valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4d17221b65
signature-base/iocs/otx-filename-iocs.txt
Florian Roth 4d17221b65 First Signature Set
2016-02-15 10:22:28 +01:00

56 lines
8.2 KiB
Plaintext
Raw Blame History

\\this\.morning\.rar;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
\\this\.morning\.exe;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
C:\\Program Files\\Realtek\\AudRTx86\.dll;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
C:\\Program Files\\Realtek\\Rttr\.zip;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
C:\\Program Files\\Realtek\\rfmencrypt_secret\.key;Operation Arid Viper Slithers Back into View https://www.proofpoint.com/us/threat-insight/post/Operation-Arid-Viper-Slithers-
%SystemRoot%\\Drivers\\\{1D24B7E2\-869D\-49D8\-B4EB\-1424B36C42B6\}\.sys;Newcomers in the Derusbi family http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
%Systemroot%\\web\\safemode\.html;Newcomers in the Derusbi family http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family
Statement_1973_1357257122414\.doc;Dridex Phishing Wave - Gina Harrowell Purchase Order XLS/DOC http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limi
\\ringcentral_msg\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\termination_letter\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\unpaid_logmein_invoice\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\lmi_billing_invoice\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\ringcentral_text_7093687357\.doc;Microsoft Word Intruder: Operation Pony Express https://nakedsecurity.sophos.com/2015/09/25/microsoft-word-intruder-gets-down-to
\\Microsoft\\Netmeeting\\1328\-0013\\mstun32\.dll;FIREEYE: Office Encapsulated PostScript & Priv Escalation 0days https://www.fireeye.com/blog/threat-research/2015/09/attack_exploitingmi.html
\\infected\.exx;Shifu: New Banking Trojan Is Attacking 14 Japanese Banks https://securityintelligence.com/shifu-masterful-new-banking-trojan-is-attacking
%TEMP%\\AdobeARMM\.log;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
%TEMP%\\wlg\.dat;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
%TEMP%\\AdobeARM\.log;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
Message\.xlsb;The Kittens Strike Back https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/rocket-kitten-co
C:\\windows\\tasks\\Components\.exe;Defending the White Elephant https://asert.arbornetworks.com/defending-the-white-elephant/ / http://pages.arb
PlanProposal\\new questionnaire\\Voter Plan Proposal;Defending the White Elephant https://asert.arbornetworks.com/defending-the-white-elephant/ / http://pages.arb
\\abiosdsk\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\adpu160\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\floppy\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\parclass\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\rio8drvx\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\ser8uart\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\usbclass\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\vidscfg\.sys;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\msrdc64\.dat;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
\\msdcsvc\.dat;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\SystemAudit\.Evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\SecurityAudit\.Evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\SystemLog\.evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%System%\\config\\ApplicationLog\.evt;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\ime\\imesc5\\dicts\\pintlgbs\.imd;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\ime\\imesc5\\dicts\\pintlgbp\.imd;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\winhttpc\.dll;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\wshnetc\.dll;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\SysWow64\\wshnetc\.dll;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\svcstat\.exe;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%Windir%\\system32\\svcsstat\.exe;Regin - Further Investigations by Symantec Aug 2015 http://www.symantec.com/connect/blogs/regin-further-unravelling-mysteries-cybere
%AppData%\\Local\\Temp\\bootloader\.dec;RTF Exploit Installs Italian RAT: uWarrior http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-
%AppData%\\Roaming\\warriors\.dat;RTF Exploit Installs Italian RAT: uWarrior http://researchcenter.paloaltonetworks.com/2015/08/rtf-exploit-installs-italian-
/Users/Shared/start\.sh;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Resources/start\.sh;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Resources/FontMap1\.cfg;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Library/LaunchDaemons/com\.apple\.machook_damon\.plist;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Library/LaunchDaemons/com\.apple\. globalupdate\.plist;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/usr/bin/globalupdate;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/usr/local/machook/update/start\.sh;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/Library/MobileSubstrate/DynamicLibraries/sfbase\.dylib;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
sfbase\.dylib;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/tmp/AddressBook\.sqlitedb;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
/tmp/sms\.db;OS X / Wirelurker (OS X) / dropped by start.sh / c2 domain / c2 hostname / v2 update url / initial
Reference in New Issue View Git Blame Copy Permalink