valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
813c5938ac
signature-base/iocs/keywords.txt
Florian Roth 813c5938ac Keywords
2016-02-19 18:31:06 +01:00

50 lines
785 B
Plaintext
Raw Blame History

# MALICIOUS KEYWORDS
#
# Subset of keywords from THOR APT Scanner
# Password Dumper
WCESERVICE
WCE_SERVICE
WCE SERVICE
# Mimikatz
eo.oe.kiwi
<3 eo.oe
mimilib
mimikatz
Mimikatz
privilege::debug
sekurlsa::LogonPasswords
sekurlsa::logonpasswords
# Metasploit
meterpreter
METERPRETER
# Metasploit PsExec
%COMSPEC% /C start %COMSPEC% /C \\WINDOWS\\Temp
# Malicious keywords
spoofing
keylogger
powersploit
passdumper
creddumper
credentialdumper
XScanPF
# Javascript Windows Scripting Host - Suspicious - see http://goo.gl/6HRCbk
wscript.exe /b /nologo /E:javascript
# Java Deserialisation Exploit Tools
yoserial-0.
# Powersploit
Powersploit
# Powershell Mimikatz https://adsecurity.org/?p=2604
Invoke-Mimikatz
System.Reflection.Emit.AssemblyBuilderAccess
# Don't remove this line
Reference in New Issue View Git Blame Copy Permalink