- 18 Nov, 2021 1 commit
-
-
Marked GlassesCode rule private to prevent alerting. Modified Glasses rule to require both GlassesCode and GlassesStrings to limit alerting. Added a reference URL and a reference file hash value to the rules. Updated the last modified dates. Tested rules against the reference hash file with both GlassesStrings and Glasses producing detections. Fixes #422
RandomRhythm authored
-
- 08 Oct, 2021 3 commits
-
-
yararules authored
-
Jaume Martin authored
-
now it only detects documents
Bondey authored
-
- 25 Aug, 2021 2 commits
-
-
yararules authored
-
Jaume Martin authored
-
- 05 Aug, 2021 5 commits
-
-
yararules authored
-
Add BLS12-381 subgroup order
Jaume Martin authored -
Added msql database usage checker
Jaume Martin authored -
Create MALW_MacGyver.yar
Jaume Martin authored -
Mehmet Ali KERİMOĞLU authored
-
- 30 Jul, 2021 1 commit
-
-
Sylvain Pelissier authored
-
- 11 May, 2021 1 commit
-
-
rule to detect smard-card related hacktool/malwares
Steven K authored
-
- 21 Apr, 2021 2 commits
-
-
yararules authored
-
Added Rule for tweetable-polyglot-png
Jaume Martin authored
-
- 23 Mar, 2021 3 commits
-
-
Manfred Kaiser authored
-
Manfred Kaiser authored
-
Manfred Kaiser authored
-
- 09 Mar, 2021 2 commits
-
-
yararules authored
-
Include license text
Jaume Martin authored
-
- 27 Feb, 2021 3 commits
- 26 Feb, 2021 2 commits
-
-
yararules authored
-
Jaume Martin authored
-
- 05 Feb, 2021 2 commits
-
-
yararules authored
-
add TOOLKIT_Redteam_Tools_by_Name.yar, TOOLKIT_Redteam_Tools_by_GUID.…
Jaume Martin authored
-
- 23 Jan, 2021 1 commit
-
-
add TOOLKIT_Redteam_Tools_by_Name.yar, TOOLKIT_Redteam_Tools_by_GUID.yar, TOOLKIT_Solarwinds_credential_stealer.yar rules to detect 339 hacktools, mostly c#
Arnim Rupp authored
-
- 28 Dec, 2020 7 commits
-
-
yararules authored
-
Create MALW_PurpleWave.yar
Jaume Martin authored -
Create Email_PHP_Mailer.yar
Jaume Martin authored -
change file type comment from exe to jar for JavaDropper : RAT
Jaume Martin authored -
Add rules for SipHash and Aria
Jaume Martin authored -
yararules authored
-
Stuxnet python rule
Jaume Martin authored
-
- 24 Dec, 2020 3 commits
- 17 Dec, 2020 1 commit
-
-
Sylvain Pelissier authored
-
- 21 Sep, 2020 1 commit
-
-
Marking Surtr referenced rules RSharedStrings, RemoteStrings, and GmRemoteStrings as private to limit false alerts. RSharedStrings alerts on Microsoft signed wininet.dll 6B39A43271B0A631EAEFDAFDD51D17E3 SharedStrings alerts on Microsoft signed ntoskrnl.exe 68762D4C4412B4BB52BE2FC11F977503 Signed-off-by: Ryan B <randomrhythm@rhythmengineering.com>
Ryan B authored
-
