mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00

Signature base for my scanner tools

Go to file

Florian Roth 9152a81c7e Merge pull request #27 from JohnLaTwC/patch-3 finds powershell commands obfuscated by unicorn		2018-03-08 18:26:22 +01:00
iocs	FinFisher IOCs	2018-03-02 17:04:34 +01:00
misc	Mimikatz log file type	2017-12-20 15:48:00 +01:00
threatintel	False Positive WinPcap	2018-02-24 21:41:10 +01:00
vendor/yara	Added AirBnb / BinaryAlert YARA rules in new vendor directory	2017-10-20 11:21:49 +02:00
yara	PowerShell payload obfuscated by Unicorn toolkit	2018-03-08 18:24:10 +01:00
.gitignore	Travis Tests and makefile	2017-08-11 16:00:44 +02:00
.travis.yml	Travis Tests and makefile	2017-08-11 16:00:44 +02:00
build-rules.py	Python 3 support in build script	2018-01-24 20:26:34 +01:00
LICENSE	Initial commit	2016-02-15 10:16:53 +01:00
makefile	Makefile adjusted to reflect prebuilt YARA 3.6.2 features	2017-08-15 21:14:31 +02:00
README.md	Build image in README	2017-08-07 14:25:11 +02:00

README.md

Signature-Base

signature-base is a submodule for my scanner tools LOKI and SPARK

Directory Structure

iocs - Simple IOC files (CSV)
yara - YARA rules
threatintel - Threat Intel API Receiver (MISP, OTX)
misc - Other input files (not IOCs or signatures)

License

The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with the signature-base repository. If not, see http://www.gnu.org/licenses/.