valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2cebd4d54f
signature-base/iocs/otx-filename-iocs.txt
Florian Roth ce9814bdf2 Big OTX IOC update
2017-07-29 14:52:54 +02:00

101 lines
14 KiB
Plaintext
Raw Blame History

dllhost\.dat;Petya Ransomware Fast Spreading Attack https://twitter.com/JoKe_42/status/879693258183647232 / https://twitter.com/crai
C:\\WINDOWS\\tasksche\.exe;WannaCry Indicators https://ghostbin.com/paste/xgvdv / https://www.alienvault.com/blogs/labs-researc
C:\\Windows\\mssecsvc\.exe;WannaCry Indicators https://ghostbin.com/paste/xgvdv / https://www.alienvault.com/blogs/labs-researc
_DECRYPT_FILE\.html;Erebus Resurfaces as Linux Ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-
_DECRYPT_FILE\.txt;Erebus Resurfaces as Linux Ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-
/Users/_%User%_/Library/LaunchAgents/com\.apple\.Safari\.pac\.plist;OSX/Dok - OSX Malware http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traf
/Users/_%User%_/Library/LaunchAgents/com\.apple\.Safari\.proxy\.plist;OSX/Dok - OSX Malware http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traf
READ ME ABOUT DECRYPTION\.txt;Analyzing the Fileless, Code-injecting SOREBRECT Ransomware http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-co
C:\\Flash player\\vlc\.exe;New Kasper samples https://www.hybrid-analysis.com/sample/6a48b5211b622ffe49ae4e32ada72bb4d9db40576
C:\\WINDOWS\\tasksche\.exe;WannaCry Indicators
C:\\Windows\\mssecsvc\.exe;WannaCry Indicators
C:\\taskse\.exe;WannaCry Indicators
C:\\taskdl\.exe;WannaCry Indicators
C:\\m\.vbs;WannaCry Indicators
C:\\111\.exe;WannaCry Indicators
C:\\@WanaDecryptor@\.exe;WannaCry Indicators
%TEMP%\\AdobeARMM\.log;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
%TEMP%\\wlg\.dat;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
Message\.xlsb;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
\\Temp\\80\.exe;TeslaCrypt 4.1A and the Malware Attack Chain https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
%USERPROFILE%\\Documents\\desctop\._ini;TeslaCrypt 4.1A and the Malware Attack Chain https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
%USERPROFILE%\\Documents\\\-!recover!\-!file!\-\.txt;TeslaCrypt 4.1A and the Malware Attack Chain https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
\-!RecOveR!\-xdyxv\+\+\.Htm;TeslaCrypt 4.1A and the Malware Attack Chain https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
\-!RecOveR!\-xdyxv\+\+\.Txt;TeslaCrypt 4.1A and the Malware Attack Chain https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
\-!RecOveR!\-xdyxv\+\+\.Png;TeslaCrypt 4.1A and the Malware Attack Chain https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslac
%LocalAppData%\\system\.exe;7ev3n Ransomware https://www.grahamcluley.com/2016/01/7ev3n-ransomware-demands-13-bitcoins-paymen
%LocalAppData%\\del\.bat;7ev3n Ransomware https://www.grahamcluley.com/2016/01/7ev3n-ransomware-demands-13-bitcoins-paymen
%LocalAppData%\\bcd\.bat;7ev3n Ransomware https://www.grahamcluley.com/2016/01/7ev3n-ransomware-demands-13-bitcoins-paymen
%LocalAppData%\\time\.e;7ev3n Ransomware https://www.grahamcluley.com/2016/01/7ev3n-ransomware-demands-13-bitcoins-paymen
%LocalAppData%\\uac\.ex;7ev3n Ransomware https://www.grahamcluley.com/2016/01/7ev3n-ransomware-demands-13-bitcoins-paymen
YOUR_FILES_ARE_LOCKED\.txt;.CryptoHasYou. Ransomware http://www.nyxbone.com/malware/CryptoHasYou.html
Bewerbungsmappe_gepackt\.exe;Petrya Ransomware http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-den-ge
Bewerbungsmappe\-gepackt\.exe;Petrya Ransomware http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-den-ge
\\this\.morning\.rar;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
\\this\.morning\.exe;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
C:\\Program Files\\Realtek\\AudRTx86\.dll;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
C:\\Program Files\\Realtek\\Rttr\.zip;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
C:\\Program Files\\Realtek\\rfmencrypt_secret\.key;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
%SystemRoot%\\Drivers\\\{1D24B7E2\-869D\-49D8\-B4EB\-1424B36C42B6\}\.sys;Newcomers in the Derusbi family http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
%Systemroot%\\web\\safemode\.html;Newcomers in the Derusbi family http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
Statement_1973_1357257122414\.doc;Dridex Phishing Wave - Gina Harrowell Purchase Order XLS/DOC http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limi
\\ringcentral_msg\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\termination_letter\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\unpaid_logmein_invoice\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\lmi_billing_invoice\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\ringcentral_text_7093687357\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\Microsoft\\Netmeeting\\1328\-0013\\mstun32\.dll;FIREEYE: Office Encapsulated PostScript & Priv Escalation 0days https://www.fireeye.com/blog/threat-research/2015/09/attack_exploitingmi.html
\\infected\.exx;Shifu: New Banking Trojan Is Attacking 14 Japanese Banks https://securityintelligence.com/shifu-masterful-new-banking-trojan-is-attacking
C:\\windows\\tasks\\Components\.exe;Defending the White Elephant https://asert.arbornetworks.com/defending-the-white-elephant/ / http://pages.arb
PlanProposal\\new questionnaire\\Voter Plan Proposal;Defending the White Elephant https://asert.arbornetworks.com/defending-the-white-elephant/ / http://pages.arb
\\abiosdsk\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\adpu160\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\floppy\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\parclass\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\rio8drvx\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\ser8uart\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\usbclass\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\vidscfg\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\msrdc64\.dat;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\msdcsvc\.dat;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\SystemAudit\.Evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\SecurityAudit\.Evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\SystemLog\.evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\ApplicationLog\.evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\ime\\imesc5\\dicts\\pintlgbs\.imd;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\ime\\imesc5\\dicts\\pintlgbp\.imd;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\winhttpc\.dll;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\wshnetc\.dll;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\SysWow64\\wshnetc\.dll;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\svcstat\.exe;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\svcsstat\.exe;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
C:\\Windows\\System32\\rpcnet\.exe;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Windows\\System32\\rpcnetp\.exe;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Windows\\System32\\wceprv\.dll;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Windows\\System32\\identprv\.dll;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Windows\\System32\\Upgrd\.exe;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Windows\\System32\\autochk\.exe\.bak;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Windows\\System32\\autochk\.exe:bak;Absolute Computrace http://www.absolute.com/en/about/pressroom/research/kaspersky / http://www.googl
C:\\Program Files\\Lenovo\\VisualDiscovery;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Program Files \(x86\)\\Lenovo\\VisualDiscovery;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\SysWOW64\\VisualDiscovery\.ini;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\SysWOW64\\VisualDiscoveryOff\.ini;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\System32\\VisualDiscoveryOff\.ini;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\System32\\VDWFP\.sys;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\System32\\VDWFP64\.sys;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\SysWOW64\\DWFP\.sys;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
C:\\Windows\\SysWOW64\\DWFP64\.sys;Superfish https://filippo.io/Badfish/ / https://support.lenovo.com/us/en/product_security/
%AppData%\\Local\\Temp\\bootloader\.dec;RTF Exploit Installs Italian RAT: uWarrior http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-
%AppData%\\Roaming\\warriors\.dat;RTF Exploit Installs Italian RAT: uWarrior http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-
/Users/Shared/start\.sh;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Resources/start\.sh;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Resources/FontMap1\.cfg;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Library/LaunchDaemons/com\.apple\.machook_damon\.plist;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Library/LaunchDaemons/com\.apple\. globalupdate\.plist;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/usr/bin/globalupdate;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/usr/local/machook/update/start\.sh;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Library/MobileSubstrate/DynamicLibraries/sfbase\.dylib;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
sfbase\.dylib;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/tmp/AddressBook\.sqlitedb;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/tmp/sms\.db;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
Reference in New Issue View Git Blame Copy Permalink