valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Signature base for my scanner tools
846 Commits 2 Branches 1 Tag 33 MiB
YARA 99%
Python 1%
1b959e2a3b
Go to file
Florian Roth 1b959e2a3b False Positives on Exchange with SUSP_Scheduled_Task_BigSize
2018-12-14 08:55:48 +01:00
iocs Removed duplicates that appear 3 times in list 2018-12-13 14:25:24 +01:00
misc Mimikatz log file type 2017-12-20 15:48:00 +01:00
threatintel new false positive IOC list 2018-10-27 21:57:41 +02:00
vendor/yara False Positive Reduction 2018-07-16 11:44:41 -06:00
yara False Positives on Exchange with SUSP_Scheduled_Task_BigSize 2018-12-14 08:55:48 +01:00
_config.yml Set theme jekyll-theme-slate 2018-08-26 12:04:25 +02:00
.gitignore Travis Tests and makefile 2017-08-11 16:00:44 +02:00
.travis.yml Travis Tests and makefile 2017-08-11 16:00:44 +02:00
build-rules.py Python 3 support in build script 2018-01-24 20:26:34 +01:00
LICENSE Creative Commons BY-NC 4.0 International License 2018-08-26 12:11:44 +02:00
makefile Makefile adjusted to reflect prebuilt YARA 3.6.2 features 2017-08-15 21:14:31 +02:00
README.md Last GPL version hint 2018-08-26 12:21:14 +02:00

README.md

Build Status

Signature-Base

signature-base is the signature database for my scanners LOKI and SPARK Core

Directory Structure

  • iocs - Simple IOC files (CSV)
  • yara - YARA rules
  • threatintel - Threat Intel API Receiver (MISP, OTX)
  • misc - Other input files (not IOCs or signatures)

External Variables in YARA Rules

Using the YARA rules in a tool other than LOKI, SPARK or SPARK Core will cause errors stating an undefined identifier. The rules that make use of external variables have been moved to the following 4 rule set files:

  • ./yara/generic_anomalies.yar
  • ./yara/general_cloaking.yar
  • ./yara/thor_inverse_matches.yar
  • ./yara/yara_mixed_ext_vars.yar

License

Creative Commons License

All signatures and IOC files in this repository, except the YARA rules created by 3rd parties, are licensed under the Creative Commons Attribution-NonCommercial 4.0 International License.

The license of this repository changed in August 2018. All forks or copies of this repository that were created before August 26th of 2018 are licensed under GPL 3.0. you can find the last GPL version in the release section.