Neo23x0 signature-base issues

Neo23x0 / signature-base

YARA signature and IOC database for my scanners and tools

Other

2.43k stars 598 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

gen_anydesk_compromised_cert_feb23 is bullshit in case of older binary

#325 lhpitn closed 19 hours ago
6
fix fp in Suspicious_Size_taskhost_exe

#324 ruppde opened 2 months ago
0
fix fp in Suspicious_Size_firefox_exe

#323 ruppde opened 3 months ago
0
Undefined identifier "owner" in yara_mixed_ext_vars.yar line 391

#322 vitusb opened 3 months ago
0
Update RegEx Patterns for YARA-X Compatibility

#321 ForensicITGuy closed 3 months ago
2
Update vuln_paloalto_cve_2024_3400_apr24.yar

#320 mgreen27 opened 3 months ago
0
False positive Trojan:Script/Phonzy.A!ml

#319 groupecraft opened 4 months ago
0
Update configured_vulns_ext_vars.yar

#318 ruppde closed 4 months ago
0
False Positive in Rule WEBSHELL_PHP_Dynamic_Big

#317 gotmls opened 4 months ago
3
fix: more generic FPs

#316 phantinuss closed 5 months ago
0
feat: EXT_SUSP_GObfuscate_May21 modification

#315 pH-T closed 5 months ago
0
Update bkdr_xz_util_cve_2024_3094.yar

#314 ruppde closed 5 months ago
0
Added rule detecting backdoored liblzma

#313 3c7 closed 5 months ago
1
fix some regex and add *.swp to .gitignore

#312 ruppde closed 5 months ago
0
Update LICENSE

#311 Neo23x0 opened 6 months ago
0
Create MacOS_RustDoor_Malware.yar

#310 raid-sailor closed 5 months ago
0
False positive for the WEBSHELL_PHP_Dynamic_Big rule

#309 vsushkov closed 6 months ago
2
False positive with getgo readme

#308 Fryyyyy closed 5 months ago
1
feat: new rules related to Peach Sandstorm APT

#307 X-Junior closed 7 months ago
0
Inserting new unpacked IcedID detection signature - crime_icedid.yar file

#306 Icaro-Cesar closed 3 months ago
0
Invalid MD5 entry

#305 SkewedZeppelin closed 8 months ago
1
fix: FP with Windows server 2k8

#304 phantinuss closed 8 months ago
0
gen_mal_3cx_compromise_mar23.yar

#303 DYarizadeh opened 8 months ago
1
Create mal_fake_document_software.yar

#302 cod3nym closed 8 months ago
0
refactor: change uuid to id

#301 Neo23x0 closed 9 months ago
0
UUID inserts

#300 Neo23x0 closed 9 months ago
0
feat: UUIDs generate with yara-uuid-generator

#299 Neo23x0 closed 9 months ago
0
Update gen_webshells.yar

#298 ruppde closed 6 months ago
0
Update gen_github_net_redteam_tools_guids.yar

#297 ruppde closed 6 months ago
4
fix: Remove Rule with to many FPs

#296 humpalum closed 10 months ago
0
fix: variable in condition

#295 phantinuss closed 10 months ago
1
fix: FP with WhatsApp default location

#294 phantinuss closed 10 months ago
0
How to fix undefinied idenfier filename in Linux

#293 HydraDragonAntivirus closed 10 months ago
5
fix: FP found in customer Env

#292 humpalum closed 10 months ago
0
False Positive Notice - Trojan Characteristics (WhatsApp)

#291 Esky580 closed 10 months ago
1
fix: FPs found in testing env

#290 phantinuss closed 11 months ago
0
Update gen_webshells.yar

#289 ruppde closed 11 months ago
0
Update gen_vcruntime140_dll_sideloading.yar

#288 Neo23x0 closed 11 months ago
0
Update gen_vcruntime140_dll_sideloading.yar

#287 Neo23x0 closed 11 months ago
0
fix: missing pe

#286 Neo23x0 closed 11 months ago
0
Create exploit_cve_2023_38146.yar

#285 MHaggis closed 11 months ago
0
Add gen_vcruntime140_dll_sideloading.yar

#284 cod3nym closed 11 months ago
0
fix missing "end of comment"

#283 phantinuss closed 1 year ago
0
False Positive?

#282 derpeste closed 1 year ago
1
Update mal_ducktail_compromised_certs_jun23.yar

#281 dr4k0nia closed 1 year ago
0
Fix the YARA assembly workflow

#280 0xThiebaut closed 1 year ago
0
Update expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar

#279 Neo23x0 closed 1 year ago
0
changes to old rules

#278 Neo23x0 closed 1 year ago
0
another Citrix netscaler rule (ext vars)

#277 Neo23x0 closed 1 year ago
0
Update airbnb_binaryalert.yar

#276 Neo23x0 closed 1 year ago
0