-
## Use case
STIX 2.1 specification describes the ability to provide file extensions properties to a file observable for additional granularity e.g. Windows PE File Extension. This provides a mechan…
-
Describe the bug
----------------
app-antivirus/clamav-1.0.5 fails tests on ppc: AssertionError: Expected item `Test.Import.Hash.UNOFFICIAL FOUND` not found in output:
```
1/6 Test #6: sigtool…
-
Floss Version Tried: 2.2.0 and 2.0.0
Platform: Ubuntu 21.04, Windows 10 and Windows 11
Example reference file: https://www.virustotal.com/gui/file/9cc387fd485e91fc58a626d2c64b85e0502ba60f3718afd7b…
-
MalwareBazaar has information about various malware files, including various hashes (md5, sha1, sha256, ssdeep, imphash, tlsh). Though no CVE identifiers are linked it is an easy to process data forma…
-
When given text, consider removing any word that will not contain an ioc. For example, can we safely remove all words that are only letters and shorter than 32 characters (so we don't remove an md5 or…
-
This is an enhancement request. Is it possible to compute pehash via pe module in the same way imphash is? Viper's implementation seems pretty solid and is already used by totalhash:
https://github.co…
-
I'm looking for some help with an error I'm seeing in the logs.
`line 23, in _load_yara_rules
SyntaxError: C:\Users(path)\apt_ta17_318A.yar(88): invalid field name "imphash"
2018-08-08 13:52:56…
-
### Executed MSDTC in elevated terminal RUNDLL
```
{
"_index": "wazuh-archives-4.x-2022.07.14",
"_type": "_doc",
"_id": "NnDT-4EByFMBBPzyxS-s",
"_version": 1,
"_score": null,
"_sou…
-
Hi Ive made the changes in the config file but the alerts are still coming through. I've checked the AV folders and they are correct. Please help?
EXCLUSION FILE
This file filters events receive…
-
1. Loki IOC folder is not in the right place by default.
I should have copied it from `/opt/calamity/signature-base` to `/opt/calamity/Loki/signature-base`
2. calamity log always says ClamAV has som…