-base repository. If not, see http://www.gnu.org/licenses/.