Neo23x0 signature-base issues

Neo23x0 / signature-base

YARA signature and IOC database for my scanners and tools

Other

2.49k stars 604 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

changes to old rules

#278 Neo23x0 closed 1 year ago
0
another Citrix netscaler rule (ext vars)

#277 Neo23x0 closed 1 year ago
0
Update airbnb_binaryalert.yar

#276 Neo23x0 closed 1 year ago
0
Turla IOCs

#275 Neo23x0 closed 1 year ago
0
Citrix Netscaler filename IOCs

#274 Neo23x0 closed 1 year ago
0
Create expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar

#273 Neo23x0 closed 1 year ago
0
False positive in hacktool_windows_mimikatz_modules rule?

#272 jcrg-rj opened 1 year ago
0
Generic JSP Webshell false negative

#271 orapic opened 1 year ago
1
Rename vuln_keepass_brute_forceable.yar to vuln_keepass_brute_forcibl…

#270 Neo23x0 closed 1 year ago
0
Create vuln_keepass_brute_forceable.yar

#269 ruppde closed 1 year ago
0
Update certificates for ducktail rule

#268 dr4k0nia closed 1 year ago
0
fix: FP found in testing

#267 phantinuss closed 1 year ago
0
Update mal_ducktail_compromised_certs_jun23.yar

#266 dr4k0nia closed 1 year ago
0
fix: FPs found in testing

#265 phantinuss closed 1 year ago
0
feat: add new rule related to moveit exploitation

#264 nasbench closed 1 year ago
2
fix: FPs found in testing environment

#263 phantinuss closed 1 year ago
0
Yar file detected as suspicious file in Window

#262 knowpage opened 1 year ago
0
Create susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar

#261 X-Junior closed 1 year ago
0
fix: FP with THORs representation of multivalue registry keys

#260 phantinuss closed 1 year ago
0
Suggestion: remove due to regular FPs

#259 phantinuss closed 1 year ago
0
fix: FPs found in customer env

#258 phantinuss closed 1 year ago
0
Update gen_github_net_redteam_tools_guids.yar

#257 ruppde closed 1 year ago
0
Create apt_lazarus_gopuram.yar

#256 ruppde closed 1 year ago
0
Update gen_webshells.yar

#255 ruppde closed 1 year ago
2
Update thor-hacktools.yar

#254 ruppde closed 1 year ago
0
Update c2-iocs.txt

#253 ruppde closed 1 year ago
0
Added IPM.Appointment to TNEF rule

#252 3c7 closed 1 year ago
0
Update gen_imphash_detection.yar

#251 ruppde closed 1 year ago
0
Create gen_malware_by_imphash_and_rich_pe_header_hash.yar

#250 ruppde closed 1 year ago
1
expl_outlook_cve_2023_23397.yar syntax error

#249 celevra opened 1 year ago
3
Update expl_outlook_cve_2023_23397.yar

#248 ruppde closed 1 year ago
1
Update gen_github_net_redteam_tools_guids.yar

#247 ruppde closed 1 year ago
0
How to run this

#246 HackersBun opened 1 year ago
2
[CVE-2023-23397] Add rule variant for SMTP/EML files

#245 3c7 closed 1 year ago
0
Update expl_outlook_cve_2023_23397.yar

#244 ruppde closed 1 year ago
0
Added Transport Neutral Encapsulation Format (TNEF) for CVE-2023-23397

#243 3c7 closed 1 year ago
0
PR for ruppde commit f73abca

#242 3c7 closed 1 year ago
0
Update expl_outlook_cve_2023_23397.yar

#241 3c7 closed 1 year ago
1
fix: add HTTP return code for unauthorized

#240 phantinuss closed 1 year ago
0
Find driver signed by suspicious company (see references)

#239 ruppde closed 1 year ago
0
Update gen_mimikatz.yar

#238 ruppde closed 1 year ago
0
VT thor comments break on semicolon

#237 ruppde closed 1 year ago
1
fix: remove FP hashes file

#236 secDre4mer closed 1 year ago
0
Yara rule for TinyShell

#235 nfsec closed 1 year ago
1
new rules

#234 ruppde closed 1 year ago
0
add HKTL_Python_sectools

#233 ruppde closed 1 year ago
0
chore: change meta data file=type to tagging as FILE

#232 phantinuss closed 1 year ago
0
refactor: changes due to yaraQA

#231 Gude5 closed 1 year ago
0
improve runtime performance of rule in bulk scanning

#230 phantinuss closed 1 year ago
0
fix: FP with mitre json

#229 phantinuss closed 1 year ago
0

Previous Next