signature-base

Florian Roth 41e0956fdc Remote Admin - tool	2017-12-06 22:37:40 +01:00
..
apt_agent_btz.yar	Activate pe.imphash() expressions in my rules	2017-10-18 21:58:30 +02:00
apt_alienspy_rat.yar	False Positives	2017-05-25 11:36:50 +02:00
apt_apt6_malware.yar	False Positive Reduction	2017-09-12 00:19:09 +02:00
apt_apt10.yar	False Positives	2017-05-22 16:46:08 +02:00
apt_apt12_malware.yar	APT12 Malware	2017-08-30 20:19:40 +02:00
apt_apt17_mal_sep17.yar	APT17 Malware September 2017	2017-10-03 19:34:53 +02:00
apt_apt17_malware.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_apt19.yar	APT 19 - FireEye report	2017-06-07 16:20:34 +02:00
apt_apt28.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_apt29_grizzly_steppe.yar	Updated Grizzly Steppe	2017-01-02 08:10:21 +01:00
apt_apt30_backspace.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
apt_backdoor_ssh_python.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_backspace.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_beepservice.yar	Signature Update	2016-05-13 06:06:18 -06:00
apt_between-hk-and-burma.yar	Adjusted SLServer Rule	2016-04-21 11:03:55 +02:00
apt_blackenergy_installer.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_blackenergy.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
apt_bluetermite_emdivi.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_bronze_butler.yar	Bronze Butler Daserf malware	2017-11-08 12:52:38 +01:00
apt_buckeye.yar	APT Buckeye	2016-09-10 01:16:28 +02:00
apt_carbon_paper_turla.yar	Carbon - Turla - rules by ESET	2017-04-01 11:56:20 +02:00
apt_casper.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_cheshirecat.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
apt_cloudduke.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_cmstar.yar	CMSTAR Malware	2017-10-03 19:35:15 +02:00
apt_cn_pp_zerot.yar	CN APT Proofpoint ZeroT RAT	2017-02-05 13:26:03 +01:00
apt_codoso.yar	False Positives	2016-02-29 13:46:21 +01:00
apt_coreimpact_agent.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_crash_override.yar	Crash Override YARA Sigs	2017-06-12 19:49:08 +02:00
apt_cve2015_5119.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_danti_svcmondr.yar	Danti and SVCMONDR Malware Rules	2016-05-25 16:14:11 -06:00
apt_deeppanda.yar	Updated DeepPanda rule	2017-04-22 13:53:46 +02:00
apt_derusbi.yar	Derusbi Samples	2017-03-04 14:38:20 +01:00
apt_dragonfly.yar	DragonFly APT	2017-09-12 08:22:07 +02:00
apt_dubnium.yar	Dubnium YARA Signatures	2016-06-10 17:03:29 +02:00
apt_duqu2.yar	Bugfix in Duqu2 Rule	2016-07-02 19:35:33 +02:00
apt_emissary.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_eqgrp_apr17.yar	EquationGroup FP	2017-05-03 09:01:57 +02:00
apt_eqgrp.yar	False Positive Reduction	2017-10-23 16:54:34 +02:00
apt_eternalblue_non_wannacry.yar	FireEye - EternalBlue Non-Wannacry attack	2017-06-04 17:00:14 +02:00
apt_fakem_backdoor.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_fancybear_dnc.yar	Fancy / Cozy Bear Sigs	2016-07-02 19:32:02 +02:00
apt_fidelis_phishing_plain_sight.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_fin7_backdoor.yar	FIN7 Backdoor	2017-08-07 14:32:33 +02:00
apt_foudre.yar	Foudre Malware (Infy)	2017-08-02 08:43:10 +02:00
apt_four_element_sword.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
apt_freemilk.yar	FreeMilk YARA rules bugfix - thx to M. Selck	2017-10-06 23:54:13 +02:00
apt_furtim.yar	Furtims Parent	2016-07-17 12:59:29 +02:00
apt_fvey_shadowbroker_dec16.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
apt_fvey_shadowbroker_jan17.yar	False Positive Reduction	2017-09-15 11:30:03 +02:00
apt_ghostdragon_gh0st_rat.yar	Gh0st Dragon RAT	2016-04-27 13:36:53 +02:00
apt_glassRAT.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_greenbug.yar	Greenbug Malware	2017-11-27 16:55:43 +01:00
apt_grizzlybear_uscert.yar	Deactivated False Positives in Grizzly Steppe Rules - US CERT	2017-02-12 18:26:02 +01:00
apt_hackingteam_rules.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_ham_tofu_chches.yar	False Positives	2017-03-28 08:32:20 +02:00
apt_hellsing_kaspersky.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_hidden_cobra.yar	Hidden Cobra IOCs and YARA Sigs	2017-06-14 09:16:23 +02:00
apt_hizor_rat.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_hkdoor.yar	Replaced non-ASCII character	2017-10-19 01:17:59 +02:00
apt_indetectables_rat.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_industroyer.yar	Industroyer YARA Sigs	2017-06-14 09:05:54 +02:00
apt_inocnation.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_irongate.yar	False Positive - PipeList	2016-12-27 23:20:01 +01:00
apt_irontiger_trendmicro.yar	False Positives	2017-04-28 10:32:36 +02:00
apt_irontiger.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_ism_rat.yar	ISMRAT	2017-05-04 12:22:58 +02:00
apt_kaspersky_duqu2.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_keyboys.yar	KeyBoys malware	2017-11-03 08:28:16 +01:00
apt_keylogger_cn.yar	New Signatures	2016-03-09 13:40:49 +01:00
apt_khrat.yar	APT Turla Gazer	2017-09-02 08:26:07 +02:00
apt_korplug_fast.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_laudanum_webshells.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_leviathan.yar	Leviathan APT - Maritime and Defense Targets	2017-10-19 09:34:07 +02:00
apt_magichound.yar	Op Magic Hound YARA Signatures	2017-02-17 15:48:58 +01:00
apt_microcin.yar	Microcin YARA rules	2017-09-27 16:34:34 +02:00
apt_miniasp.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_minidionis.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_mofang.yar	FoxIT Mofang IOCs and YARA Rules	2016-06-15 18:58:10 +02:00
apt_molerats_jul17.yar	Molerats July 2017	2017-07-08 10:35:11 -06:00
apt_monsoon.yar	Monsoon APT	2017-09-10 00:29:17 +02:00
apt_moonlightmaze.yar	Adjusted build options in make file to yara-python, rule renamed	2017-08-15 20:30:28 +02:00
apt_ms_platinum.yara	Microsoft Platinum YARA Rules	2016-04-27 13:36:39 +02:00
apt_naikon.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_nanocore_rat.yar	Nano core Rule	2016-04-25 10:26:46 +02:00
apt_oilrig_oct17.yar	OilRig YARA rules derived from PaloAltoNetwork reports Sep/Oct 17	2017-10-19 09:29:59 +02:00
apt_oilrig.yar	Fixed OilRig rule - missing pe module	2017-11-24 13:06:18 +01:00
apt_onhat_proxy.yar	Signature Update	2016-05-13 06:06:18 -06:00
apt_op_cleaver.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_op_cloudhopper.yar	Improved Cloud Hopper Malware Sigs	2017-04-08 12:57:20 +02:00
apt_passcv.yar	PassCV YARA Rules	2016-10-21 11:44:38 +02:00
apt_passthehashtoolkit.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_plugx.yar	PlugX Signature by Jay DiMartino	2016-08-17 13:20:52 +02:00
apt_poisonivy_gen3.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_poisonivy.yar	Signature Update	2016-05-13 06:06:18 -06:00
apt_poseidon_group.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_poshspy.yar	POSHSPY malware	2017-07-19 11:40:16 -06:00
apt_prikormka.yar	Bugfix in prikormka Rules	2016-06-17 17:24:28 +02:00
apt_project_m.yar	Signature Update	2016-04-01 16:51:30 +02:00
apt_project_sauron_extras.yar	My Sauron Extra Rules	2016-08-10 09:34:15 +02:00
apt_project_sauron.yara	Project Sauron	2016-08-08 17:11:20 +02:00
apt_promethium_neodymium.yar	Promethium Neodymium YARA Rules	2016-12-27 23:23:46 +01:00
apt_putterpanda.yar	Missing PE module imports, minor changes	2017-10-11 18:43:19 +02:00
apt_quarkspwdump.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_quasar_rat.yar	Quasar RAT	2017-04-07 20:41:00 +02:00
apt_reaver_sunorcal.yar	Reaver and SunOrcal malware	2017-11-12 15:13:38 +01:00
apt_rehashed_rat.yar	Rehashed RAT	2017-09-10 00:29:29 +02:00
apt_revenge_rat.yar	Revenge RAT	2017-09-05 10:42:59 +02:00
apt_rocketkitten_keylogger.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_rokrat.yar	ROKRAT Update	2017-11-29 16:04:36 +01:00
apt_ruag.yar	RUAG APT Case YARA Signatures	2016-05-24 07:29:20 -06:00
apt_rwmc_powershell_creddump.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_sakula.yar	Turla Rules - RUAG APT	2016-06-13 10:41:59 +02:00
apt_saudi_aramco_phish.yar	Saudi Aramco Phishing campaign malware	2017-10-12 09:15:20 +02:00
apt_scanbox_deeppanda.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_seaduke_unit42.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_servantshell.yar	Servant Shell	2017-02-07 10:37:26 +01:00
apt_shadowpad.yar	ShadowPad new Imphash	2017-08-23 13:21:21 +02:00
apt_shamoon2.yar	Shamoon 2.0 Rev1	2016-12-01 23:02:21 +01:00
apt_shamoon.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_shellcrew_streamex.yar	Shell Crew StreamEx	2017-02-10 10:23:29 +01:00
apt_silence.yar	Silence malware	2017-11-02 09:07:58 +01:00
apt_skeletonkey.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_snaketurla_osx.yar	Update on Snake/Turla - Shell scripts	2017-05-04 11:55:50 +02:00
apt_snowglobe_babar.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_sofacy_dec15.yar	False Positives	2017-05-20 10:18:37 +02:00
apt_sofacy_fysbis.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_sofacy_hospitality.yar	Missing "pe" module import in APT28 rule	2017-10-31 11:29:48 +01:00
apt_sofacy_jun16.yar	Sofacy Samples June 2016	2016-06-15 06:54:30 +02:00
apt_sofacy_oct17_camp.yar	APT28 / Sofacy malware	2017-10-23 16:56:32 +02:00
apt_sofacy_xtunnel_bundestag.yar	Signature Update	2016-05-13 06:06:18 -06:00
apt_sphinx_moth.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_stonedrill.yar	Bugfix - non OpenSSL binaries	2017-03-09 18:09:15 +01:00
apt_strider.yara	Symantec Strider IOCs and YARA Rules	2016-08-10 09:33:54 +02:00
apt_stuxnet.yar	Stuxnet Rules	2016-07-11 19:48:03 +02:00
apt_suckfly.yar	Sickly Nidiran Trojan YARA Signatures	2016-06-09 09:37:59 +02:00
apt_sysscan.yar	SysScan Rules by Kaspersky	2016-07-02 19:32:36 +02:00
apt_ta17_293A.yar	Cleanup	2017-10-23 16:54:53 +02:00
apt_ta17_318A.yar	Alert (TA17-318A) HIDDEN COBRA – FALLCHILL	2017-11-15 21:45:10 +01:00
apt_ta17_318B.yar	Alert (TA17-318B) HIDDEN COBRA – Volgmer	2017-11-15 21:45:49 +01:00
apt_ta459.yar	TA459 Malware	2017-06-01 19:46:36 +02:00
apt_telebots.yar	Telebots YARA Rule	2016-12-27 23:23:59 +01:00
apt_terracotta_liudoor.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_terracotta.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_threatgroup_3390.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_tick_datper.yar	Tick Datper	2017-08-21 17:20:01 +02:00
apt_tidepool.yar	Danti and SVCMONDR Malware Rules	2016-05-25 16:14:11 -06:00
apt_turbo_campaign.yar	Derusbi ELF / Win32 Turbo Campaign	2016-02-29 20:32:42 +01:00
apt_turla_gazer.yar	APT Turla Gazer	2017-09-02 08:26:07 +02:00
apt_turla_neuron.yar	APT Turla Neuron	2017-11-25 00:40:07 +01:00
apt_turla.yar	Turla Rules - RUAG APT	2016-06-13 10:41:59 +02:00
apt_uboat_rat.yar	UBoatRAT	2017-11-30 15:13:21 +01:00
apt_unit78020_malware.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_uscert_ta17-1117a.yar	US CERT Alert TA17-117A https://goo.gl/fZhL9H	2017-04-28 11:14:52 +02:00
apt_venom_linux_rootkit.yar	Venom Linux Rootkit	2017-01-14 19:38:06 +01:00
apt_volatile_cedar.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
apt_waterbear.yar	Waterbear Malware	2017-06-24 08:53:52 +02:00
apt_waterbug.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_webshell_chinachopper.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_wildneutron.yar	False Positive Reduction	2017-07-29 13:34:21 +02:00
apt_wilted_tulip.yar	Wilted Tulip YARA Signatures	2017-07-25 15:24:20 +02:00
apt_win_plugx.yar	Adjusted YARA Rule	2016-06-08 21:08:44 +02:00
apt_winnti_hdroot.yar	Winnti HDRoot samples	2017-07-08 13:08:38 -06:00
apt_winnti_ms_report_201701.yar	Winnti malware MS Report	2017-02-07 10:45:19 +01:00
apt_winnti.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_woolengoldfish.yar	signatures > yara	2016-02-15 12:31:27 +01:00
apt_zxshell.yar	ZXShell Rules - RSA Report	2017-07-09 14:07:20 -06:00
cn_pentestset_scripts.yar	signatures > yara	2016-02-15 12:31:27 +01:00
cn_pentestset_tools.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
cn_pentestset_webshells.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_andromeda_jun17.yar	Malware / Bot / Andromeda Jun 17	2017-07-01 14:35:09 +02:00
crime_antifw_installrex.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_bad_patch.yar	Bad Patch report YARA signatures	2017-10-21 16:27:18 +02:00
crime_badrabbit.yar	BadRabbit ransomware	2017-10-25 08:57:00 +02:00
crime_bernhard_pos.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_buzus_softpulse.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_cmstar.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_cn_group_btc.yar	Crime CN Group BTC Miner and Ammyy Admin	2017-06-23 08:18:41 +02:00
crime_cobaltgang.yar	Cobalt Strike CN group dropper, CobaltGang malware	2017-08-12 09:08:32 +02:00
crime_corkow_dll.yar	Missing PE module imports, minor changes	2017-10-11 18:43:19 +02:00
crime_credstealer_generic.yar	Generic Credential Stealer	2017-06-07 16:21:24 +02:00
crime_cryptowall_svg.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_dexter_trojan.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_dridex_xml.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_enfal.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_eternalrocks.yar	EternalRocks	2017-05-18 08:51:29 +02:00
crime_fareit.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_fireball.yar	False Positive Reduction	2017-06-06 09:16:02 +02:00
crime_goldeneye.yar	GoldenEye Ransomware	2016-12-06 17:13:12 +01:00
crime_hermes_ransom.yar	FEIB Report - by BEA systems	2017-10-17 08:31:59 +02:00
crime_kasper_oct17.yar	Missing "pe" module import in Kasper rule	2017-10-31 12:11:27 +01:00
crime_kins_dropper.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_kr_malware.yar	Malware used in South Korean campaign	2017-08-23 13:21:56 +02:00
crime_kraken_bot1.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_kriskynote.yar	Kriskynote Malware	2017-03-04 14:38:35 +01:00
crime_locky.yar	Locky Ransomware	2016-02-17 18:03:58 +01:00
crime_malumpos.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_malware_generic.yar	Malware Unspecified	2017-08-01 14:01:53 +02:00
crime_malware_set_oct16.yar	Reduced false positives	2017-08-30 20:19:25 +02:00
crime_mikey_trojan.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_mirai.yar	Mirai Malware Update	2017-05-12 16:49:51 +02:00
crime_mywscript_dropper.yar	Improved description and added note for known false positives	2017-11-22 13:42:44 +01:00
crime_nopetya_jun17.yar	Added hashes to rule	2017-06-28 08:34:56 +02:00
crime_phish_gina_dec15.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_rombertik_carbongrabber.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_shifu_trojan.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_snarasite.yar	Missing PE module imports, minor changes	2017-10-11 18:43:19 +02:00
crime_teledoor.yar	Added 3rd hash to TeleDoor backdoor rule	2017-07-05 14:00:14 -06:00
crime_upatre_oct15.yar	signatures > yara	2016-02-15 12:31:27 +01:00
crime_wannacry.yar	Kaspersky's lazaruswannacry rule	2017-05-15 23:24:22 +02:00
crime_zeus_panda.yar	Zeus Panda	2017-08-05 14:54:13 +02:00
exploit_cve_2015_1674.yar	signatures > yara	2016-02-15 12:31:27 +01:00
exploit_cve_2015_1701.yar	signatures > yara	2016-02-15 12:31:27 +01:00
exploit_cve_2015_2426.yar	signatures > yara	2016-02-15 12:31:27 +01:00
exploit_cve_2015_2545.yar	Renamed rule	2017-07-19 19:50:26 -06:00
exploit_cve_2017_8759.yar	Improved CVE 2017 8759 rule	2017-11-28 10:56:48 +01:00
exploit_cve_2017_9800.yar	CVE-2017-9800 exploit	2017-08-11 14:03:24 +02:00
exploit_cve_2017_11882.yar	CVE-2017-11882 by John Davison	2017-11-23 20:33:58 +01:00
exploit_rtf_ole2link.yar	False Positive Reduction	2017-10-23 16:54:34 +02:00
exploit_uac_elevators.yar	Improved a suboptimal UAC elevation rule	2017-07-10 13:59:46 -06:00
gen_ace_with_exe.yar	signatures > yara	2016-02-15 12:31:27 +01:00
gen_b374k_extra.yar	OTX Update and b374k back connect shell	2016-08-26 21:43:11 +02:00
gen_case_anomalies.yar	Reduced false positives with PowerShell casing anomaly rule	2017-11-30 15:13:36 +01:00
gen_chaos_payload.yar	CHAOS Payload	2017-08-18 00:58:33 +02:00
gen_cn_hacktool_scripts.yar	signatures > yara	2016-02-15 12:31:27 +01:00
gen_cn_hacktools.yar	False Positive 'Tools_termsrv'	2017-08-31 22:19:14 +02:00
gen_cn_webshells.yar	Remove False Positive Rules	2017-02-10 10:40:52 +01:00
gen_crunchrat.yar	CrunchRAT	2017-11-04 01:57:05 +01:00
gen_dde_in_office_docs.yar	Improved DDE in Office documents rules by NVISO Labs	2017-10-25 23:44:30 +02:00
gen_deviceguard_evasion.yar	Device Guard Evasion	2016-08-18 08:44:27 +02:00
gen_empire.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
gen_enigma_protector.yar	Enigma protected malware	2017-05-03 09:02:08 +02:00
gen_faked_versions.yar	False Positives	2017-04-28 10:32:36 +02:00
gen_floxif.yar	Floxif Malware	2017-04-08 12:57:47 +02:00
gen_gen_cactustorch.yar	CactusTorch Rule	2017-07-31 14:52:02 +02:00
gen_gpp_cpassword.yar	signatures > yara	2016-02-15 12:31:27 +01:00
gen_hta_anomalies.yar	Reference in HTA anomaly rules	2017-06-21 17:03:06 +02:00
gen_impacket_tools.yar	Impacket Generic Rule FPs	2017-05-05 15:13:57 +02:00
gen_invoke_mimikatz.yar	Removed duplicate Invoke-Mimikatz	2017-07-23 10:15:49 -06:00
gen_invoke_thehash.yar	Invoke-TheHash	2017-06-14 21:46:43 +02:00
gen_javascript_powershell.yar	Javascript obfuscated PowerShell (droppers)	2017-03-24 14:52:26 +01:00
gen_kerberoast.yar	Kerberoast	2016-05-24 07:28:42 -06:00
gen_kirbi_mimkatz.yar	Bugfixes and False Positive Reduction	2017-07-20 12:24:49 -06:00
gen_loaders.yar	Activate pe.imphash() expressions in my rules	2017-10-18 21:58:30 +02:00
gen_mal_link.yar	Malicious lnk file rule	2017-11-22 16:46:31 +01:00
gen_mal_scripts.yar	Improved certutil rule	2017-08-30 20:19:09 +02:00
gen_malware_set_qa.yar	Remove False Positive Rules	2017-02-10 10:40:52 +01:00
gen_metasploit_loader_rsmudge.yar	Metasploit Loader by RSMudge	2016-04-21 10:31:41 +02:00
gen_metasploit_payloads.yar	Removed duplicate rule StreamEx_ShellCrew	2017-02-11 11:38:12 +01:00
gen_mimikittenz.yar	Mimikittenz	2016-07-20 13:30:10 +02:00
gen_mimipenguin.yar	MimiPenguin Update	2017-07-08 16:32:00 -06:00
gen_nopowershell.yar	No Powershell	2016-05-24 07:28:29 -06:00
gen_p0wnshell.yar	P0wnShell	2017-01-15 16:30:56 +01:00
gen_pirpi.yar	APT29 IOCs and Pirpi YARA Rules	2016-09-11 15:59:36 +02:00
gen_powerkatz.yar	signatures > yara	2016-02-15 12:31:27 +01:00
gen_powershdll.yar	PowerShdll	2017-08-21 15:03:29 +02:00
gen_powershell_empire.yar	signatures > yara	2016-02-15 12:31:27 +01:00
gen_powershell_invocation.yar	False Positive Reduction - apply to files only (not memory)	2017-10-18 21:58:57 +02:00
gen_powershell_obfuscation.yar	PowerShell Obfuscation - 1st rule for LOKI	2017-06-23 11:29:56 +02:00
gen_powershell_susp.yar	New suspicious PowerShell scripts	2017-10-01 00:24:31 +02:00
gen_powershell_toolkit.yar	PowerShell Toolkit YARA Rules	2016-09-04 18:19:57 +02:00
gen_ps_empire_eval.yar	PowerShell Empire Mods Eval	2017-07-29 13:34:49 +02:00
gen_ps_osiris.yar	Osiris Device Guard Bypass	2017-03-27 09:39:43 +02:00
gen_pua.yar	WinDivert Driver - PUA: User mode packet capturing driver	2017-10-03 19:35:49 +02:00
gen_pupy_rat.yar	Bugfix in Puppy RAT rule	2017-10-20 09:54:59 +02:00
gen_rats_malwareconfig.yar	False Positive Reduction	2017-07-13 08:00:52 -06:00
gen_recon_keywords.yar	avdapp.dll False Positive	2017-08-01 16:21:57 +02:00
gen_redsails.yar	Hacktool RedSails	2017-10-03 19:36:17 +02:00
gen_regsrv32_issue.yar	Regsvr32 issue signature	2016-04-26 10:05:17 +02:00
gen_rottenpotato.yar	Rotten Potato - Avoiding False Positives	2017-02-07 17:58:44 +01:00
gen_sharpcat.yar	SharpCat YARA Signature	2016-06-10 18:14:26 +02:00
gen_suspicious_strings.yar	Suspicious script running from http/https	2017-08-23 13:21:09 +02:00
gen_sysinternals_anomaly.yar	SysInternals Anomalies	2016-12-09 00:20:38 +01:00
gen_tempracer.yar	Signature Update	2016-04-01 16:51:30 +02:00
gen_thumbs_cloaking.yar	signatures > yara	2016-02-15 12:31:27 +01:00
gen_transformed_strings.yar	OTX Update and b374k back connect shell	2016-08-26 21:43:11 +02:00
gen_unspecified_malware.yar	Bugfixes and False Positive Reduction	2017-07-20 12:24:49 -06:00
gen_url_to_local_exe.yar	URL file pointing to local EXE	2017-10-04 14:42:34 +02:00
gen_win_privesc.yar	Signature Update	2016-06-04 17:07:38 +02:00
gen_winpayloads.yar	NCCGroups WinPayloads	2017-07-13 08:02:20 -06:00
gen_winshells.yar	Signature Update	2016-04-01 16:51:30 +02:00
gen_wmi_implant.yar	WMI Implant PowerShell	2017-03-24 17:33:26 +01:00
gen_xtreme_rat.yar	Xtreme RAT Sigs	2017-09-29 08:46:42 +02:00
gen_ysoserial_payloads.yar	ysoserial payloads	2017-02-05 13:27:10 +01:00
general_cloaking.yar	New rules for obfuscated samples	2017-04-22 13:54:08 +02:00
general_officemacros.yar	Malware Dropper - DOCM in PDF	2017-05-15 19:36:58 +02:00
generic_anomalies.yar	False Positive Reduction	2017-10-14 12:59:00 +02:00
generic_cryptors.yar	signatures > yara	2016-02-15 12:31:27 +01:00
generic_dumps.yar	Signature Update	2016-06-04 17:07:38 +02:00
generic_exe2hex_payload.yar	signatures > yara	2016-02-15 12:31:27 +01:00
pup_lightftp.yar	signatures > yara	2016-02-15 12:31:27 +01:00
spy_equation_fiveeyes.yar	signatures > yara	2016-02-15 12:31:27 +01:00
spy_querty_fiveeyes.yar	signatures > yara	2016-02-15 12:31:27 +01:00
spy_regin_fiveeyes.yar	Removed hacktoolset from rules	2017-06-06 23:21:29 +02:00
thor_inverse_matches.yar	Minor changes to rule FP exclusions	2017-09-29 08:47:22 +02:00
thor-hacktools.yar	Remote Admin - tool	2017-12-06 22:37:40 +01:00
thor-webshells.yar	Typo in ALFA shell rule	2017-11-22 18:15:00 +01:00
threat_lenovo_superfish.yar	signatures > yara	2016-02-15 12:31:27 +01:00

apt_agent_btz.yar

Activate pe.imphash() expressions in my rules

2017-10-18 21:58:30 +02:00

apt_alienspy_rat.yar

False Positives

2017-05-25 11:36:50 +02:00

apt_apt6_malware.yar

False Positive Reduction

2017-09-12 00:19:09 +02:00

apt_apt10.yar

False Positives

2017-05-22 16:46:08 +02:00

apt_apt12_malware.yar

APT12 Malware

2017-08-30 20:19:40 +02:00

apt_apt17_mal_sep17.yar

APT17 Malware September 2017

2017-10-03 19:34:53 +02:00

apt_apt17_malware.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_apt19.yar

APT 19 - FireEye report

2017-06-07 16:20:34 +02:00

apt_apt28.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_apt29_grizzly_steppe.yar

Updated Grizzly Steppe

2017-01-02 08:10:21 +01:00

apt_apt30_backspace.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

apt_backdoor_ssh_python.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_backspace.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_beepservice.yar

Signature Update

2016-05-13 06:06:18 -06:00

apt_between-hk-and-burma.yar

Adjusted SLServer Rule

2016-04-21 11:03:55 +02:00

apt_blackenergy_installer.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_blackenergy.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

apt_bluetermite_emdivi.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_bronze_butler.yar

Bronze Butler Daserf malware

2017-11-08 12:52:38 +01:00

apt_buckeye.yar

APT Buckeye

2016-09-10 01:16:28 +02:00

apt_carbon_paper_turla.yar

Carbon - Turla - rules by ESET

2017-04-01 11:56:20 +02:00

apt_casper.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_cheshirecat.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

apt_cloudduke.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_cmstar.yar

CMSTAR Malware

2017-10-03 19:35:15 +02:00

apt_cn_pp_zerot.yar

CN APT Proofpoint ZeroT RAT

2017-02-05 13:26:03 +01:00

apt_codoso.yar

False Positives

2016-02-29 13:46:21 +01:00

apt_coreimpact_agent.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_crash_override.yar

Crash Override YARA Sigs

2017-06-12 19:49:08 +02:00

apt_cve2015_5119.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_danti_svcmondr.yar

Danti and SVCMONDR Malware Rules

2016-05-25 16:14:11 -06:00

apt_deeppanda.yar

Updated DeepPanda rule

2017-04-22 13:53:46 +02:00

apt_derusbi.yar

Derusbi Samples

2017-03-04 14:38:20 +01:00

apt_dragonfly.yar

DragonFly APT

2017-09-12 08:22:07 +02:00

apt_dubnium.yar

Dubnium YARA Signatures

2016-06-10 17:03:29 +02:00

apt_duqu2.yar

Bugfix in Duqu2 Rule

2016-07-02 19:35:33 +02:00

apt_emissary.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_eqgrp_apr17.yar

EquationGroup FP

2017-05-03 09:01:57 +02:00

apt_eqgrp.yar

False Positive Reduction

2017-10-23 16:54:34 +02:00

apt_eternalblue_non_wannacry.yar

FireEye - EternalBlue Non-Wannacry attack

2017-06-04 17:00:14 +02:00

apt_fakem_backdoor.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_fancybear_dnc.yar

Fancy / Cozy Bear Sigs

2016-07-02 19:32:02 +02:00

apt_fidelis_phishing_plain_sight.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_fin7_backdoor.yar

FIN7 Backdoor

2017-08-07 14:32:33 +02:00

apt_foudre.yar

Foudre Malware (Infy)

2017-08-02 08:43:10 +02:00

apt_four_element_sword.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

apt_freemilk.yar

FreeMilk YARA rules bugfix - thx to M. Selck

2017-10-06 23:54:13 +02:00

apt_furtim.yar

Furtims Parent

2016-07-17 12:59:29 +02:00

apt_fvey_shadowbroker_dec16.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

apt_fvey_shadowbroker_jan17.yar

False Positive Reduction

2017-09-15 11:30:03 +02:00

apt_ghostdragon_gh0st_rat.yar

Gh0st Dragon RAT

2016-04-27 13:36:53 +02:00

apt_glassRAT.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_greenbug.yar

Greenbug Malware

2017-11-27 16:55:43 +01:00

apt_grizzlybear_uscert.yar

Deactivated False Positives in Grizzly Steppe Rules - US CERT

2017-02-12 18:26:02 +01:00

apt_hackingteam_rules.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_ham_tofu_chches.yar

False Positives

2017-03-28 08:32:20 +02:00

apt_hellsing_kaspersky.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_hidden_cobra.yar

Hidden Cobra IOCs and YARA Sigs

2017-06-14 09:16:23 +02:00

apt_hizor_rat.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_hkdoor.yar

Replaced non-ASCII character

2017-10-19 01:17:59 +02:00

apt_indetectables_rat.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_industroyer.yar

Industroyer YARA Sigs

2017-06-14 09:05:54 +02:00

apt_inocnation.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_irongate.yar

False Positive - PipeList

2016-12-27 23:20:01 +01:00

apt_irontiger_trendmicro.yar

False Positives

2017-04-28 10:32:36 +02:00

apt_irontiger.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_ism_rat.yar

ISMRAT

2017-05-04 12:22:58 +02:00

apt_kaspersky_duqu2.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_keyboys.yar

KeyBoys malware

2017-11-03 08:28:16 +01:00

apt_keylogger_cn.yar

New Signatures

2016-03-09 13:40:49 +01:00

apt_khrat.yar

APT Turla Gazer

2017-09-02 08:26:07 +02:00

apt_korplug_fast.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_laudanum_webshells.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_leviathan.yar

Leviathan APT - Maritime and Defense Targets

2017-10-19 09:34:07 +02:00

apt_magichound.yar

Op Magic Hound YARA Signatures

2017-02-17 15:48:58 +01:00

apt_microcin.yar

Microcin YARA rules

2017-09-27 16:34:34 +02:00

apt_miniasp.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_minidionis.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_mofang.yar

FoxIT Mofang IOCs and YARA Rules

2016-06-15 18:58:10 +02:00

apt_molerats_jul17.yar

Molerats July 2017

2017-07-08 10:35:11 -06:00

apt_monsoon.yar

Monsoon APT

2017-09-10 00:29:17 +02:00

apt_moonlightmaze.yar

Adjusted build options in make file to yara-python, rule renamed

2017-08-15 20:30:28 +02:00

apt_ms_platinum.yara

Microsoft Platinum YARA Rules

2016-04-27 13:36:39 +02:00

apt_naikon.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_nanocore_rat.yar

Nano core Rule

2016-04-25 10:26:46 +02:00

apt_oilrig_oct17.yar

OilRig YARA rules derived from PaloAltoNetwork reports Sep/Oct 17

2017-10-19 09:29:59 +02:00

apt_oilrig.yar

Fixed OilRig rule - missing pe module

2017-11-24 13:06:18 +01:00

apt_onhat_proxy.yar

Signature Update

2016-05-13 06:06:18 -06:00

apt_op_cleaver.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_op_cloudhopper.yar

Improved Cloud Hopper Malware Sigs

2017-04-08 12:57:20 +02:00

apt_passcv.yar

PassCV YARA Rules

2016-10-21 11:44:38 +02:00

apt_passthehashtoolkit.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_plugx.yar

PlugX Signature by Jay DiMartino

2016-08-17 13:20:52 +02:00

apt_poisonivy_gen3.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_poisonivy.yar

Signature Update

2016-05-13 06:06:18 -06:00

apt_poseidon_group.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_poshspy.yar

POSHSPY malware

2017-07-19 11:40:16 -06:00

apt_prikormka.yar

Bugfix in prikormka Rules

2016-06-17 17:24:28 +02:00

apt_project_m.yar

Signature Update

2016-04-01 16:51:30 +02:00

apt_project_sauron_extras.yar

My Sauron Extra Rules

2016-08-10 09:34:15 +02:00

apt_project_sauron.yara

Project Sauron

2016-08-08 17:11:20 +02:00

apt_promethium_neodymium.yar

Promethium Neodymium YARA Rules

2016-12-27 23:23:46 +01:00

apt_putterpanda.yar

Missing PE module imports, minor changes

2017-10-11 18:43:19 +02:00

apt_quarkspwdump.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_quasar_rat.yar

Quasar RAT

2017-04-07 20:41:00 +02:00

apt_reaver_sunorcal.yar

Reaver and SunOrcal malware

2017-11-12 15:13:38 +01:00

apt_rehashed_rat.yar

Rehashed RAT

2017-09-10 00:29:29 +02:00

apt_revenge_rat.yar

Revenge RAT

2017-09-05 10:42:59 +02:00

apt_rocketkitten_keylogger.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_rokrat.yar

ROKRAT Update

2017-11-29 16:04:36 +01:00

apt_ruag.yar

RUAG APT Case YARA Signatures

2016-05-24 07:29:20 -06:00

apt_rwmc_powershell_creddump.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_sakula.yar

Turla Rules - RUAG APT

2016-06-13 10:41:59 +02:00

apt_saudi_aramco_phish.yar

Saudi Aramco Phishing campaign malware

2017-10-12 09:15:20 +02:00

apt_scanbox_deeppanda.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_seaduke_unit42.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_servantshell.yar

Servant Shell

2017-02-07 10:37:26 +01:00

apt_shadowpad.yar

ShadowPad new Imphash

2017-08-23 13:21:21 +02:00

apt_shamoon2.yar

Shamoon 2.0 Rev1

2016-12-01 23:02:21 +01:00

apt_shamoon.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_shellcrew_streamex.yar

Shell Crew StreamEx

2017-02-10 10:23:29 +01:00

apt_silence.yar

Silence malware

2017-11-02 09:07:58 +01:00

apt_skeletonkey.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_snaketurla_osx.yar

Update on Snake/Turla - Shell scripts

2017-05-04 11:55:50 +02:00

apt_snowglobe_babar.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_sofacy_dec15.yar

False Positives

2017-05-20 10:18:37 +02:00

apt_sofacy_fysbis.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_sofacy_hospitality.yar

Missing "pe" module import in APT28 rule

2017-10-31 11:29:48 +01:00

apt_sofacy_jun16.yar

Sofacy Samples June 2016

2016-06-15 06:54:30 +02:00

apt_sofacy_oct17_camp.yar

APT28 / Sofacy malware

2017-10-23 16:56:32 +02:00

apt_sofacy_xtunnel_bundestag.yar

Signature Update

2016-05-13 06:06:18 -06:00

apt_sphinx_moth.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_stonedrill.yar

Bugfix - non OpenSSL binaries

2017-03-09 18:09:15 +01:00

apt_strider.yara

Symantec Strider IOCs and YARA Rules

2016-08-10 09:33:54 +02:00

apt_stuxnet.yar

Stuxnet Rules

2016-07-11 19:48:03 +02:00

apt_suckfly.yar

Sickly Nidiran Trojan YARA Signatures

2016-06-09 09:37:59 +02:00

apt_sysscan.yar

SysScan Rules by Kaspersky

2016-07-02 19:32:36 +02:00

apt_ta17_293A.yar

Cleanup

2017-10-23 16:54:53 +02:00

apt_ta17_318A.yar

Alert (TA17-318A) HIDDEN COBRA – FALLCHILL

2017-11-15 21:45:10 +01:00

apt_ta17_318B.yar

Alert (TA17-318B) HIDDEN COBRA – Volgmer

2017-11-15 21:45:49 +01:00

apt_ta459.yar

TA459 Malware

2017-06-01 19:46:36 +02:00

apt_telebots.yar

Telebots YARA Rule

2016-12-27 23:23:59 +01:00

apt_terracotta_liudoor.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_terracotta.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_threatgroup_3390.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_tick_datper.yar

Tick Datper

2017-08-21 17:20:01 +02:00

apt_tidepool.yar

Danti and SVCMONDR Malware Rules

2016-05-25 16:14:11 -06:00

apt_turbo_campaign.yar

Derusbi ELF / Win32 Turbo Campaign

2016-02-29 20:32:42 +01:00

apt_turla_gazer.yar

APT Turla Gazer

2017-09-02 08:26:07 +02:00

apt_turla_neuron.yar

APT Turla Neuron

2017-11-25 00:40:07 +01:00

apt_turla.yar

Turla Rules - RUAG APT

2016-06-13 10:41:59 +02:00

apt_uboat_rat.yar

UBoatRAT

2017-11-30 15:13:21 +01:00

apt_unit78020_malware.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_uscert_ta17-1117a.yar

US CERT Alert TA17-117A https://goo.gl/fZhL9H

2017-04-28 11:14:52 +02:00

apt_venom_linux_rootkit.yar

Venom Linux Rootkit

2017-01-14 19:38:06 +01:00

apt_volatile_cedar.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

apt_waterbear.yar

Waterbear Malware

2017-06-24 08:53:52 +02:00

apt_waterbug.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_webshell_chinachopper.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_wildneutron.yar

False Positive Reduction

2017-07-29 13:34:21 +02:00

apt_wilted_tulip.yar

Wilted Tulip YARA Signatures

2017-07-25 15:24:20 +02:00

apt_win_plugx.yar

Adjusted YARA Rule

2016-06-08 21:08:44 +02:00

apt_winnti_hdroot.yar

Winnti HDRoot samples

2017-07-08 13:08:38 -06:00

apt_winnti_ms_report_201701.yar

Winnti malware MS Report

2017-02-07 10:45:19 +01:00

apt_winnti.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_woolengoldfish.yar

signatures > yara

2016-02-15 12:31:27 +01:00

apt_zxshell.yar

ZXShell Rules - RSA Report

2017-07-09 14:07:20 -06:00

cn_pentestset_scripts.yar

signatures > yara

2016-02-15 12:31:27 +01:00

cn_pentestset_tools.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

cn_pentestset_webshells.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_andromeda_jun17.yar

Malware / Bot / Andromeda Jun 17

2017-07-01 14:35:09 +02:00

crime_antifw_installrex.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_bad_patch.yar

Bad Patch report YARA signatures

2017-10-21 16:27:18 +02:00

crime_badrabbit.yar

BadRabbit ransomware

2017-10-25 08:57:00 +02:00

crime_bernhard_pos.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_buzus_softpulse.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_cmstar.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_cn_group_btc.yar

Crime CN Group BTC Miner and Ammyy Admin

2017-06-23 08:18:41 +02:00

crime_cobaltgang.yar

Cobalt Strike CN group dropper, CobaltGang malware

2017-08-12 09:08:32 +02:00

crime_corkow_dll.yar

Missing PE module imports, minor changes

2017-10-11 18:43:19 +02:00

crime_credstealer_generic.yar

Generic Credential Stealer

2017-06-07 16:21:24 +02:00

crime_cryptowall_svg.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_dexter_trojan.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_dridex_xml.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_enfal.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_eternalrocks.yar

EternalRocks

2017-05-18 08:51:29 +02:00

crime_fareit.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_fireball.yar

False Positive Reduction

2017-06-06 09:16:02 +02:00

crime_goldeneye.yar

GoldenEye Ransomware

2016-12-06 17:13:12 +01:00

crime_hermes_ransom.yar

FEIB Report - by BEA systems

2017-10-17 08:31:59 +02:00

crime_kasper_oct17.yar

Missing "pe" module import in Kasper rule

2017-10-31 12:11:27 +01:00

crime_kins_dropper.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_kr_malware.yar

Malware used in South Korean campaign

2017-08-23 13:21:56 +02:00

crime_kraken_bot1.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_kriskynote.yar

Kriskynote Malware

2017-03-04 14:38:35 +01:00

crime_locky.yar

Locky Ransomware

2016-02-17 18:03:58 +01:00

crime_malumpos.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_malware_generic.yar

Malware Unspecified

2017-08-01 14:01:53 +02:00

crime_malware_set_oct16.yar

Reduced false positives

2017-08-30 20:19:25 +02:00

crime_mikey_trojan.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_mirai.yar

Mirai Malware Update

2017-05-12 16:49:51 +02:00

crime_mywscript_dropper.yar

Improved description and added note for known false positives

2017-11-22 13:42:44 +01:00

crime_nopetya_jun17.yar

Added hashes to rule

2017-06-28 08:34:56 +02:00

crime_phish_gina_dec15.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_rombertik_carbongrabber.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_shifu_trojan.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_snarasite.yar

Missing PE module imports, minor changes

2017-10-11 18:43:19 +02:00

crime_teledoor.yar

Added 3rd hash to TeleDoor backdoor rule

2017-07-05 14:00:14 -06:00

crime_upatre_oct15.yar

signatures > yara

2016-02-15 12:31:27 +01:00

crime_wannacry.yar

Kaspersky's lazaruswannacry rule

2017-05-15 23:24:22 +02:00

crime_zeus_panda.yar

Zeus Panda

2017-08-05 14:54:13 +02:00

exploit_cve_2015_1674.yar

signatures > yara

2016-02-15 12:31:27 +01:00

exploit_cve_2015_1701.yar

signatures > yara

2016-02-15 12:31:27 +01:00

exploit_cve_2015_2426.yar

signatures > yara

2016-02-15 12:31:27 +01:00

exploit_cve_2015_2545.yar

Renamed rule

2017-07-19 19:50:26 -06:00

exploit_cve_2017_8759.yar

Improved CVE 2017 8759 rule

2017-11-28 10:56:48 +01:00

exploit_cve_2017_9800.yar

CVE-2017-9800 exploit

2017-08-11 14:03:24 +02:00

exploit_cve_2017_11882.yar

CVE-2017-11882 by John Davison

2017-11-23 20:33:58 +01:00

exploit_rtf_ole2link.yar

False Positive Reduction

2017-10-23 16:54:34 +02:00

exploit_uac_elevators.yar

Improved a suboptimal UAC elevation rule

2017-07-10 13:59:46 -06:00

gen_ace_with_exe.yar

signatures > yara

2016-02-15 12:31:27 +01:00

gen_b374k_extra.yar

OTX Update and b374k back connect shell

2016-08-26 21:43:11 +02:00

gen_case_anomalies.yar

Reduced false positives with PowerShell casing anomaly rule

2017-11-30 15:13:36 +01:00

gen_chaos_payload.yar

CHAOS Payload

2017-08-18 00:58:33 +02:00

gen_cn_hacktool_scripts.yar

signatures > yara

2016-02-15 12:31:27 +01:00

gen_cn_hacktools.yar

False Positive 'Tools_termsrv'

2017-08-31 22:19:14 +02:00

gen_cn_webshells.yar

Remove False Positive Rules

2017-02-10 10:40:52 +01:00

gen_crunchrat.yar

CrunchRAT

2017-11-04 01:57:05 +01:00

gen_dde_in_office_docs.yar

Improved DDE in Office documents rules by NVISO Labs

2017-10-25 23:44:30 +02:00

gen_deviceguard_evasion.yar

Device Guard Evasion

2016-08-18 08:44:27 +02:00

gen_empire.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

gen_enigma_protector.yar

Enigma protected malware

2017-05-03 09:02:08 +02:00

gen_faked_versions.yar

False Positives

2017-04-28 10:32:36 +02:00

gen_floxif.yar

Floxif Malware

2017-04-08 12:57:47 +02:00

gen_gen_cactustorch.yar

CactusTorch Rule

2017-07-31 14:52:02 +02:00

gen_gpp_cpassword.yar

signatures > yara

2016-02-15 12:31:27 +01:00

gen_hta_anomalies.yar

Reference in HTA anomaly rules

2017-06-21 17:03:06 +02:00

gen_impacket_tools.yar

Impacket Generic Rule FPs

2017-05-05 15:13:57 +02:00

gen_invoke_mimikatz.yar

Removed duplicate Invoke-Mimikatz

2017-07-23 10:15:49 -06:00

gen_invoke_thehash.yar

Invoke-TheHash

2017-06-14 21:46:43 +02:00

gen_javascript_powershell.yar

Javascript obfuscated PowerShell (droppers)

2017-03-24 14:52:26 +01:00

gen_kerberoast.yar

Kerberoast

2016-05-24 07:28:42 -06:00

gen_kirbi_mimkatz.yar

Bugfixes and False Positive Reduction

2017-07-20 12:24:49 -06:00

gen_loaders.yar

Activate pe.imphash() expressions in my rules

2017-10-18 21:58:30 +02:00

gen_mal_link.yar

Malicious lnk file rule

2017-11-22 16:46:31 +01:00

gen_mal_scripts.yar

Improved certutil rule

2017-08-30 20:19:09 +02:00

gen_malware_set_qa.yar

Remove False Positive Rules

2017-02-10 10:40:52 +01:00

gen_metasploit_loader_rsmudge.yar

Metasploit Loader by RSMudge

2016-04-21 10:31:41 +02:00

gen_metasploit_payloads.yar

Removed duplicate rule StreamEx_ShellCrew

2017-02-11 11:38:12 +01:00

gen_mimikittenz.yar

Mimikittenz

2016-07-20 13:30:10 +02:00

gen_mimipenguin.yar

MimiPenguin Update

2017-07-08 16:32:00 -06:00

gen_nopowershell.yar

No Powershell

2016-05-24 07:28:29 -06:00

gen_p0wnshell.yar

P0wnShell

2017-01-15 16:30:56 +01:00

gen_pirpi.yar

APT29 IOCs and Pirpi YARA Rules

2016-09-11 15:59:36 +02:00

gen_powerkatz.yar

signatures > yara

2016-02-15 12:31:27 +01:00

gen_powershdll.yar

PowerShdll

2017-08-21 15:03:29 +02:00

gen_powershell_empire.yar

signatures > yara

2016-02-15 12:31:27 +01:00

gen_powershell_invocation.yar

False Positive Reduction - apply to files only (not memory)

2017-10-18 21:58:57 +02:00

gen_powershell_obfuscation.yar

PowerShell Obfuscation - 1st rule for LOKI

2017-06-23 11:29:56 +02:00

gen_powershell_susp.yar

New suspicious PowerShell scripts

2017-10-01 00:24:31 +02:00

gen_powershell_toolkit.yar

PowerShell Toolkit YARA Rules

2016-09-04 18:19:57 +02:00

gen_ps_empire_eval.yar

PowerShell Empire Mods Eval

2017-07-29 13:34:49 +02:00

gen_ps_osiris.yar

Osiris Device Guard Bypass

2017-03-27 09:39:43 +02:00

gen_pua.yar

WinDivert Driver - PUA: User mode packet capturing driver

2017-10-03 19:35:49 +02:00

gen_pupy_rat.yar

Bugfix in Puppy RAT rule

2017-10-20 09:54:59 +02:00

gen_rats_malwareconfig.yar

False Positive Reduction

2017-07-13 08:00:52 -06:00

gen_recon_keywords.yar

avdapp.dll False Positive

2017-08-01 16:21:57 +02:00

gen_redsails.yar

Hacktool RedSails

2017-10-03 19:36:17 +02:00

gen_regsrv32_issue.yar

Regsvr32 issue signature

2016-04-26 10:05:17 +02:00

gen_rottenpotato.yar

Rotten Potato - Avoiding False Positives

2017-02-07 17:58:44 +01:00

gen_sharpcat.yar

SharpCat YARA Signature

2016-06-10 18:14:26 +02:00

gen_suspicious_strings.yar

Suspicious script running from http/https

2017-08-23 13:21:09 +02:00

gen_sysinternals_anomaly.yar

SysInternals Anomalies

2016-12-09 00:20:38 +01:00

gen_tempracer.yar

Signature Update

2016-04-01 16:51:30 +02:00

gen_thumbs_cloaking.yar

signatures > yara

2016-02-15 12:31:27 +01:00

gen_transformed_strings.yar

OTX Update and b374k back connect shell

2016-08-26 21:43:11 +02:00

gen_unspecified_malware.yar

Bugfixes and False Positive Reduction

2017-07-20 12:24:49 -06:00

gen_url_to_local_exe.yar

URL file pointing to local EXE

2017-10-04 14:42:34 +02:00

gen_win_privesc.yar

Signature Update

2016-06-04 17:07:38 +02:00

gen_winpayloads.yar

NCCGroups WinPayloads

2017-07-13 08:02:20 -06:00

gen_winshells.yar

Signature Update

2016-04-01 16:51:30 +02:00

gen_wmi_implant.yar

WMI Implant PowerShell

2017-03-24 17:33:26 +01:00

gen_xtreme_rat.yar

Xtreme RAT Sigs

2017-09-29 08:46:42 +02:00

gen_ysoserial_payloads.yar

ysoserial payloads

2017-02-05 13:27:10 +01:00

general_cloaking.yar

New rules for obfuscated samples

2017-04-22 13:54:08 +02:00

general_officemacros.yar

Malware Dropper - DOCM in PDF

2017-05-15 19:36:58 +02:00

generic_anomalies.yar

False Positive Reduction

2017-10-14 12:59:00 +02:00

generic_cryptors.yar

signatures > yara

2016-02-15 12:31:27 +01:00

generic_dumps.yar

Signature Update

2016-06-04 17:07:38 +02:00

generic_exe2hex_payload.yar

signatures > yara

2016-02-15 12:31:27 +01:00

pup_lightftp.yar

signatures > yara

2016-02-15 12:31:27 +01:00

spy_equation_fiveeyes.yar

signatures > yara

2016-02-15 12:31:27 +01:00

spy_querty_fiveeyes.yar

signatures > yara

2016-02-15 12:31:27 +01:00

spy_regin_fiveeyes.yar

Removed hacktoolset from rules

2017-06-06 23:21:29 +02:00

thor_inverse_matches.yar

Minor changes to rule FP exclusions

2017-09-29 08:47:22 +02:00

thor-hacktools.yar

Remote Admin - tool

2017-12-06 22:37:40 +01:00

thor-webshells.yar

Typo in ALFA shell rule

2017-11-22 18:15:00 +01:00

threat_lenovo_superfish.yar

signatures > yara

2016-02-15 12:31:27 +01:00