From f60719660a34cd7207c994f59276adebc2277674 Mon Sep 17 00:00:00 2001
From: Update third-party rules
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 8 Feb 2026 12:04:44 +0000
Subject: [PATCH] Update third-party rules as of 2026-02-08
---
...af5d0e2031551f9f1a70b6db475ba71b2.elf.json | 4 +-
.../2023.3CX/libffmpeg.change_decrease.mdiff | 8 +-
.../2023.3CX/libffmpeg.change_increase.mdiff | 8 +-
tests/macOS/2023.3CX/libffmpeg.dirty.mdiff | 8 +-
tests/macOS/2023.3CX/libffmpeg.increase.mdiff | 8 +-
.../2024.aspdasdksa2/callback.bat.json | 4 +-
third_party/yara/YARAForge/RELEASE | 2 +-
.../yara/YARAForge/yara-rules-full.yar | 22344 ++++++++--------
8 files changed, 11399 insertions(+), 10987 deletions(-)
diff --git a/tests/linux/2024.sliver/de33b8d9694b6b4c44e3459b2151571af5d0e2031551f9f1a70b6db475ba71b2.elf.json b/tests/linux/2024.sliver/de33b8d9694b6b4c44e3459b2151571af5d0e2031551f9f1a70b6db475ba71b2.elf.json
index 23cf1d746..696c9e3ad 100644
--- a/tests/linux/2024.sliver/de33b8d9694b6b4c44e3459b2151571af5d0e2031551f9f1a70b6db475ba71b2.elf.json
+++ b/tests/linux/2024.sliver/de33b8d9694b6b4c44e3459b2151571af5d0e2031551f9f1a70b6db475ba71b2.elf.json
@@ -26,10 +26,10 @@
],
"RiskScore": 4,
"RiskLevel": "CRITICAL",
- "RuleURL": "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_gobfuscate.yar#L2-L18",
+ "RuleURL": "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_gobfuscate.yar#L2-L18",
"ReferenceURL": "https://github.com/unixpickle/gobfuscate",
"RuleAuthor": "James Quinn, Paul Hager (merged with new similar pattern)",
- "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE",
+ "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE",
"ID": "3P/YARAForge/signature_susp_gobfuscate",
"RuleName": "SIGNATURE_BASE_SUSP_Gobfuscate_May21"
},
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
index aeae5ec37..defda0890 100644
--- a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
@@ -4,10 +4,10 @@
| RISK | KEY | DESCRIPTION | EVIDENCE |
|:--|:--|:--|:--|
-| -CRITICAL | [3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_smooth_operator.yar#L1-L16) | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| -CRITICAL | [3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275) | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
-| -CRITICAL | [3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214) | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
-| -CRITICAL | [3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xor_hunting.yar#L2-L25) | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| -CRITICAL | [3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_smooth_operator.yar#L1-L16) | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
+| -CRITICAL | [3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275) | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
+| -CRITICAL | [3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214) | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
+| -CRITICAL | [3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xor_hunting.yar#L2-L25) | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
| -CRITICAL | [3P/YARAForge/volexity_iconic](https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50) | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`
`$str2`
`$str3` |
| -CRITICAL | [anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla) | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
| -CRITICAL | [impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl) | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)
[gethostname](https://github.com/search?q=gethostname&type=code)
[localtime](https://github.com/search?q=localtime&type=code)
[sprintf](https://github.com/search?q=sprintf&type=code)
[strncpy](https://github.com/search?q=strncpy&type=code)
[pclose](https://github.com/search?q=pclose&type=code)
[chmod](https://github.com/search?q=chmod&type=code)
[flock](https://github.com/search?q=flock&type=code)
[popen](https://github.com/search?q=popen&type=code)
[sleep](https://github.com/search?q=sleep&type=code)
[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
index 8f0b2d770..cf82bb0ac 100644
--- a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
@@ -4,10 +4,10 @@
| RISK | KEY | DESCRIPTION | EVIDENCE |
|:--|:--|:--|:--|
-| +CRITICAL | **[3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
-| +CRITICAL | **[3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
-| +CRITICAL | **[3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| +CRITICAL | **[3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
+| +CRITICAL | **[3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
+| +CRITICAL | **[3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
+| +CRITICAL | **[3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
| +CRITICAL | **[3P/YARAForge/volexity_iconic](https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`
`$str2`
`$str3` |
| +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
| +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)
[gethostname](https://github.com/search?q=gethostname&type=code)
[localtime](https://github.com/search?q=localtime&type=code)
[sprintf](https://github.com/search?q=sprintf&type=code)
[strncpy](https://github.com/search?q=strncpy&type=code)
[pclose](https://github.com/search?q=pclose&type=code)
[chmod](https://github.com/search?q=chmod&type=code)
[flock](https://github.com/search?q=flock&type=code)
[popen](https://github.com/search?q=popen&type=code)
[sleep](https://github.com/search?q=sleep&type=code)
[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
index 8f0b2d770..cf82bb0ac 100644
--- a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
@@ -4,10 +4,10 @@
| RISK | KEY | DESCRIPTION | EVIDENCE |
|:--|:--|:--|:--|
-| +CRITICAL | **[3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
-| +CRITICAL | **[3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
-| +CRITICAL | **[3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| +CRITICAL | **[3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
+| +CRITICAL | **[3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
+| +CRITICAL | **[3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
+| +CRITICAL | **[3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
| +CRITICAL | **[3P/YARAForge/volexity_iconic](https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`
`$str2`
`$str3` |
| +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
| +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)
[gethostname](https://github.com/search?q=gethostname&type=code)
[localtime](https://github.com/search?q=localtime&type=code)
[sprintf](https://github.com/search?q=sprintf&type=code)
[strncpy](https://github.com/search?q=strncpy&type=code)
[pclose](https://github.com/search?q=pclose&type=code)
[chmod](https://github.com/search?q=chmod&type=code)
[flock](https://github.com/search?q=flock&type=code)
[popen](https://github.com/search?q=popen&type=code)
[sleep](https://github.com/search?q=sleep&type=code)
[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
index 8f0b2d770..cf82bb0ac 100644
--- a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
@@ -4,10 +4,10 @@
| RISK | KEY | DESCRIPTION | EVIDENCE |
|:--|:--|:--|:--|
-| +CRITICAL | **[3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
-| +CRITICAL | **[3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
-| +CRITICAL | **[3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| +CRITICAL | **[3P/YARAForge/sekoia_downloader_smooth](https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
+| +CRITICAL | **[3P/YARAForge/signature_3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)
[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)
`$op1`
`$op2`
`$sa1`
`$sa2` |
+| +CRITICAL | **[3P/YARAForge/signature_nk_3cx](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`
`$xc2`
`$xc3` |
+| +CRITICAL | **[3P/YARAForge/signature_susp_xored](https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
| +CRITICAL | **[3P/YARAForge/volexity_iconic](https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`
`$str2`
`$str3` |
| +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
| +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)
[gethostname](https://github.com/search?q=gethostname&type=code)
[localtime](https://github.com/search?q=localtime&type=code)
[sprintf](https://github.com/search?q=sprintf&type=code)
[strncpy](https://github.com/search?q=strncpy&type=code)
[pclose](https://github.com/search?q=pclose&type=code)
[chmod](https://github.com/search?q=chmod&type=code)
[flock](https://github.com/search?q=flock&type=code)
[popen](https://github.com/search?q=popen&type=code)
[sleep](https://github.com/search?q=sleep&type=code)
[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/windows/2024.aspdasdksa2/callback.bat.json b/tests/windows/2024.aspdasdksa2/callback.bat.json
index a8469ec8a..7a5cd82db 100644
--- a/tests/windows/2024.aspdasdksa2/callback.bat.json
+++ b/tests/windows/2024.aspdasdksa2/callback.bat.json
@@ -12,11 +12,11 @@
],
"RiskScore": 4,
"RiskLevel": "CRITICAL",
- "RuleURL": "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L52-L91",
+ "RuleURL": "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L52-L91",
"ReferenceURL": "Internal%20Research",
"RuleAuthor": "Florian Roth (Nextron Systems)",
"RuleLicense": "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE",
- "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE",
+ "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE",
"ID": "3P/YARAForge/signature_powershell_webdownload",
"RuleName": "SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1"
},
diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
index 085bf3a22..52fc455de 100644
--- a/third_party/yara/YARAForge/RELEASE
+++ b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20260201
+20260208
diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar
index 66b376ea3..7871a5f10 100644
--- a/third_party/yara/YARAForge/yara-rules-full.yar
+++ b/third_party/yara/YARAForge/yara-rules-full.yar
@@ -12,9 +12,9 @@
* Force Exclude Importance Level: 0
* Minimum Age (in days): 0
* Minimum Score: 40
- * Creation Date: 2026-02-01
- * Number of Rules: 11639
- * Skipped: 0 (age), 234 (quality), 8 (score), 0 (importance)
+ * Creation Date: 2026-02-08
+ * Number of Rules: 11654
+ * Skipped: 0 (age), 228 (quality), 8 (score), 0 (importance)
*/
import "console"
@@ -30,7 +30,7 @@ import "string"
* YARA Rule Set
* Repository Name: ReversingLabs
* Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: e0a0be54aa1e11ccfd6854e4f19e9476f328fd84
* Number of Rules: 1240
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -6966,8 +6966,8 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE
description = "Yara rule that detects Vit virus."
author = "ReversingLabs"
id = "4515fe43-4c5a-521d-82b7-273823f0c64e"
- date = "2026-02-01"
- date = "2026-02-01"
+ date = "2026-02-08"
+ date = "2026-02-08"
modified = "2023-06-07"
reference = "ReversingLabs"
source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Linux.Virus.Vit.yara#L3-L36"
@@ -45149,8 +45149,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE
description = "Yara rule that detects Oct ransomware."
author = "ReversingLabs"
id = "e811a0ba-52df-5e88-ab71-df91d5cb584a"
- date = "2026-10-01"
- date = "2026-10-01"
+ date = "2026-10-08"
+ date = "2026-10-08"
modified = "2021-08-12"
reference = "ReversingLabs"
source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68"
@@ -56925,8 +56925,8 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE
description = "Yara rule that detects Oni ransomware."
author = "ReversingLabs"
id = "9190aee2-1119-546e-82ca-a7aba44a9d7f"
- date = "2026-02-01"
- date = "2026-02-01"
+ date = "2026-02-08"
+ date = "2026-02-08"
modified = "2020-12-07"
reference = "ReversingLabs"
source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82"
@@ -60236,7 +60236,7 @@ rule REVERSINGLABS_Win32_Ransomware_Babuk : TC_DETECTION MALICIOUS MALWARE FILE
* YARA Rule Set
* Repository Name: R3c0nst
* Repository: https://github.com/fboldewin/YARA-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2
* Number of Rules: 26
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -60995,8 +60995,8 @@ rule R3C0NST_Exploit_Outlook_CVE_2023_23397 : CVE_2023_23397 FILE
* YARA Rule Set
* Repository Name: CAPE
* Repository: https://github.com/kevoreilly/CAPEv2
- * Retrieval Date: 2026-02-01
- * Git Commit: bd11d0bfb8eba9981a831331de7120f3102b624e
+ * Retrieval Date: 2026-02-08
+ * Git Commit: f7f834f2f37f1b1887e6d883858cf6b03bb07e2c
* Number of Rules: 186
* Skipped: 0 (age), 17 (quality), 3 (score), 0 (importance)
*
@@ -61678,8 +61678,8 @@ rule CAPE_Formhooka
date = "2021-03-07"
modified = "2025-12-08"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Formbook.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Formbook.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "21b8101a7039cfad0e9d49cc1f055bc23a2eb4c973dcda2a81a007e452d77a6d"
score = 75
quality = 70
@@ -61704,8 +61704,8 @@ rule CAPE_Formconfa
date = "2021-03-07"
modified = "2025-12-08"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Formbook.yar#L32-L44"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Formbook.yar#L32-L44"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b0aa4cec55a21245d8104380c531dd6cc0fdef64fbefd79616eadfb4e95b2d75"
score = 75
quality = 70
@@ -61729,8 +61729,8 @@ rule CAPE_Formhelper
date = "2021-03-07"
modified = "2025-12-08"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Formbook.yar#L46-L58"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Formbook.yar#L46-L58"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "77cdfc94aac089c4f2590f4afbab35351fc6e104e67813548c68c59d27019a63"
score = 75
quality = 70
@@ -61754,8 +61754,8 @@ rule CAPE_Formconfb
date = "2021-03-07"
modified = "2025-12-08"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Formbook.yar#L60-L75"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Formbook.yar#L60-L75"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d21596f25daea284790984b4ea0ba9c2764b94832791f43f9bb582085eaf6492"
score = 75
quality = 70
@@ -61782,8 +61782,8 @@ rule CAPE_Xworm
date = "2023-11-07"
modified = "2023-11-07"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/XWorm.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/XWorm.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d8e103f3470e83d71cd4992b74698c0721b8a69d764fdb7a4543997b2853014a"
score = 75
quality = 70
@@ -61805,8 +61805,8 @@ rule CAPE_Modiloader : FILE
date = "2023-10-19"
modified = "2025-01-31"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/ModiLoader.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/ModiLoader.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "1f0cbf841a6bc18d632e0bc3c591266e77c99a7717a15fc4b84d3e936605761f"
logic_hash = "9e64e0c40192cc832a1ffa7b3ac65a704596af82515d03706cd7aa1f4498f32f"
score = 75
@@ -61830,8 +61830,8 @@ rule CAPE_Modiloaderold : FILE
date = "2023-10-19"
modified = "2025-01-31"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/ModiLoader.yar#L15-L53"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/ModiLoader.yar#L15-L53"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4"
score = 75
quality = 66
@@ -61875,8 +61875,8 @@ rule CAPE_Vbcrypter
date = "2021-03-28"
modified = "2021-03-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/VBCrypter.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/VBCrypter.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "a62bca62ab624ab1a2c2e612c5b7e6d543006026a49c07c46800499e31e41c4e"
score = 75
quality = 70
@@ -61898,8 +61898,8 @@ rule CAPE_Bumblebee : FILE
date = "2022-04-21"
modified = "2023-02-08"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/BumbleBee.yar#L34-L46"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/BumbleBee.yar#L34-L46"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0a632a0b30b28d544880eb1cfdd85e95f455c343d60f8d6922d4196ef7415961"
score = 75
quality = 70
@@ -61923,8 +61923,8 @@ rule CAPE_Zloader : FILE
date = "2021-03-12"
modified = "2024-05-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Zloader.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Zloader.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "319adca805083c7f5854fe840447cf961addbd748f1f25eb8ec8cdeed7af38aa"
score = 75
quality = 70
@@ -61947,8 +61947,8 @@ rule CAPE_Zloader_2024 : FILE
date = "2021-03-12"
modified = "2024-05-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Zloader.yar#L14-L26"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Zloader.yar#L14-L26"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "38d555ef5f613cf7ca043697c479100a7a22e7f043acf8b6a46f8009eb92fd7e"
score = 75
quality = 70
@@ -61972,8 +61972,8 @@ rule CAPE_Buerloader : FILE
date = "2021-03-13"
modified = "2021-03-13"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/BuerLoader.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/BuerLoader.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6f9f9b4c01251c0643c61701084cca2bdfeea08ca95f982355565cf05483d940"
score = 75
quality = 70
@@ -61995,8 +61995,8 @@ rule CAPE_Heavenssyscall : FILE
date = "2024-03-25"
modified = "2024-03-25"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "aeb981fcba0936ff8b1be4c601445fd45e5d3b74856a9439d351edd57f5a50c3"
score = 75
quality = 70
@@ -62020,8 +62020,8 @@ rule CAPE_Gettickcountantivm
date = "2021-12-14"
modified = "2022-02-25"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "662bc7839ed7ddd82d5fdafa29fafd9a9ec299c28820fe4104fbba9be1a09c42"
hash = "00f1537b13933762e1146e41f3bac668123fac7eacd0aa1f7be0aa37a91ef3ce"
hash = "549bca48d0bac94b6a1e6eb36647cd007fed5c0e75a0e4aa315ceabdafe46541"
@@ -62052,8 +62052,8 @@ rule CAPE_Doomedloader : FILE
date = "2024-04-12"
modified = "2024-07-25"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/DoomedLoader.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/DoomedLoader.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77"
score = 75
quality = 70
@@ -62077,8 +62077,8 @@ rule CAPE_Emotetpacker : FILE
date = "2022-03-31"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "5a95d1d87ce69881b58a0e3aafc1929861e2633cdd960021d7b23e2a36409e0d"
logic_hash = "5f27d9d18884f7e0805f69960869b332c1577bf8be8ac103285e8bf98cda0ffd"
score = 75
@@ -62102,8 +62102,8 @@ rule CAPE_Smokeinjector : FILE
date = "2023-02-06"
modified = "2025-11-19"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "757a2bf8aceb92bee839bfcaba3b1a8bc4c037812b969e0f493e4f7a4ddc9ede"
score = 75
quality = 70
@@ -62126,8 +62126,8 @@ rule CAPE_Slowloader
date = "2024-09-23"
modified = "2024-09-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/SlowLoader.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/SlowLoader.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "f07528c646ebd980a5e843caa4a4715e31b22c3cd091576600e9fe45d7fc2fe4"
score = 75
quality = 70
@@ -62150,8 +62150,8 @@ rule CAPE_Anticuckoo : FILE
date = "2023-03-17"
modified = "2023-03-17"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "ad5e52f144bb4a1dae3090978c6ecb4c7732538c9b62a6cedd32eccee6094be5"
logic_hash = "a039aeca2dae44980e8bffafacfda90975e107001be50f11ac916b35ad43592e"
score = 75
@@ -62174,8 +62174,8 @@ rule CAPE_Rhadamanthys
date = "2023-01-25"
modified = "2025-11-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "3c8fbfe14f81e099fc900023d9c856e3f45b99af38889ed952b2ac67a636f51d"
score = 75
quality = 70
@@ -62200,8 +62200,8 @@ rule CAPE_Rhadaanti
date = "2023-01-25"
modified = "2025-11-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Rhadamanthys.yar#L15-L24"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Rhadamanthys.yar#L15-L24"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b54fd25e3297d358f2a8ec3a868bb4d233ee32d6942f21a53c3d25d35164530b"
score = 75
quality = 70
@@ -62223,8 +62223,8 @@ rule CAPE_Rhadunhook
date = "2023-01-25"
modified = "2025-11-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Rhadamanthys.yar#L26-L36"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Rhadamanthys.yar#L26-L36"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "f2da2f1ee6b0a3b9fe58b2c35ccf0a0f6dee44228ec92659370d30defdef7ea3"
score = 75
quality = 70
@@ -62248,8 +62248,8 @@ rule CAPE_Pikahook : FILE
date = "2024-03-07"
modified = "2024-03-12"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Pikabot.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Pikabot.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "2a50a5f2d905122a5b7ac8ca3666b47caa24d325e246841129e53807daf2a1dd"
score = 75
quality = 70
@@ -62274,8 +62274,8 @@ rule CAPE_Pikexport : FILE
date = "2024-03-07"
modified = "2024-03-12"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Pikabot.yar#L16-L28"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Pikabot.yar#L16-L28"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646"
logic_hash = "33f58703a0e40c2361343dbdcc17111aafbf5cc912393edda79005c6ec566f42"
score = 75
@@ -62299,8 +62299,8 @@ rule CAPE_Risepro : FILE
date = "2023-12-16"
modified = "2023-12-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/RisePro.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/RisePro.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "1b69a1dd5961241b926605f0a015fa17149c3b2759fb077a30a22d4ddcc273f6"
logic_hash = "055ca8328923b91f93c116e4a856366356fa11155f4e9fde95da31129b51386a"
score = 75
@@ -62325,8 +62325,8 @@ rule CAPE_Lumma : FILE
date = "2024-01-05"
modified = "2024-05-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Lumma.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Lumma.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "a8f9212b619796f91f14c4164e4d2f30c66b51118f22f3d6c310841b6707b7b0"
score = 75
quality = 70
@@ -62351,8 +62351,8 @@ rule CAPE_Lummaremap
date = "2024-01-05"
modified = "2024-05-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Lumma.yar#L16-L27"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Lumma.yar#L16-L27"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "51093379fbd041f75bdfe161bc9dfcc7d782c23ce16d625ca558bb58d8d57713"
score = 75
quality = 70
@@ -62375,8 +62375,8 @@ rule CAPE_Rdtscpantivm
date = "2021-12-11"
modified = "2021-12-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "be0f9b52fb630730a38160f4ad2d50b6b4bea5edd82e3ea4d1e257cf7b090910"
score = 75
quality = 70
@@ -62398,8 +62398,8 @@ rule CAPE_Privateloader
date = "2024-10-04"
modified = "2024-10-04"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "204a86bb3743f19fed0fe55ff5ccd716661f7f315b5966a29e434ccb3e160526"
score = 75
quality = 70
@@ -62422,8 +62422,8 @@ rule CAPE_Hijackloaderstub
date = "2026-01-26"
modified = "2026-01-26"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/HijackLoader.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/HijackLoader.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "686a19a416b94f6ccdd1891ff027452c84b2171ee4268ff971f490e18948a6f5"
score = 75
quality = 70
@@ -62447,8 +62447,8 @@ rule CAPE_Singlestepantihook
date = "2021-08-26"
modified = "2021-08-26"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "fc9f36b0ecc13192fe8b6caaff256ac52c1f14480223d629a38ba84e90dd0809"
score = 75
quality = 70
@@ -62470,8 +62470,8 @@ rule CAPE_Darkgateloader
date = "2023-08-09"
modified = "2025-04-07"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "00692123615d2f7eaf8aea07754fc9439cf58e1fb8eb4f44f0428b362f27e794"
score = 75
quality = 70
@@ -62497,8 +62497,8 @@ rule CAPE_Guloaderprecursor : FILE
date = "2020-12-29"
modified = "2023-10-02"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Guloader.yar#L17-L28"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Guloader.yar#L17-L28"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ea05c352739366a03da302074b01537382ba26f7fd5049004f156e47d284f070"
score = 75
quality = 70
@@ -62521,8 +62521,8 @@ rule CAPE_Mysterysnail
date = "2021-10-16"
modified = "2021-10-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/MysterySnail.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/MysterySnail.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "9402dbbbfdd286e2309ee83fc08194f70f73657a3a4e3785dfbcb564dbee86a8"
score = 75
quality = 70
@@ -62544,8 +62544,8 @@ rule CAPE_Blister : FILE
date = "2022-05-10"
modified = "2024-05-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Blister.yar#L1-L17"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Blister.yar#L1-L17"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "aba379b93c85241cf250829832b2c8a5eaafb3abd0ff955dbaf0d06489c00deb"
score = 75
quality = 70
@@ -62573,8 +62573,8 @@ rule CAPE_Darkgate
date = "2024-02-26"
modified = "2024-02-26"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/DarkGate.yar#L1-L17"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/DarkGate.yar#L1-L17"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "c1d35921f4fc3bac681a3d5148f517dc0ec90ab8c51e267c8c6cd5b1ca3dc085"
logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191"
score = 75
@@ -62602,8 +62602,8 @@ rule CAPE_Aurastealerbypass
date = "2025-09-02"
modified = "2025-09-02"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/AuraStealer.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/AuraStealer.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ae174c96c262b1734c58bd6c5f7112221b08596c180612e4970acada35dbd070"
score = 75
quality = 70
@@ -62628,8 +62628,8 @@ rule CAPE_Loadersyscall
date = "2024-10-29"
modified = "2025-07-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "3c7ffd8b95032cffecff7fa7e5f5f561cce13e1109f6a9b30bc743642b495e45"
score = 75
quality = 70
@@ -62653,8 +62653,8 @@ rule CAPE_Nitrogenloaderaes
date = "2024-10-29"
modified = "2025-07-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "de8ed0e98948cfadfd579e334fd9ce9f777ddbd988de897529ba71cb5eb2d396"
score = 75
quality = 70
@@ -62678,8 +62678,8 @@ rule CAPE_Nitrogenloaderbypass
date = "2024-10-29"
modified = "2025-07-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "3a034d3ddd18723ea1f91814c8c2a2c47a749dfd1496a5d4777d8ff8bfab3457"
score = 75
quality = 70
@@ -62703,8 +62703,8 @@ rule CAPE_Nitrogenloaderconfig
date = "2024-10-29"
modified = "2025-07-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L66"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L66"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "06d49ebf3f67476c83a77734dff0245a51027a35d92e5af07bb9146db5b156ca"
score = 75
quality = 70
@@ -62739,8 +62739,8 @@ rule CAPE_Agentteslav4Jit
date = "2023-09-13"
modified = "2024-02-27"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/AgentTesla.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/AgentTesla.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc"
score = 75
quality = 70
@@ -62765,8 +62765,8 @@ rule CAPE_Agentteslav3Jit
date = "2023-09-13"
modified = "2024-02-27"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/AgentTesla.yar#L16-L26"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/AgentTesla.yar#L16-L26"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "62a49cf4295df637f96ba7c127cfc4aeb9af2fcced497fdf34d726a062edc1ec"
score = 75
quality = 70
@@ -62788,8 +62788,8 @@ rule CAPE_Icedidsyscallwritemem : FILE
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6b068106b038e9efeb9057cadf314d400c1ada1a1cc70336d3272da3a212c993"
score = 75
quality = 70
@@ -62813,8 +62813,8 @@ rule CAPE_Icedidhook
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L15-L25"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L15-L25"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "fd62e0ed6f2a18472fa9336daee0e8a3a55e21779a8385394e85f96da928e24f"
score = 75
quality = 70
@@ -62836,8 +62836,8 @@ rule CAPE_Icedidpackera : FILE
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L27-L40"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L27-L40"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe"
logic_hash = "aa0681e7794546355e6d61f739c49035a493cdfca7e666531d74e3835ec44408"
score = 75
@@ -62862,8 +62862,8 @@ rule CAPE_Icedidpackerb : FILE
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L42-L56"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L42-L56"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "6517ef2c579002ec62ddeb01a3175917c75d79ceca355c415a4462922c715cb6"
logic_hash = "fde1e2c0124d180b2fa3d0675b35e8d78fdd7b06cd27e9228c148aa29ce30ee7"
score = 75
@@ -62888,8 +62888,8 @@ rule CAPE_Icedidpackerc : FILE
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L58-L71"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L58-L71"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "c06805b6efd482c1a671ec60c1469e47772c8937ec0496f74e987276fa9020a5"
hash = "265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844"
logic_hash = "f1e75e380ab0947fdfda012b7a5077a1c2ef51163239846ab2dc29cac95ba166"
@@ -62914,8 +62914,8 @@ rule CAPE_Icedidpackerd : FILE
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L73-L86"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L73-L86"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "7b226f8cc05fa7d846c52eb0ec386ab37f9bae04372372509daa6bacc9f885d8"
logic_hash = "6685e0246f5a11ce0ca33447837de06506b447a5f8591423e2b76f2ab0274dc7"
score = 75
@@ -62940,8 +62940,8 @@ rule CAPE_Icedsleep : FILE
date = "2021-03-30"
modified = "2023-11-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/IcedID.yar#L88-L99"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/IcedID.yar#L88-L99"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0b1a8be95b1b8a3b066837f9e47561ee8202d741b39d64e626c0461c2fbf7c70"
score = 75
quality = 70
@@ -62964,8 +62964,8 @@ rule CAPE_Stealcanti : FILE
date = "2023-02-22"
modified = "2025-09-01"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Stealc.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Stealc.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
logic_hash = "4132e8094b0b49a89e9f40a8b1a6abbf105bbb04e4ddf3ce739e39fc2baf0d13"
score = 75
@@ -62989,8 +62989,8 @@ rule CAPE_Stealcstrings : FILE
date = "2023-02-22"
modified = "2025-09-01"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Stealc.yar#L15-L26"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Stealc.yar#L15-L26"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6d402446a979c00b6257ace9924db381d98c530b22968bd2776c66d58c7faefc"
score = 75
quality = 70
@@ -63013,8 +63013,8 @@ rule CAPE_Stealcv2Strings : FILE
date = "2023-02-22"
modified = "2025-09-01"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Stealc.yar#L28-L43"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Stealc.yar#L28-L43"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "923f70edb3ad70957576994008729bf7a087479eed1973c42161aa96fa694baa"
score = 75
quality = 70
@@ -63041,8 +63041,8 @@ rule CAPE_Stealcv2Datecheck : FILE
date = "2023-02-22"
modified = "2025-09-01"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Stealc.yar#L45-L56"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Stealc.yar#L45-L56"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "f074aceb7c111156752891acac8690c00dad7c26240fb0752cc12a9a65aa3d30"
score = 75
quality = 70
@@ -63065,8 +63065,8 @@ rule CAPE_Latrodectus : FILE
date = "2024-02-26"
modified = "2024-02-26"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Latrodectus.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Latrodectus.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05"
logic_hash = "c2c9f23e287253d766425c05eb774f6e07bdcbabc259e04b723a1a87c8b91fbd"
score = 75
@@ -63089,8 +63089,8 @@ rule CAPE_Dridexloader : FILE
date = "2021-03-09"
modified = "2021-03-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/DridexLoader.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/DridexLoader.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "00a3e4e80a2558ee52035f091e2339fa2dad6f6515b9dc099f2f3800e4c70bce"
score = 75
quality = 70
@@ -63112,8 +63112,8 @@ rule CAPE_Bruteratelsyscall
date = "2024-07-11"
modified = "2024-07-22"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/BruteRatel.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/BruteRatel.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5ed054b3cd5d2659c250945d55d6adac90945963c34ad2af0f8d7436141e86b6"
score = 75
quality = 70
@@ -63136,8 +63136,8 @@ rule CAPE_Bruteratelpacker
date = "2024-07-11"
modified = "2024-07-22"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/BruteRatel.yar#L14-L26"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/BruteRatel.yar#L14-L26"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "2ccb17efe378d034df34d20d7580c58171d0fd11c18fef6c9a23f1ba238514e6"
score = 75
quality = 70
@@ -63161,8 +63161,8 @@ rule CAPE_Bruterateldate
date = "2024-07-11"
modified = "2024-07-22"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/BruteRatel.yar#L28-L39"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/BruteRatel.yar#L28-L39"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "88589b2d08aea03565668ff1b9af20b6fe11cda50d867c60db7cb4d1826b0fd7"
score = 75
quality = 70
@@ -63185,8 +63185,8 @@ rule CAPE_Bruteratelconfig
date = "2024-07-11"
modified = "2024-07-22"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/BruteRatel.yar#L41-L51"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/BruteRatel.yar#L41-L51"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b1815aafec940ab6c8daafc68ccf294845221ada260de5209dcb7e49ccd061c7"
score = 75
quality = 70
@@ -63208,8 +63208,8 @@ rule CAPE_Themida : FILE
date = "2024-09-10"
modified = "2024-09-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Themida.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Themida.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "c4f1e01a3fe3cb66062ce03253bfe9edc09dc6f1a77db99b281106e8ceff9257"
score = 75
quality = 70
@@ -63232,8 +63232,8 @@ rule CAPE_Amatera : FILE
date = "2025-06-25"
modified = "2025-06-25"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Amatera.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Amatera.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "35eb93548a0c037d392f870c05e0e9fb1aeff3a5a505e1d4a087f7465ed1f6af"
logic_hash = "1c02f04846568b85acbd4101b2e944dc824179f7cff1bceaec1c657939b610d5"
score = 75
@@ -63258,8 +63258,8 @@ rule CAPE_Cargobayloader : FILE
date = "2023-02-20"
modified = "2023-02-20"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/CargoBayLoader.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/CargoBayLoader.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c"
logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9"
score = 75
@@ -63283,8 +63283,8 @@ rule CAPE_Socks5Systemz : FILE
date = "2024-05-22"
modified = "2025-05-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/Socks5Systemz.yar#L1-L19"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/Socks5Systemz.yar#L1-L19"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "7e324bacd1ea57585435b6a5a4c93bda63ca146c100f2361a1c5530b87668299"
score = 75
quality = 70
@@ -63314,8 +63314,8 @@ rule CAPE_Ursnifv3
date = "2021-06-17"
modified = "2023-03-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d679546e37ee58087fce75920b2ce4e6d2b9ae55fb1ef80d14ec14309396757c"
score = 75
quality = 70
@@ -63342,8 +63342,8 @@ rule CAPE_Qakbot5 : FILE
date = "2022-03-16"
modified = "2024-02-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/QakBot.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/QakBot.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "303ea2d8d1a7f0fd0ca5508dae2c1b83c03b1e3e975760f15d36d93bcc152767"
score = 75
quality = 70
@@ -63367,8 +63367,8 @@ rule CAPE_Qakbot4 : FILE
date = "2022-03-16"
modified = "2024-02-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/QakBot.yar#L15-L29"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/QakBot.yar#L15-L29"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ad75b07b9b786f634fd46cbe6dc089d3f732673320e70714e8ab058f0392c9f5"
score = 75
quality = 70
@@ -63394,8 +63394,8 @@ rule CAPE_Qakbotloader : FILE
date = "2022-03-16"
modified = "2024-02-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/QakBot.yar#L31-L46"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/QakBot.yar#L31-L46"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a"
logic_hash = "00869c0a9bf62cde3f46ca915b0ef689557b09dc58d6de34609e3998abfa7e98"
score = 75
@@ -63422,8 +63422,8 @@ rule CAPE_Qakbotantivm
date = "2022-03-16"
modified = "2024-02-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/analyzer/windows/data/yara/QakBot.yar#L48-L59"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/analyzer/windows/data/yara/QakBot.yar#L48-L59"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "e269497ce458b21c8427b3f6f6594a25d583490930af2d3395cb013b20d08ff7"
logic_hash = "20f1cd28f38945a3aa328e77e78525fb1ffc47ecf54d5a40c2f18264c3973989"
score = 75
@@ -63446,8 +63446,8 @@ rule CAPE_Formbook
date = "2019-10-30"
modified = "2023-10-13"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Formbook.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Formbook.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e"
score = 75
quality = 70
@@ -63476,8 +63476,8 @@ rule CAPE_Wanacry : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/WanaCry.yar#L1-L16"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/WanaCry.yar#L1-L16"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944"
score = 75
quality = 70
@@ -63503,8 +63503,8 @@ rule CAPE_Zeuspanda : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/ZeusPanda.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/ZeusPanda.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761"
score = 75
quality = 70
@@ -63527,8 +63527,8 @@ rule CAPE_Oyster
date = "2024-03-01"
modified = "2024-05-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Oyster.yar#L1-L19"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Oyster.yar#L1-L19"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650"
logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540"
score = 75
@@ -63558,8 +63558,8 @@ rule CAPE_Nitrobunnydownloader : FILE
date = "2025-10-28"
modified = "2025-11-05"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/NitroBunnyDownloader.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/NitroBunnyDownloader.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "960e59200ec0a4b5fb3b44e6da763f5fec4092997975140797d4eec491de411b"
logic_hash = "dcc1348c1d1af0c854376cf6331538951362b43d8d76c0ad73bbbdeb1ab4c135"
score = 75
@@ -63588,8 +63588,8 @@ rule CAPE_Kronos : FILE
date = "2019-10-30"
modified = "2020-07-02"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Kronos.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Kronos.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3"
score = 75
quality = 70
@@ -63614,8 +63614,8 @@ rule CAPE_Pikabotloader : FILE
date = "2023-02-13"
modified = "2024-03-13"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/PikaBot.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/PikaBot.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231"
score = 75
quality = 70
@@ -63639,8 +63639,8 @@ rule CAPE_Pikabot : FILE
date = "2023-02-13"
modified = "2024-03-13"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/PikaBot.yar#L15-L28"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/PikaBot.yar#L15-L28"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7"
score = 75
quality = 70
@@ -63665,8 +63665,8 @@ rule CAPE_Pik23 : FILE
date = "2023-02-13"
modified = "2024-03-13"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/PikaBot.yar#L30-L44"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/PikaBot.yar#L30-L44"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1"
logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc"
score = 75
@@ -63692,8 +63692,8 @@ rule CAPE_Jaff : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Jaff.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Jaff.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418"
score = 75
quality = 70
@@ -63718,8 +63718,8 @@ rule CAPE_Bumblebeeshellcode_1
date = "2022-04-21"
modified = "2024-10-29"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BumbleBee.yar#L18-L33"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BumbleBee.yar#L18-L33"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d56f8c4e491d0d1b34e396e73750bef9917ca4f708fb6a2681de772a65c13a40"
score = 75
quality = 70
@@ -63746,8 +63746,8 @@ rule CAPE_Bumblebee2024
date = "2022-04-21"
modified = "2024-10-29"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BumbleBee.yar#L52-L68"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BumbleBee.yar#L52-L68"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "db58272c1ba74bc6e6a90bdacf7e8feec94be5da2b5123e0475ce86448f3edb2"
score = 75
quality = 70
@@ -63775,8 +63775,8 @@ rule CAPE_Zloader_1 : FILE
date = "2020-04-04"
modified = "2025-12-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Zloader.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Zloader.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa"
logic_hash = "525670973b67aac048199529c97d6be00b0a8cca9bc90deb647366d92a5ea540"
score = 75
@@ -63805,8 +63805,8 @@ rule CAPE_Zloader2024 : FILE
date = "2020-04-04"
modified = "2025-12-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Zloader.yar#L20-L34"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Zloader.yar#L20-L34"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "49405370a33abbf131c5d550cebe00780cc3fd3cbe888220686582ae88f16af7"
logic_hash = "27d883f6d6cab07e602f97a0a032a152386693f79dabf1bb87b0a8a053a38b03"
score = 75
@@ -63832,8 +63832,8 @@ rule CAPE_Zloader2025 : FILE
date = "2020-04-04"
modified = "2025-12-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Zloader.yar#L36-L49"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Zloader.yar#L36-L49"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "86ffd411b42d8d06bdb294f48e79393adeea586c56c5c75c1a68ce6315932881"
logic_hash = "cc9c39f0b5e7e8c8853982d9c896bbaac5a36bb0f501c8901d8854f2d5e1a19c"
score = 75
@@ -63859,8 +63859,8 @@ rule CAPE_Netsupport : FILE
date = "2025-10-17"
modified = "2025-10-17"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/NetSupport.yar#L3-L16"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/NetSupport.yar#L3-L16"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d12e46d74ae0ba9f599d27dc2f55ff92a6648accbcd1a43cc3f1a9a2755e5fc7"
score = 75
quality = 70
@@ -63885,11 +63885,11 @@ rule CAPE_Asyncrat_Kingrat
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L1-L30"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L1-L30"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "1400d2029dfb66d8f2dc34db8643d6301f3af9bd356639f883d2c10bcc0c3947"
score = 75
- quality = 33
+ quality = 58
tags = ""
cape_type = "AsyncRAT Payload"
@@ -63924,11 +63924,11 @@ rule CAPE_Stormkitty : FILE
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L32-L57"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L32-L57"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "258f5d9da80ff912459194b1139f062491df21a44456942951e2bd98e4b86c9b"
score = 75
- quality = 41
+ quality = 66
tags = "FILE"
cape_type = "StormKitty Payload"
@@ -63960,8 +63960,8 @@ rule CAPE_Worldwind : FILE
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L60-L82"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L60-L82"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "9bb04fad460193cd877ea7f2de9337f69aadda01aee6c79f0a23cdf564b1e6c8"
score = 75
quality = 70
@@ -63996,8 +63996,8 @@ rule CAPE_Prynt : FILE
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L85-L107"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L85-L107"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "84f2b33285ab1d129a62940a02990639cc8f7c92d490d7257e6aed9170d1e34e"
score = 75
quality = 70
@@ -64032,8 +64032,8 @@ rule CAPE_Xworm_1 : FILE
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L110-L136"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L110-L136"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7"
score = 75
quality = 68
@@ -64072,8 +64072,8 @@ rule CAPE_Xworm_Kingrat
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L138-L155"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L138-L155"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "3914be652bb7271e5e6b89d05edf10a54f8ddaf9e22d194b60501aa2cdd495d3"
score = 75
quality = 66
@@ -64104,11 +64104,11 @@ rule CAPE_Dcrat : FILE
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L157-L222"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L157-L222"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8"
score = 75
- quality = 20
+ quality = 45
tags = "FILE"
cape_type = "DCRat Payload"
@@ -64178,8 +64178,8 @@ rule CAPE_Dcrat_Kingrat
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L224-L243"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L224-L243"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "73ac27c3f0fc71d053e89690b5a7d29c1f8b0ea0a22e8595148a9001799fae54"
score = 75
quality = 62
@@ -64211,8 +64211,8 @@ rule CAPE_Quasarrat : FILE
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L245-L266"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L245-L266"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b"
score = 75
quality = 70
@@ -64246,8 +64246,8 @@ rule CAPE_Quasarrat_Kingrat
date = "2024-10-09"
modified = "2025-02-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AsyncRAT.yar#L268-L287"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AsyncRAT.yar#L268-L287"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "1f4296a592134edbe52e256dc353143af02e897ff1afad98f3dac0c5ab13f3f7"
score = 75
quality = 70
@@ -64279,8 +64279,8 @@ rule CAPE_Buerloader_1 : FILE
date = "2020-10-29"
modified = "2022-05-31"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BuerLoader.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BuerLoader.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29"
score = 75
quality = 70
@@ -64304,8 +64304,8 @@ rule CAPE_Scarab : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Scarab.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Scarab.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6"
score = 75
quality = 70
@@ -64329,8 +64329,8 @@ rule CAPE_Arkei : FILE
date = "2019-10-30"
modified = "2025-01-10"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Arkei.yar#L1-L50"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Arkei.yar#L1-L50"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "296e420880d8d2f24424d0411e7ef4939e18147689557512f410da48498a44c9"
score = 75
quality = 70
@@ -64386,8 +64386,8 @@ rule CAPE_Cerber : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Cerber.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Cerber.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3"
score = 75
quality = 70
@@ -64409,8 +64409,8 @@ rule CAPE_Squirrelwaffle : FILE
date = "2021-09-22"
modified = "2021-10-13"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500"
score = 75
quality = 70
@@ -64433,8 +64433,8 @@ rule CAPE_Seduploader : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Seduploader.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Seduploader.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516"
score = 75
quality = 70
@@ -64456,8 +64456,8 @@ rule CAPE_Dridexv4 : FILE
date = "2019-10-30"
modified = "2022-05-31"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/DridexV4.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/DridexV4.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6"
score = 75
quality = 70
@@ -64483,8 +64483,8 @@ rule CAPE_Smokeloader
date = "2019-10-30"
modified = "2025-11-19"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/SmokeLoader.yar#L1-L16"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/SmokeLoader.yar#L1-L16"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "8e2f95af9b25ccfd8ad7b56f75a37bb085bde1b2feda2e6502568e86c928ed68"
score = 75
quality = 70
@@ -64511,8 +64511,8 @@ rule CAPE_Rozena
date = "2024-03-13"
modified = "2024-03-15"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Rozena.yar#L1-L10"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Rozena.yar#L1-L10"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135"
score = 75
quality = 70
@@ -64535,8 +64535,8 @@ rule CAPE_Varenyky : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Varenyky.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Varenyky.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9"
score = 75
quality = 70
@@ -64558,8 +64558,8 @@ rule CAPE_Vipkeylogger : FILE
date = "2025-09-11"
modified = "2025-09-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/VIPKeyLogger.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/VIPKeyLogger.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b9dba7562bba4807c0789692d44650996e62c8d0c4031dedd65773877621b1de"
score = 75
quality = 70
@@ -64584,8 +64584,8 @@ rule CAPE_Vidar : FILE
date = "2019-10-30"
modified = "2023-04-21"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Vidar.yar#L1-L22"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Vidar.yar#L1-L22"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d"
score = 75
quality = 70
@@ -64618,8 +64618,8 @@ rule CAPE_Azer : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Azer.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Azer.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5"
score = 75
quality = 70
@@ -64643,8 +64643,8 @@ rule CAPE_Eternalromance : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/EternalRomance.yar#L1-L33"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/EternalRomance.yar#L1-L33"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d"
score = 75
quality = 68
@@ -64689,8 +64689,8 @@ rule CAPE_Nighthawk
date = "2022-12-03"
modified = "2022-12-05"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Nighthawk.yar#L3-L24"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Nighthawk.yar#L3-L24"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2"
score = 75
quality = 70
@@ -64714,8 +64714,8 @@ rule CAPE_Rhadamanthys_1
date = "2023-01-25"
modified = "2025-12-19"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Rhadamanthys.yar#L1-L19"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Rhadamanthys.yar#L1-L19"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "3ccfc97202690dd996ffd2b4f09d31e6ee322bf9f0b7759f9b8c455164995f84"
score = 75
quality = 70
@@ -64745,8 +64745,8 @@ rule CAPE_Rhadamanthysloader
date = "2023-01-25"
modified = "2025-12-19"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Rhadamanthys.yar#L21-L33"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Rhadamanthys.yar#L21-L33"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5505c9ba1f0c6cb9aa9c212bf8bc2c49ad544e99996a1f4c1fa79a27a14d4c7f"
score = 75
quality = 70
@@ -64770,8 +64770,8 @@ rule CAPE_Megacortex : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/MegaCortex.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/MegaCortex.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6"
score = 75
quality = 70
@@ -64795,8 +64795,8 @@ rule CAPE_Lumma_1 : FILE
date = "2024-01-05"
modified = "2025-07-08"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Lumma.yar#L1-L16"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Lumma.yar#L1-L16"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ca7822292c58af68e7a1610362bf0b5d27c93e3222ceec8d216e05a442008f37"
score = 75
quality = 70
@@ -64823,8 +64823,8 @@ rule CAPE_Bitpaymer : FILE
date = "2019-11-27"
modified = "2019-11-27"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BitPaymer.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BitPaymer.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c"
score = 75
quality = 70
@@ -64847,8 +64847,8 @@ rule CAPE_Petya : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Petya.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Petya.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014"
score = 75
quality = 70
@@ -64872,8 +64872,8 @@ rule CAPE_Dreambot : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Dreambot.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Dreambot.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b"
score = 75
quality = 70
@@ -64898,8 +64898,8 @@ rule CAPE_Lockbit : FILE
date = "2020-05-14"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Lockbit.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Lockbit.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9"
score = 75
quality = 70
@@ -64925,8 +64925,8 @@ rule CAPE_Doppelpaymer : FILE
date = "2019-11-15"
modified = "2022-06-27"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d"
score = 75
quality = 70
@@ -64949,8 +64949,8 @@ rule CAPE_Trickbot
date = "2019-10-30"
modified = "2023-02-07"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/TrickBot.yar#L1-L20"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/TrickBot.yar#L1-L20"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea"
score = 75
quality = 70
@@ -64981,8 +64981,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module
date = "2019-10-30"
modified = "2023-02-07"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/TrickBot.yar#L22-L38"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/TrickBot.yar#L22-L38"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "491115422a6b94dc952982e6914adc39"
logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2"
score = 75
@@ -65010,8 +65010,8 @@ rule CAPE_Gootkit : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Gootkit.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Gootkit.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7"
score = 75
quality = 70
@@ -65033,8 +65033,8 @@ rule CAPE_Nanolocker : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/NanoLocker.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/NanoLocker.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db"
score = 75
quality = 70
@@ -65058,8 +65058,8 @@ rule CAPE_Ryuk : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Ryuk.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Ryuk.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c"
score = 75
quality = 70
@@ -65084,8 +65084,8 @@ rule CAPE_Badrabbit : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BadRabbit.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BadRabbit.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c"
score = 75
quality = 70
@@ -65109,8 +65109,8 @@ rule CAPE_Conti : FILE
date = "2020-10-19"
modified = "2021-03-15"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Conti.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Conti.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848"
score = 75
quality = 70
@@ -65134,8 +65134,8 @@ rule CAPE_Codoso : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Codoso.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Codoso.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8"
score = 75
quality = 70
@@ -65159,8 +65159,8 @@ rule CAPE_Cryptoshield : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Cryptoshield.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Cryptoshield.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6"
score = 75
quality = 70
@@ -65184,8 +65184,8 @@ rule CAPE_Blackdropper
date = "2024-10-22"
modified = "2024-10-22"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BlackDropper.yar#L1-L17"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BlackDropper.yar#L1-L17"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "f8026ae3237bdd885e5fcaceb86bcab4087d8857e50ba472ca79ce44c12bc257"
logic_hash = "c7f7bc740d413b479ebe45611ddfc04f7e4f2978516b2882069b2569c7acdf28"
score = 75
@@ -65213,8 +65213,8 @@ rule CAPE_Remcos : FILE
date = "2019-10-30"
modified = "2022-05-10"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Remcos.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Remcos.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710"
score = 75
quality = 68
@@ -65239,8 +65239,8 @@ rule CAPE_Rcsession
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/RCSession.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/RCSession.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d"
score = 75
quality = 70
@@ -65263,8 +65263,8 @@ rule CAPE_Blister_1 : FILE
date = "2022-05-10"
modified = "2023-09-20"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Blister.yar#L1-L17"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Blister.yar#L1-L17"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2"
hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c"
logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d"
@@ -65292,8 +65292,8 @@ rule CAPE_Aurastealer
date = "2025-09-02"
modified = "2025-09-02"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AuraStealer.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AuraStealer.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "960b83639a898509dc272f3235822401a8f861fa6607991993285b618b882d8b"
score = 75
quality = 70
@@ -65322,8 +65322,8 @@ rule CAPE_Aurorastealer : FILE
date = "2022-12-14"
modified = "2023-03-31"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AuroraStealer.yar#L1-L74"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AuroraStealer.yar#L1-L74"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5"
score = 75
quality = 45
@@ -65402,8 +65402,8 @@ rule CAPE_Kovter : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Kovter.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Kovter.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d"
score = 75
quality = 70
@@ -65428,8 +65428,8 @@ rule CAPE_Kpot : FILE
date = "2020-10-19"
modified = "2020-10-19"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Kpot.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Kpot.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f"
score = 75
quality = 70
@@ -65453,8 +65453,8 @@ rule CAPE_Adaptixbeacon
date = "2025-06-16"
modified = "2025-10-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AdaptixBeacon.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AdaptixBeacon.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "f78f5803be5704420cbb2e0ac3c57fcb3d9cdf443fbf1233c069760bee115b5d"
logic_hash = "2c1d09cd5e19e5a09dde65411691afd5922959d4a7b5232b28ebf56f26d2f07d"
score = 75
@@ -65483,8 +65483,8 @@ rule CAPE_Amadey : FILE
date = "2021-02-18"
modified = "2025-08-15"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Amadey.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Amadey.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4"
logic_hash = "5a7405a174b63826500f3b04c6f10bc9b40d5b49e85377bef027204e75dd1e9e"
score = 75
@@ -65510,8 +65510,8 @@ rule CAPE_Hancitor : FILE
date = "2019-10-30"
modified = "2020-10-20"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Hancitor.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Hancitor.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c"
score = 75
quality = 70
@@ -65536,8 +65536,8 @@ rule CAPE_Emotetloader : FILE
date = "2022-05-31"
modified = "2022-05-31"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/EmotetLoader.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/EmotetLoader.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773"
score = 75
quality = 70
@@ -65559,8 +65559,8 @@ rule CAPE_Magniber : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Magniber.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Magniber.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618"
score = 75
quality = 70
@@ -65582,8 +65582,8 @@ rule CAPE_Nitrogenloader
date = "2024-10-29"
modified = "2025-07-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/NitrogenLoader.yar#L1-L35"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/NitrogenLoader.yar#L1-L35"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "4aab353aacc8f6910884e722f2d57439891680963accb906c2cee245437732c6"
score = 75
quality = 68
@@ -65629,8 +65629,8 @@ rule CAPE_Agent_Tesla
date = "2019-10-30"
modified = "2026-01-14"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AgentTesla.yar#L1-L17"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AgentTesla.yar#L1-L17"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be"
score = 75
quality = 70
@@ -65656,8 +65656,8 @@ rule CAPE_Agenttesla : FILE
date = "2019-10-30"
modified = "2026-01-14"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AgentTesla.yar#L19-L41"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AgentTesla.yar#L19-L41"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188"
score = 75
quality = 70
@@ -65689,8 +65689,8 @@ rule CAPE_Agentteslav2 : FILE
date = "2019-10-30"
modified = "2026-01-14"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AgentTesla.yar#L43-L67"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AgentTesla.yar#L43-L67"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78"
score = 75
quality = 70
@@ -65726,8 +65726,8 @@ rule CAPE_Agentteslav3 : FILE
date = "2019-10-30"
modified = "2026-01-14"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AgentTesla.yar#L69-L115"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AgentTesla.yar#L69-L115"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "cc9bbbcf3608b49a76b098acf846ff03eae5e9cb107697627d62661fa1be36c2"
score = 75
quality = 70
@@ -65765,8 +65765,8 @@ rule CAPE_Agentteslav4 : FILE
date = "2019-10-30"
modified = "2026-01-14"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/AgentTesla.yar#L117-L130"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/AgentTesla.yar#L117-L130"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9"
score = 75
quality = 70
@@ -65791,8 +65791,8 @@ rule CAPE_Icedid
date = "2019-10-30"
modified = "2021-12-16"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/IcedID.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/IcedID.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331"
score = 75
quality = 45
@@ -65821,8 +65821,8 @@ rule CAPE_Xenorat
date = "2024-10-09"
modified = "2024-10-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/XenoRAT.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/XenoRAT.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "26f520fb69a52d05786fac0e9e38f5db9601da0a3e7768e00975a9684f3560ef"
score = 75
quality = 66
@@ -65849,8 +65849,8 @@ rule CAPE_Atlas : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Atlas.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Atlas.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e"
score = 75
quality = 70
@@ -65874,8 +65874,8 @@ rule CAPE_Hermes : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Hermes.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Hermes.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b"
score = 75
quality = 70
@@ -65899,8 +65899,8 @@ rule CAPE_Mykings : FILE
date = "2025-10-24"
modified = "2025-10-26"
reference = "https://x.com/YungBinary/status/1981108948498333900"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/MyKings.yar#L1-L23"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/MyKings.yar#L1-L23"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "82647dd23c0247faa045893ec1cf111da2a30528a1b737b59ce1b71172a64473"
score = 75
quality = 70
@@ -65934,8 +65934,8 @@ rule CAPE_Stealc : FILE
date = "2023-02-22"
modified = "2025-08-21"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Stealc.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Stealc.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
logic_hash = "a6165168b7c74761b91d1691465688c748227b830813067edb4e9bdc934271c4"
score = 75
@@ -65959,8 +65959,8 @@ rule CAPE_Stealcv2 : FILE
date = "2023-02-22"
modified = "2025-08-21"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Stealc.yar#L15-L32"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Stealc.yar#L15-L32"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "911c6a7f63e91a788898f3cc6e66396e39d5bd48f8fbaac49ee5dbbdaa64d5a0"
score = 75
quality = 70
@@ -65989,8 +65989,8 @@ rule CAPE_Ursnif : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Ursnif.yar#L1-L19"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Ursnif.yar#L1-L19"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd"
score = 75
quality = 70
@@ -66019,8 +66019,8 @@ rule CAPE_Tclient : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/TClient.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/TClient.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d"
score = 75
quality = 70
@@ -66042,8 +66042,8 @@ rule CAPE_Tscookie : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/TSCookie.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/TSCookie.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3"
score = 75
quality = 70
@@ -66067,8 +66067,8 @@ rule CAPE_Carbanak : FILE
date = "2023-11-30"
modified = "2024-03-18"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Carbanak.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Carbanak.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84"
logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367"
score = 75
@@ -66093,8 +66093,8 @@ rule CAPE_Latrodectus_1
date = "2024-01-18"
modified = "2025-05-10"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Latrodectus.yar#L1-L16"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Latrodectus.yar#L1-L16"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811"
logic_hash = "a8430299930f4c8de0a88c6836d4821871f7183cc5ff44ea9be84fbea47bbb13"
score = 75
@@ -66121,8 +66121,8 @@ rule CAPE_Latrodectus_AES
date = "2024-01-18"
modified = "2025-05-10"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Latrodectus.yar#L18-L34"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Latrodectus.yar#L18-L34"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8"
logic_hash = "058d278c16527969066d1b4ea7f0e3ab2809d5480cdab06ec476b465e0c4795a"
score = 75
@@ -66150,8 +66150,8 @@ rule CAPE_Nightshadec2 : FILE
date = "2025-09-04"
modified = "2025-09-12"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/NightshadeC2.yar#L1-L20"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/NightshadeC2.yar#L1-L20"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "963c012d56c62093d105ab5044517fdcce4ab826f7782b3e377932da1df6896d"
logic_hash = "f9fabc391e21180a1c92abea0a5ded6d7669e8d8f2330b69d6c1227c9b4237a0"
score = 75
@@ -66181,8 +66181,8 @@ rule CAPE_Dridexloader_1 : FILE
date = "2019-11-12"
modified = "2021-03-10"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/DridexLoader.yar#L1-L17"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/DridexLoader.yar#L1-L17"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588"
score = 75
quality = 70
@@ -66209,8 +66209,8 @@ rule CAPE_Petrwrap : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/PetrWrap.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/PetrWrap.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968"
score = 75
quality = 70
@@ -66235,8 +66235,8 @@ rule CAPE_Zerot : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/ZeroT.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/ZeroT.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803"
score = 75
quality = 68
@@ -66262,8 +66262,8 @@ rule CAPE_Bazar : FILE
date = "2021-08-26"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Bazar.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Bazar.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d"
score = 75
quality = 70
@@ -66286,8 +66286,8 @@ rule CAPE_Fareit : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Fareit.yar#L1-L11"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Fareit.yar#L1-L11"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83"
score = 75
quality = 70
@@ -66309,8 +66309,8 @@ rule CAPE_Mole : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Mole.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Mole.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786"
score = 75
quality = 70
@@ -66334,8 +66334,8 @@ rule CAPE_Chaosbot : FILE
date = "2025-10-16"
modified = "2025-10-16"
reference = "https://x.com/YungBinary/status/1976580501508182269"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/ChaosBot.yar#L1-L24"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/ChaosBot.yar#L1-L24"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "fcb04697dbef62497421318d5dfe7cdf5533b432975ebbfb3bd64ebbfeb4a592"
score = 75
quality = 62
@@ -66369,8 +66369,8 @@ rule CAPE_Nemty : FILE
date = "2020-04-03"
modified = "2020-04-03"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Nemty.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Nemty.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419"
score = 75
quality = 70
@@ -66394,8 +66394,8 @@ rule CAPE_Monsterv2 : FILE
date = "2025-09-06"
modified = "2025-09-12"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/MonsterV2.yar#L1-L21"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/MonsterV2.yar#L1-L21"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "d4e65f860e69b2eee8a818a4146d91b84ce6da30c8fa27593587932e4f0847a8"
score = 75
quality = 70
@@ -66427,8 +66427,8 @@ rule CAPE_Lokibot : FILE
date = "2022-02-01"
modified = "2022-02-01"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/LokiBot.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/LokiBot.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06"
score = 75
quality = 70
@@ -66451,8 +66451,8 @@ rule CAPE_Bruteratel
date = "2024-07-11"
modified = "2024-07-11"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/BruteRatel.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/BruteRatel.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "0984977c716d6f8e068c045166eb5db77c9fbce27513e555dceca348375f1a66"
score = 75
quality = 70
@@ -66477,8 +66477,8 @@ rule CAPE_Locky : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Locky.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Locky.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7"
score = 75
quality = 70
@@ -66502,8 +66502,8 @@ rule CAPE_Sedreco : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Sedreco.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Sedreco.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca"
score = 75
quality = 70
@@ -66527,8 +66527,8 @@ rule CAPE_Darkcloud : FILE
date = "2025-10-16"
modified = "2025-10-16"
reference = "https://x.com/YungBinary/status/1971585972912689643"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/DarkCloud.yar#L1-L39"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/DarkCloud.yar#L1-L39"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "e9a67fce4c1e4ffa7322c225522263aa4db94ae9f29113a81f5216fb4fa68b57"
score = 75
quality = 68
@@ -66572,8 +66572,8 @@ rule CAPE_Cobaltstrikestager
date = "2023-01-18"
modified = "2023-01-18"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5"
score = 75
quality = 70
@@ -66598,8 +66598,8 @@ rule CAPE_Koiloader
date = "2024-10-25"
modified = "2024-10-25"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/KoiLoader.yar#L1-L35"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/KoiLoader.yar#L1-L35"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "b462e3235c7578450b2b56a8aff875a3d99d22f6970a01db3ba98f7ecb6b01a0"
logic_hash = "264a536632f8f11c904b00c9d2e505b3263c733ad8fbc2ef19c25a5ad58cef90"
score = 75
@@ -66643,8 +66643,8 @@ rule CAPE_Obfuscar : FILE
date = "2025-03-07"
modified = "2025-03-07"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Obfuscar.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Obfuscar.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5"
score = 75
quality = 70
@@ -66665,8 +66665,8 @@ rule CAPE_Ramnit : FILE
date = "2019-10-30"
modified = "2019-10-30"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Ramnit.yar#L1-L13"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Ramnit.yar#L1-L13"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd"
score = 75
quality = 70
@@ -66690,8 +66690,8 @@ rule CAPE_Gandcrab : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Gandcrab.yar#L1-L14"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Gandcrab.yar#L1-L14"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c"
score = 75
quality = 70
@@ -66716,8 +66716,8 @@ rule CAPE_Ursnifv3_1 : FILE
date = "2022-05-31"
modified = "2023-03-23"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/UrsnifV3.yar#L1-L18"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/UrsnifV3.yar#L1-L18"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8"
score = 75
quality = 70
@@ -66746,8 +66746,8 @@ rule CAPE_Qakbot5_1 : FILE
date = "2019-10-30"
modified = "2024-04-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/QakBot.yar#L1-L15"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/QakBot.yar#L1-L15"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35"
logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf"
score = 75
@@ -66773,8 +66773,8 @@ rule CAPE_Qakbot4_1 : FILE
date = "2019-10-30"
modified = "2024-04-28"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/QakBot.yar#L17-L35"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/QakBot.yar#L17-L35"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f"
score = 75
quality = 70
@@ -66804,8 +66804,8 @@ rule CAPE_Masslogger : FILE
date = "2020-10-20"
modified = "2020-11-24"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/MassLogger.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/MassLogger.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c"
score = 75
quality = 70
@@ -66828,8 +66828,8 @@ rule CAPE_Azorult : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/Azorult.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/Azorult.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90"
score = 75
quality = 70
@@ -66852,8 +66852,8 @@ rule CAPE_Rokrat : FILE
date = "2019-10-30"
modified = "2022-06-09"
reference = "https://github.com/kevoreilly/CAPEv2"
- source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/data/yara/CAPE/RokRat.yar#L1-L12"
- license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd11d0bfb8eba9981a831331de7120f3102b624e/LICENSE"
+ source_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/data/yara/CAPE/RokRat.yar#L1-L12"
+ license_url = "https://github.com/kevoreilly/CAPEv2/blob/f7f834f2f37f1b1887e6d883858cf6b03bb07e2c/LICENSE"
logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec"
score = 75
quality = 70
@@ -66871,7 +66871,7 @@ rule CAPE_Rokrat : FILE
* YARA Rule Set
* Repository Name: BinaryAlert
* Repository: https://github.com/airbnb/binaryalert/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b
* Number of Rules: 80
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -69335,7 +69335,7 @@ rule BINARYALERT_Hacktool_Macos_Manwhoami_Icloudcontacts
* YARA Rule Set
* Repository Name: DeadBits
* Repository: https://github.com/deadbits/yara-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001
* Number of Rules: 19
* Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -69585,7 +69585,7 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE
license_url = "N/A"
logic_hash = "dc8cce2ae3a427f771b19b4d0e027b653ff03a7bf816303460398987535c5351"
score = 75
- quality = 55
+ quality = 80
tags = "WINMALWARE, INFOSTEALER, FILE"
Description = "Attempts to detect KPOT version 2 payloads"
Author = "Adam M. Swanda"
@@ -69802,7 +69802,7 @@ rule DEADBITS_Crescentcore_DMG : INSTALLER MACOSMALWARE FILE
license_url = "N/A"
logic_hash = "819f01fdacea1e95f0f4d4f8e59ebae97ff9489a1be2c60e33253580a8f9e418"
score = 75
- quality = 26
+ quality = 51
tags = "INSTALLER, MACOSMALWARE, FILE"
Author = "Adam M. Swanda"
@@ -69835,7 +69835,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR
description = "No description has been set in the source file - DeadBits"
author = "Adam M. Swanda"
id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0"
- date = "2019-11-01"
+ date = "2019-11-08"
modified = "2019-12-04"
reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/"
source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41"
@@ -69882,7 +69882,7 @@ rule DEADBITS_Godlua_Linux : LINUXMALWARE FILE
license_url = "N/A"
logic_hash = "70a8078f261648f050807e82009493e39fa32c0748576b3df76d8aaaa117103e"
score = 75
- quality = 26
+ quality = 51
tags = "LINUXMALWARE, FILE"
Author = "Adam M. Swanda"
@@ -69927,7 +69927,7 @@ rule DEADBITS_Jsworm : MALWARE FILE
license_url = "N/A"
logic_hash = "99074e25ec15c5b25fa41bef19203f5ddc227acd51fadca1e2c3ece538b3da01"
score = 75
- quality = 53
+ quality = 78
tags = "MALWARE, FILE"
strings:
@@ -69963,7 +69963,7 @@ rule DEADBITS_Watchdog_Botnet : BOTNET LINUXMALWARE EXPLOITATION CVE_2019_11581
license_url = "N/A"
logic_hash = "aea8afdf118b79f701941ddd4306ee0f1c947ea59de5485ff977beff95e06d35"
score = 75
- quality = 53
+ quality = 78
tags = "BOTNET, LINUXMALWARE, EXPLOITATION, CVE_2019_11581, CVE_2019_10149"
Author = "Adam M. Swanda"
@@ -70188,7 +70188,7 @@ rule DEADBITS_APT34_PICKPOCKET : APT APT34 INFOSTEALER WINMALWARE FILE
* YARA Rule Set
* Repository Name: DelivrTo
* Repository: https://github.com/delivr-to/detections
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: f85e1d0c477cbf4689d1cfe4a80049c465673b23
* Number of Rules: 12
* Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
@@ -70235,7 +70235,7 @@ rule DELIVRTO_SUSP_ZPAQ_Archive_Nov23 : FILE
license_url = "N/A"
logic_hash = "348144ee7137def00b37e074507e8148e51d34c484802a56bcd6e090d4628f18"
score = 40
- quality = 55
+ quality = 80
tags = "FILE"
strings:
@@ -70483,7 +70483,7 @@ rule DELIVRTO_SUSP_Msg_CVE_2023_23397_Mar23 : CVE_2023_23397 FILE
* YARA Rule Set
* Repository Name: ESET
* Repository: https://github.com/eset/malware-ioc
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: c4cc6a82fd4d5ca639746e48447e9feddce2292b
* Number of Rules: 99
* Skipped: 0 (age), 8 (quality), 1 (score), 0 (importance)
@@ -73018,7 +73018,7 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE
description = "Matches the function used to decrypt resources headers in TA410 FlowCloud"
author = "ESET Research"
id = "403c1845-bc25-5a49-8553-8a0be18d6970"
- date = "2026-01-01"
+ date = "2026-01-08"
modified = "2022-04-27"
reference = "https://github.com/eset/malware-ioc/"
source_url = "https://github.com/eset/malware-ioc/blob/c4cc6a82fd4d5ca639746e48447e9feddce2292b/ta410/ta410.yar#L417-L496"
@@ -74079,7 +74079,7 @@ rule ESET_Richheaders_Lazarus_Nukesped_Iconicpayloads_3CX_Q12023
* YARA Rule Set
* Repository Name: FireEye-RT
* Repository: https://github.com/mandiant/red_team_tool_countermeasures/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b
* Number of Rules: 166
* Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
@@ -74600,7 +74600,7 @@ rule FIREEYE_RT_FE_APT_Loader_MSIL_REVOLVER_1 : FILE
license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
logic_hash = "1231f4c961dec122ebcb142052c2c7c03acf9b556cdb71a3efabde6bcf50a939"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -75341,7 +75341,7 @@ rule FIREEYE_RT_APT_Builder_PY_MATRYOSHKA_1
hash = "25a97f6dba87ef9906a62c1a305ee1dd"
logic_hash = "71b26f4b319429ac356b55d22bccd1da85894d61f8c96452422de78d2d893420"
score = 75
- quality = 50
+ quality = 75
tags = ""
rev = 1
@@ -75524,7 +75524,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_3 : FILE
license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
logic_hash = "41cc6a4c7765b1e5e88d12660b69e434c83938ca974b9ccf6545b4dd5dd78378"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -75549,7 +75549,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_1 : FILE
license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
logic_hash = "56237d686b954950849adeedc87d5f9fbff2335a0ff033ba8571b3e3b93f587c"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -75825,7 +75825,7 @@ rule FIREEYE_RT_Hacktool_PY_Impacketobfuscation_2
hash = "f3dd8aa567a01098a8a610529d892485"
logic_hash = "ccbbe507798f16c7acf0780770fdb81b2e7dc333ab8bc51e6216816276c3f14b"
score = 75
- quality = 50
+ quality = 75
tags = ""
rev = 2
@@ -77572,7 +77572,7 @@ rule FIREEYE_RT_APT_Loader_MSIL_LUALOADER_2 : FILE
license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
logic_hash = "700927768669eda6976071306e991bfaae136279f4265980521597c699fbed88"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -77701,7 +77701,7 @@ rule FIREEYE_RT_Hacktool_MSIL_Puppyhound_1 : FILE
hash = "eeedc09570324767a3de8205f66a5295"
logic_hash = "39073bbfef15ecd28c1772e5d01e54c3d5774ecb4c90f0076bda5dc400abacba"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
rev = 6
@@ -78051,7 +78051,7 @@ rule FIREEYE_RT_APT_Loader_Win_PGF_1 : FILE
hash = "013c7708f1343d684e3571453261b586"
logic_hash = "9dede268d33a38e980026917bd01bc47a72bfe60ba4a999c91eb727a2f377462"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
rev = 6
@@ -78747,7 +78747,7 @@ rule FIREEYE_RT_APT_Hacktool_MSIL_SHARPSTOMP_1 : FILE
* YARA Rule Set
* Repository Name: GCTI
* Repository: https://github.com/chronicle/GCTI
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb
* Number of Rules: 90
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -81964,7 +81964,7 @@ rule GCTI_Cobaltstrike_Resources__Template_Vbs_V3_3_To_V4_X
* YARA Rule Set
* Repository Name: Malpedia
* Repository: https://github.com/malpedia/signator-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 173f2e2012643b57ff6521a58ba6dd57331de3c6
* Number of Rules: 1603
* Skipped: 0 (age), 17 (quality), 0 (score), 0 (importance)
@@ -83918,8 +83918,8 @@ rule MALPEDIA_Win_Squidloader_Auto : FILE
source_url = "https://github.com/malpedia/signator-rules//blob/173f2e2012643b57ff6521a58ba6dd57331de3c6/rules/win.squidloader_auto.yar#L1-L127"
license_url = "N/A"
logic_hash = "a855ddb0a2fda3c6498fbc6ae734c571ea8f3a4a311f9d9ebae8f8d336ad0dd5"
- score = 75
- quality = 75
+ score = 60
+ quality = 55
tags = "FILE"
version = "1"
tool = "yara-signator v0.6.0"
@@ -148292,10 +148292,10 @@ rule MALPEDIA_Win_Dnwipe_Auto : FILE
* YARA Rule Set
* Repository Name: Trellix ARC
* Repository: https://github.com/advanced-threat-research/Yara-Rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 1919562a59f190bda60c982424f6a24c542ee3e0
- * Number of Rules: 163
- * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 164
+ * Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
*
*
* LICENSE
@@ -148768,6 +148768,36 @@ rule TRELLIX_ARC_Backdoor_Kankan_Pdb : BACKDOOR FILE
condition:
uint16( 0 ) == 0x5a4d and filesize < 500KB and any of them
}
+rule TRELLIX_ARC_Vbs_Mykins_Botnet : BOTNET FILE
+{
+ meta:
+ description = "Rule to detect the VBS files used in Mykins botnet"
+ author = "Marc Rivero | McAfee ATR Team"
+ id = "de0e5284-41c2-5baf-99f5-23ef27d6ed91"
+ date = "2018-01-24"
+ modified = "2020-08-14"
+ reference = "https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/"
+ source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/1919562a59f190bda60c982424f6a24c542ee3e0/malware/MALW_vbs_mykins_botnet.yar#L1-L29"
+ license_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/1919562a59f190bda60c982424f6a24c542ee3e0/LICENSE"
+ logic_hash = "ee48a2961e40c6be96b007794f585547ef337a46ca003152f15470069e2d2580"
+ score = 60
+ quality = 40
+ tags = "BOTNET, FILE"
+ rule_version = "v1"
+ malware_type = "botnet"
+ malware_family = "Botnet:W32/MyKins"
+ actor_type = "Cybercrime"
+ actor_group = "Unknown"
+
+ strings:
+ $s1 = "fso.DeleteFile(WScript.ScriptFullName)" fullword ascii
+ $s2 = "Set ws = CreateObject(\"Wscript.Shell\")" fullword ascii
+ $s3 = "Set fso = CreateObject(\"Scripting.Filesystemobject\")" fullword ascii
+ $r = /Windows\\ime|web|inf|\\c[0-9].bat/
+
+ condition:
+ uint16( 0 ) == 0x6553 and filesize < 1KB and any of ( $s* ) and $r
+}
rule TRELLIX_ARC_Msworldexploit_Builder_Doc : MALDOC FILE
{
meta:
@@ -154186,7 +154216,7 @@ rule TRELLIX_ARC_Backdoorfckg : CTB_LOCKER_RANSOMWARE RANSOMWARE
* YARA Rule Set
* Repository Name: Arkbird SOLG
* Repository: https://github.com/StrangerealIntel/DailyIOC
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7
* Number of Rules: 215
* Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -161295,7 +161325,7 @@ rule ARKBIRD_SOLG_APT_Chisel_Hafnium_Feb_2021_1 : FILE
* YARA Rule Set
* Repository Name: Telekom Security
* Repository: https://github.com/telekom-security/malware_analysis/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c
* Number of Rules: 12
* Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
@@ -161663,7 +161693,7 @@ rule TELEKOM_SECURITY_Win_Systembc_20220311 : FILE
* YARA Rule Set
* Repository Name: Volexity
* Repository: https://github.com/volexity/threat-intel
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 92353b1ccc638f5ed0e7db43a26cb40fad7f03df
* Number of Rules: 86
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -162767,7 +162797,7 @@ rule VOLEXITY_Apt_Webshell_Aspx_Glasstoken : UTA0178 FILE MEMORY
license_url = "https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/LICENSE.txt"
logic_hash = "6b8183ac1e87a86c58760db51f767ed278cc0c838ed89e7435af7d0373e58b26"
score = 75
- quality = 30
+ quality = 55
tags = "UTA0178, FILE, MEMORY"
hash1 = "26cbb54b1feb75fe008e36285334d747428f80aacdb57badf294e597f3e9430d"
os = "win"
@@ -163057,7 +163087,7 @@ rule VOLEXITY_Webshell_Jsp_Godzilla : FILE MEMORY
license_url = "https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/LICENSE.txt"
logic_hash = "52cba9545f662da18ca6e07340d7a9be637b89e7ed702dd58cac545c702a00e3"
score = 75
- quality = 55
+ quality = 80
tags = "FILE, MEMORY"
hash1 = "2786d2dc738529a34ecde10ffeda69b7f40762bf13e7771451f13a24ab7fc5fe"
os = "win,linux"
@@ -163626,7 +163656,7 @@ rule VOLEXITY_Apt_Malware_Rb_Rokrat_Loader : INKYPINE FILE MEMORY
license_url = "https://github.com/volexity/threat-intel/blob/92353b1ccc638f5ed0e7db43a26cb40fad7f03df/LICENSE.txt"
logic_hash = "30ae14fd55a3ab60e791064f69377f3b9de9b871adfd055f435df657f89f8007"
score = 75
- quality = 55
+ quality = 80
tags = "INKYPINE, FILE, MEMORY"
hash1 = "5bc52f6c1c0d0131cee30b4f192ce738ad70bcb56e84180f464a5125d1a784b2"
os = "win"
@@ -164846,7 +164876,7 @@ rule VOLEXITY_Apt_Win_Powerstar : CHARMINGKITTEN
* YARA Rule Set
* Repository Name: JPCERTCC
* Repository: https://github.com/JPCERTCC/MalConfScan/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e
* Number of Rules: 30
* Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -165690,7 +165720,7 @@ rule JPCERTCC_Elf_Wellmess : FILE
* YARA Rule Set
* Repository Name: SecuInfra
* Repository: https://github.com/SIFalcon/Detection
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd
* Number of Rules: 45
* Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -165951,7 +165981,7 @@ rule SECUINFRA_HUNT_RTF_CVE_2023_21716_Mar23 : CVE_2023_21716
license_url = "N/A"
logic_hash = "456008db725b8348f9f3851bb9aae9990e7613e1b9056846b121605c3e080297"
score = 50
- quality = 45
+ quality = 70
tags = "CVE-2023-21716"
tlp = "CLEAR"
@@ -166983,7 +167013,7 @@ rule SECUINFRA_SUSP_LNK_Staging_Directory : FILE
* YARA Rule Set
* Repository Name: RussianPanda
* Repository: https://github.com/RussianPanda95/Yara-Rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: c233cb061a63cf2ae99ce0f880be6b0e9810e0dd
* Number of Rules: 101
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -168492,7 +168522,7 @@ rule RUSSIANPANDA_Smartapesg_JS_Dropper_Stage1 : FILE
hash = "8769d9ebcf14b24a657532cd96f9520f54aa0e799399d840285311dfebe3fb15"
logic_hash = "de7e4ec30c780699b46de7baf2a916fdb7331da2ee7c2d637422ea664cd03b82"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -169621,7 +169651,7 @@ rule RUSSIANPANDA_Purecrypter : FILE
* YARA Rule Set
* Repository Name: CadoSecurity
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 8
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -169870,7 +169900,7 @@ rule CADOSECURITY_Lambda_Malware : FILE
* YARA Rule Set
* Repository Name: Check Point
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 4
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -170084,7 +170114,7 @@ rule CHECK_POINT_Injector_ZZ_Dotrunpex_Oldnew : FILE
* YARA Rule Set
* Repository Name: BlackBerry
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 22
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -170132,7 +170162,7 @@ rule BLACKBERRY_Mal_Infostealer_MSI_EXE_Jupyter_Certificate : FILE
license_url = "N/A"
logic_hash = "5524f227e4c0090b923d7966223806dd384458178083b752ebd9e0981b3fba52"
score = 75
- quality = 58
+ quality = 83
tags = "FILE"
license = "This Yara rule is provided under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0) and open to any user or organization, as long as you use it under this license and ensure originator credit in any derivative to The BlackBerry Research & Intelligence Team"
@@ -170292,7 +170322,7 @@ rule BLACKBERRY_Mal_Infostealer_MSI_Jupyter_Embedded_Powershell : FILE
license_url = "N/A"
logic_hash = "7528342e5aea1c35b59a458695c0e363c6d6c6e1c2df38614ff185c74085ac89"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
license = "This Yara rule is provided under the Apache License 2.0 (https://www.apache.org/licenses/LICENSE-2.0) and open to any user or organization, as long as you use it under this license and ensure originator credit in any derivative to The BlackBerry Research & Intelligence Team"
@@ -170768,7 +170798,7 @@ rule BLACKBERRY_Windealer_Library : FILE
* YARA Rule Set
* Repository Name: Cluster25
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 9
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -171066,7 +171096,7 @@ rule CLUSTER25_Ghostwriter_Microloader_72632_00001 : FILE
* YARA Rule Set
* Repository Name: Dragon Threat Labs
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 7
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -171257,7 +171287,7 @@ rule DRAGON_THREAT_LABS_Apt_Win_Mocelpa
* YARA Rule Set
* Repository Name: Microsoft
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 21
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -171810,7 +171840,7 @@ rule MICROSOFT_Trojan_Win32_Plakpeer : PLATINUM
hash = "2155c20483528377b5e3fde004bb604198463d29"
logic_hash = "cc34ce9f12c95133872783090efd5813d3e2f44a1c726d29b2ba834509c9a1d5"
score = 75
- quality = 55
+ quality = 80
tags = "PLATINUM"
unpacked_sample_sha1 = "dc991ef598825daabd9e70bac92c79154363bab2"
activity_group = "Platinum"
@@ -171860,7 +171890,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE
* YARA Rule Set
* Repository Name: NCSC
* Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
* Number of Rules: 17
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -172330,7 +172360,7 @@ rule NCSC_Sparrowdoor_Sleep_Routine
* YARA Rule Set
* Repository Name: Dr4k0nia
* Repository: https://github.com/dr4k0nia/yara-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8
* Number of Rules: 5
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -172508,7 +172538,7 @@ rule DR4K0NIA_MAL_MSIL_NET_Typhonlogger_Jul23 : FILE
* YARA Rule Set
* Repository Name: EmbeeResearch
* Repository: https://github.com/embee-research/Yara-detection-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4
* Number of Rules: 39
* Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance)
@@ -173589,7 +173619,7 @@ rule EMBEERESEARCH_Win_Havoc_Djb2_Hashing_Routine_Oct_2022 : FILE
* YARA Rule Set
* Repository Name: AvastTI
* Repository: https://github.com/avast/ioc
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: e6f6b28835e1748dd1aa0ae7a775a79a8e8ba97e
* Number of Rules: 33
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -174452,7 +174482,7 @@ rule AVASTTI_Cobaltstrike_Beacon_Xored_X64
* YARA Rule Set
* Repository Name: SBousseaden
* Repository: https://github.com/sbousseaden/YaraHunts/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb
* Number of Rules: 37
* Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -175558,7 +175588,7 @@ rule SBOUSSEADEN_Hunt_Susp_Vhd : FILE
* YARA Rule Set
* Repository Name: Elceef
* Repository: https://github.com/elceef/yara-rulz
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 791721372091836f5bf477d7f21114f45a310052
* Number of Rules: 19
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -175765,7 +175795,7 @@ rule ELCEEF_Obfuscated_IP_Address_In_URL
license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
logic_hash = "ab2a2a3a56e6eed9f4a3a8f994c89a167f00b86ce442820c81d8ee673b0ab85c"
score = 75
- quality = 40
+ quality = 65
tags = ""
strings:
@@ -176033,7 +176063,7 @@ rule ELCEEF_OLE2_Autoopen_Reversed_Payload : FILE
license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
logic_hash = "425750e77d31ddc356f803ee6e2f192f93f64534a9633fef02da5caaa60dbcaf"
score = 65
- quality = 42
+ quality = 67
tags = "FILE"
strings:
@@ -176090,7 +176120,7 @@ rule ELCEEF_Outlook_CVE_2023_23397_Exploit : FILE
license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
logic_hash = "695721ec276415c6a6a0f4ce6378ff2d11c15d28271f587966bc3d9d8c06f63a"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
hash1 = "52dbaf64ce1a5cd1db9a9d385f8204e5f665ca53a3d904033bf1a10369490646"
hash2 = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
@@ -176112,7 +176142,7 @@ rule ELCEEF_Outlook_CVE_2023_23397_Exploit : FILE
* YARA Rule Set
* Repository Name: GodModeRules
* Repository: https://github.com/Neo23x0/god-mode-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 436dc682164cf17a123d6b09d1424e7e2acf0c25
* Number of Rules: 1
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -176336,7 +176366,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule
license_url = "https://github.com/Neo23x0/god-mode-rules//blob/436dc682164cf17a123d6b09d1424e7e2acf0c25/LICENSE"
logic_hash = "f2996ad7090a79c470e64c9e0ac43c2ba3fc1bf18e39686ecda9dc5b89744d7e"
score = 60
- quality = 21
+ quality = 26
tags = ""
importance = 60
@@ -176383,7 +176413,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule
* YARA Rule Set
* Repository Name: Cod3nym
* Repository: https://github.com/cod3nym/detection-rules/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 86a04c4594cb48895192aad4af164f21f568c136
* Number of Rules: 13
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -176840,7 +176870,7 @@ rule COD3NYM_MAL_NET_Niximports_Loader_Jan24 : FILE
* YARA Rule Set
* Repository Name: craiu
* Repository: https://github.com/craiu/yararules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 23cf0ca22021fa3684e180a18416b9ae1b695243
* Number of Rules: 13
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -178005,10 +178035,10 @@ rule CRAIU_Crime_Noabot : FILE
* YARA Rule Set
* Repository Name: DitekSHen
* Repository: https://github.com/ditekshen/detection
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: e76c93dcdedff04076380ffc60ea54e45b313635
- * Number of Rules: 1438
- * Skipped: 0 (age), 115 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 1442
+ * Skipped: 0 (age), 111 (quality), 0 (score), 0 (importance)
*
*
* LICENSE
@@ -178240,7 +178270,7 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "8806d8c03adb4ea4cd9b806f8f8c21e561b39b5602c70d09ed193e35e1502d35"
score = 40
- quality = 20
+ quality = 45
tags = "FILE"
importance = 20
@@ -178481,6 +178511,35 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE
condition:
1 of ( $enc* ) and 4 of ( $s* ) and filesize < 2500KB
}
+rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_Hex_B64Encoded_EXE : FILE
+{
+ meta:
+ description = "Detects JavaScript files hex and base64 encoded executables"
+ author = "ditekSHen"
+ id = "37516c6b-0a77-5a20-a36f-5f8309b37362"
+ date = "2020-11-06"
+ modified = "2024-06-08"
+ reference = "https://github.com/ditekshen/detection"
+ source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_suspicious.yar#L726-L740"
+ license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+ logic_hash = "60185e6ec96875085ffb7a6bf6eb8643368bbce42b89290ab987eb32c1e153bd"
+ score = 40
+ quality = 20
+ tags = "FILE"
+ importance = 20
+
+ strings:
+ $s1 = ".SaveToFile" ascii
+ $s2 = ".Run" ascii
+ $s3 = "ActiveXObject" ascii
+ $s4 = "fromCharCode" ascii
+ $s5 = "\\x66\\x72\\x6F\\x6D\\x43\\x68\\x61\\x72\\x43\\x6F\\x64\\x65" ascii
+ $binary = "\\x54\\x56\\x71\\x51\\x41\\x41" ascii
+ $pattern = /[\s\{\(\[=]_0x[0-9a-z]{3,6}/ ascii
+
+ condition:
+ $binary and $pattern and 2 of ( $s* ) and filesize < 2500KB
+}
rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE
{
meta:
@@ -178779,7 +178838,7 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "04cbb1abc4c3d2990bae798ece052eb8aa1b5104b5712e98aeb80731316b9c57"
score = 40
- quality = 20
+ quality = 45
tags = ""
importance = 20
@@ -181693,7 +181752,7 @@ rule DITEKSHEN_INDICATOR_TOOL_LTM_Sharpexec : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "17ae5c9f0b22e8ecbbbcbe052e466d00cb7b62cff423688b5138209c52f0698d"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -181807,7 +181866,7 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Eternalblue : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "63e56637118accb8c32c20e52465c027df2dbf83b3b663d316b453ce879572c8"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -182848,7 +182907,7 @@ rule DITEKSHEN_INDICATOR_TOOL_ANT_Sharpedrchecker : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "77a26ff5298dddebc669d9b6c39905a48a86884cf98adebdf935b94c62d36ddc"
score = 75
- quality = 23
+ quality = 48
tags = "FILE"
strings:
@@ -183249,7 +183308,7 @@ rule DITEKSHEN_INDICATOR_TOOL_ENUM_Sharpshares : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "8b35d6a692814e1b27ffc1db4ab124bf621c156aaf57f24796c422ec95a85715"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -183418,7 +183477,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Extpassword : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "525530cb7e9f44be0408fd710306f90056b1b6b9a9e4779d8c1eb1ddef443fb0"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -183505,7 +183564,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Atlasreaper : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "4a0436d5c3f1609d23b2b919bebdc56a7fd63e81b99e72dcda1022487cb88240"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -184080,7 +184139,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpghosttask : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "3de8d9fe7804e208ff556b6bedbd80eebfda1a730626403418a555ad9fbbb820"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -198427,7 +198486,7 @@ rule DITEKSHEN_INDICATOR_RMM_Connectwise_Screenconnect : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "43003f97c33c631a2806ce2b82b2367d2452ceb21b0267b5dfe78b350b66924a"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav1 = "INDICATOR.Win.RMM.ConnectWise-ScreenConnect"
@@ -198956,7 +199015,7 @@ rule DITEKSHEN_INDICATOR_RMM_Dwagentsvc : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "590d41d2e433a7a1bb373fbd0b0d47818a9867bee0399101881b05e83b586f6e"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav1 = "INDICATOR.Win.RMM.DWAgent-SVC"
@@ -199018,7 +199077,7 @@ rule DITEKSHEN_INDICATOR_RMM_Dwagent_Soundcapture : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c0efa9f383373dec1c5b9d127c2b4c6f4906718ae8f62eea28d7a369001be5af"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav1 = "INDICATOR.Win.RMM.DWAgent-SoundCapture"
@@ -200835,7 +200894,7 @@ rule DITEKSHEN_MALWARE_Win_Obliquerat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "0b8bbf031364b828a972c52e1a8985ff65601ca7413e6e7ae3a5be981f086b9e"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -201083,7 +201142,7 @@ rule DITEKSHEN_MALWARE_Linux_Hiddenwasp : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "a2aad022de41ba2633fc92a7dc5a5fa2efde9da2211cfc01fb2999e33365d6c9"
score = 75
- quality = 46
+ quality = 71
tags = "FILE"
clamav_sig1 = "MALWARE_Linux.Trojan.HiddenWasp-ELF"
clamav_sig2 = "MALWARE_Linux.Trojan.HiddenWasp-Script"
@@ -201483,7 +201542,7 @@ rule DITEKSHEN_MALWARE_Win_Robbinhood : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "f1c4226ed5cb1583418d5ef0efc2c2b5bc3cfe7f148f359c5d432fd660331a46"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav_sig = "MALWARE.Win.Ransomware.Robbinhood"
@@ -202061,7 +202120,7 @@ rule DITEKSHEN_MALWARE_DOC_Koadicdoc : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "9f0538e1faee737a08d403a7f321ce45bdc70b390accfe378ba0d26292509fd7"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -202089,7 +202148,7 @@ rule DITEKSHEN_MALWARE_BAT_Koadicbat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "1ee6c0189a5111c61af1dbe571524427bff95a7e3907f97ce51d272a8f701cf5"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -202147,7 +202206,7 @@ rule DITEKSHEN_MALWARE_Win_NETEAGLE : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "148de0ca332d3885d94eae8d15eb4aaa2bc4950c691c0e8817c816b7d4c55510"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -202240,7 +202299,7 @@ rule DITEKSHEN_MALWARE_Win_Pillowmint : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "ed2597fce1c56d2e110790e0eb89834b1bb9f6f52d39105157c9ffe2ede6cc7a"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -202582,7 +202641,7 @@ rule DITEKSHEN_MALWARE_Win_Taurus : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "6039c27e69b47dfcc1327c34306627d2d9bd57f6bd365bb80b47ad21f892ae8a"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -202661,7 +202720,7 @@ rule DITEKSHEN_MALWARE_Win_Slothfulmedia : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "6f742e8d9d555b44daaa09835f599c99e16cd39bb106c8f43fbbca7093de462e"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -202771,7 +202830,7 @@ rule DITEKSHEN_MALWARE_Win_Osno : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "3df59c306017001467a5f237db2ab37d97c34116558e18420a6a1f01f08f520f"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -202942,7 +203001,7 @@ rule DITEKSHEN_MALWARE_Win_Cryptbot : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "6322b8b1ad210fac4475c194e060046538d4174f69a7c0e3618646d262cd33bd"
score = 75
- quality = 44
+ quality = 69
tags = "FILE"
snort2_sid = "920110"
snort3_sid = "920108"
@@ -203112,7 +203171,7 @@ rule DITEKSHEN_MALWARE_Win_Cobaltstrike : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "43513aef0ed715f0c214d7a14e465350f9c1bcadf87535e1c12561e976398bb3"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -203635,7 +203694,7 @@ rule DITEKSHEN_MALWARE_Win_Snakekeylogger : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "7d787026b290c3c6a43c7de83233f22980733e7401260ff2f763e6f1b534ecba"
score = 75
- quality = 42
+ quality = 67
tags = "FILE"
clamav_sig = "MALWARE.Win.Trojan.SnakeKeylogger"
@@ -204819,7 +204878,7 @@ rule DITEKSHEN_MALWARE_Osx_Genieo : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "951dc8539435a52d9eea00b3fdaf98cf618c03867066819f2f9244165e57c675"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav_sig = "MALWARE.Osx.Trojan.Genieo"
@@ -205365,7 +205424,7 @@ rule DITEKSHEN_MALWARE_Win_Bobik : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "735dcb9e04956863305ca89a43686b8e48e3b20784ae9292cfc40d1c2c09d467"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav_sig = "MALWARE.Win.Trojan.Bobik"
@@ -205617,7 +205676,7 @@ rule DITEKSHEN_MALWARE_Win_Babuk : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "5ca5c5106747cf8f4ccd5df4ddbc78321fea3c8f533cb807a704d270eb956007"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -206178,6 +206237,45 @@ rule DITEKSHEN_MALWARE_Win_WSHRATJS : FILE
condition:
filesize < 400KB and ( $charset_full or ( $charset_begin and $charset_end ) ) and 2 of ( $wsc_object* ) and 3 of ( $s* )
}
+rule DITEKSHEN_MALWARE_Win_Asyncrat : FILE
+{
+ meta:
+ description = "Detects AsyncRAT"
+ author = "ditekSHen"
+ id = "6465b50d-8f1a-5c09-84fd-cd1e5994e68f"
+ date = "2020-11-06"
+ modified = "2024-11-01"
+ reference = "https://github.com/ditekshen/detection"
+ source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L4047-L4074"
+ license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+ logic_hash = "073d4a8667fb1a48bf2bd503a551d7f78e38a6066feedc646d92c27fb7201fca"
+ score = 60
+ quality = 35
+ tags = "FILE"
+
+ strings:
+ $x1 = "AsyncRAT" fullword ascii
+ $x2 = "AsyncRAT 0." wide
+ $x3 = /AsyncRAT\s[0-9]\.[0-9]\.[0-9][A-Z]/ fullword wide
+ $s1 = "/create /sc onlogon /rl highest /tn" fullword wide
+ $s2 = "/C choice /C Y /N /D Y /T 1 & Del \"" fullword wide
+ $s3 = "{{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }}" fullword wide
+ $s4 = "Stub.exe" fullword ascii wide
+ $s5 = "\\nuR\\noisreVtnerruC\\swodniW\\tfosorciM\\erawtfoS\\UCKH" ascii wide
+ $s6 = "VirtualBox" fullword ascii wide
+ $s7 = "/target:winexe /platform:x86 /optimize+" fullword ascii wide
+ $s8 = "Win32_ComputerSystem" ascii wide
+ $s9 = "Win32_Process Where ParentProcessID=" ascii wide
+ $s10 = "etirWgeR.llehShsW" ascii wide
+ $s11 = "usbSpread" fullword ascii wide
+ $cnc1 = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0" fullword ascii wide
+ $cnc2 = "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" fullword ascii wide
+ $cnc3 = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" fullword ascii wide
+ $cnc4 = "POST / HTTP/1.1" fullword ascii wide
+
+ condition:
+ (( uint16( 0 ) == 0x5a4d and filesize < 4000KB ) and ( 1 of ( $x* ) or 6 of ( $s* ) or all of ( $cnc* ) or ( 4 of ( $s* ) and 2 of ( $cnc* ) ) ) ) or ( 1 of ( $x* ) or 6 of ( $s* ) or all of ( $cnc* ) or ( 4 of ( $s* ) and 2 of ( $cnc* ) ) )
+}
rule DITEKSHEN_MALWARE_Win_Quilclipper
{
meta:
@@ -206326,7 +206424,7 @@ rule DITEKSHEN_MALWARE_Win_Corebot : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "518209458fc8912d47b0b99896178fda823c3174c37f21d5e9331349a69322d7"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
snort_sid = "920211-920212"
@@ -206473,7 +206571,7 @@ rule DITEKSHEN_MALWARE_Win_Arechclient2 : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "0d841f4d4664fb09801c51f7b65e897e4e698753ad67fc20e2b81d98c0b3d07d"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -207079,8 +207177,8 @@ rule DITEKSHEN_MALWARE_Win_EXEPWSH_Dlagent : FILE
source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L4668-L4687"
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "6380359db1ac775cea3ebb93f7cf22a92d2f2e634c6aa724e2814c10d4ed42f5"
- score = 75
- quality = 50
+ score = 60
+ quality = 55
tags = "FILE"
strings:
@@ -207447,7 +207545,7 @@ rule DITEKSHEN_MALWARE_Win_Maktub : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "5c11d04fc3088eb8a0132b9ed83748ddb7e1bbe9d03b9e884d4003181cbb6d69"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -207581,7 +207679,7 @@ rule DITEKSHEN_MALWARE_Win_Dlagent08 : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "0238c13b00e5778ef216b4e8576c321803da6e269c96c3051b9cc45a3ac6e567"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
snort2_sid = "920122"
snort3_sid = "920119"
@@ -207963,7 +208061,7 @@ rule DITEKSHEN_MALWARE_Win_Njrat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "92d535a7c7f361b7a0901d0b99427ebc82a69577bfea73c04a7f9d51d2054b36"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -208118,7 +208216,7 @@ rule DITEKSHEN_MALWARE_Win_Karkoff : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "e9b6ba5be2b3cd0faa898347e57cee5a57b80b19842c3a1ddb42d620307c8b39"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -208301,7 +208399,7 @@ rule DITEKSHEN_MALWARE_Win_Ranumbot : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "a9c32445e62d072e4184d25497696ef6225edb176dc7a9743a54194d4ddb4b0c"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -208910,7 +209008,7 @@ rule DITEKSHEN_MALWARE_Win_Buterat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c3d93e8dc1bde8e77c11586c8d8b67d137ef2c4791e12269f1af310fbe14832b"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -209028,7 +209126,7 @@ rule DITEKSHEN_MALWARE_Win_Browsergrabber : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c96a63566280758d8c32542bfab3c6faa7d21329430345f51ea4c2f0a6809dc2"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -209410,7 +209508,7 @@ rule DITEKSHEN_MALWARE_Win_Wingo : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "423b1631ad625fd46a9d10f0ecdf24931cf62a2c1694da3ebdd38daad0a4f724"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -209524,7 +209622,7 @@ rule DITEKSHEN_MALWARE_Win_Gelsevirine : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "60d41d6d789f1cd2a7040d6535f13c69ea58a489035838f047b886e8f1f37f63"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -209732,7 +209830,7 @@ rule DITEKSHEN_MALWARE_Win_Markirat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "17b8bcfe8d2b4c87ff8e0bddb436e18029a3b28a5ad3994fe9bef359588d9cad"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -209805,7 +209903,7 @@ rule DITEKSHEN_MALWARE_Win_Xfiles : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "0c04a8f019aea36f4bba3ce8289c2d608c69d76bbf321052560b4ca2214be057"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -210017,7 +210115,7 @@ rule DITEKSHEN_MALWARE_Win_Mercurial : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "400f8f717a4e07bf4de508c02bbcd9e82bf21f3df84c989fc622378f33e192f0"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -210202,7 +210300,7 @@ rule DITEKSHEN_MALWARE_Win_RSJON : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "abfea2955bf0d0b0511ea820582cc15fbcfc38dbed71fb2a0050cd98a9311cda"
score = 75
- quality = 23
+ quality = 48
tags = "FILE"
strings:
@@ -210534,7 +210632,7 @@ rule DITEKSHEN_MALWARE_Win_Actionrat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "1552cda3f02c08582e3dd97df98416635a25005081627097df181bfc6aac4665"
score = 75
- quality = 46
+ quality = 71
tags = "FILE"
strings:
@@ -211191,7 +211289,7 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "a07535fc53912ddde6a0bed187c21ecdb2701d317d7de0cbdd2db37071bc9a21"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -211218,6 +211316,49 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
condition:
uint16( 0 ) == 0x5a4d and ( 4 of ( $x* ) or ( $go and 4 of ( $s* ) ) or ( 1 of ( $mac* ) and ( 2 of ( $x* ) or 3 of ( $s* ) ) ) )
}
+rule DITEKSHEN_MALWARE_Win_Chaos : FILE
+{
+ meta:
+ description = "Detects Chaos ransomware"
+ author = "ditekSHen"
+ id = "59d43cfb-72d8-5c17-87bf-f1f364d23bed"
+ date = "2020-11-06"
+ modified = "2024-11-01"
+ reference = "https://github.com/ditekshen/detection"
+ source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7404-L7433"
+ license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+ logic_hash = "6203ab09745db817b9e909d70cf1d5be9769c414461ee5f7bb344b6959986537"
+ score = 75
+ quality = 44
+ tags = "FILE"
+
+ strings:
+ $s1 = "" fullword wide
+ $s2 = "" fullword wide
+ $s3 = "C:\\Users\\" fullword wide
+ $s4 = "read_it.txt" fullword wide
+ $s5 = "#base64Image" fullword wide
+ $s6 = "(?:[13]{1}[a-km-zA-HJ-NP-Z1-9]{26,33}|bc1[a-z0-9]{39,59})" fullword wide
+ $s7 = /check(Spread|Sleep|AdminPrivilage|deleteShadowCopies|disableRecoveryMode|deleteBackupCatalog)/ fullword ascii nocase
+ $s8 = /(delete|disable)(ShadowCopies|RecoveryMode|BackupCatalog)/ fullword ascii nocase
+ $s9 = "spreadName" fullword ascii
+ $s10 = "processName" fullword ascii
+ $s11 = "sleepOutOfTempFolder" fullword ascii
+ $s12 = "AlreadyRunning" fullword ascii
+ $s13 = "random_bytes" fullword ascii
+ $s14 = "encryptDirectory" fullword ascii nocase
+ $s15 = "EncryptFile" fullword ascii nocase
+ $s16 = "intpreclp" fullword ascii
+ $s17 = "bytesToBeEncrypted" fullword ascii
+ $s18 = "textToEncrypt" fullword ascii
+ $m1 = "Chaos is" wide
+ $m2 = "Payment informationAmount:" wide
+ $m3 = "Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com" wide
+ $m4 = "where do I get Bitcoin" wide
+
+ condition:
+ uint16( 0 ) == 0x5a4d and 6 of ( $s* ) or all of ( $m* ) or ( 2 of ( $m* ) and 4 of ( $s* ) )
+}
rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
{
meta:
@@ -211231,7 +211372,7 @@ rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c0f499e3a17923b391ed6b7fa723525a9d4aef0ce04a2c7abec60d5eda15888f"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -211720,7 +211861,7 @@ rule DITEKSHEN_MALWARE_Win_Darkcomet : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "444df3c914c47500018614af10036864b459e7873daf079b684352dbe52f0486"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -212876,7 +213017,7 @@ rule DITEKSHEN_MALWARE_Win_Rapid : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c3f1bffeb402951da8bcccc899b2cdeb3c218b342d8338c750b9ff275537b4b5"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -212943,7 +213084,7 @@ rule DITEKSHEN_MALWARE_Win_Virlock : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "8d516a0d771d7134c0f917f010b3973ed53b4ee7e4a2cf0bb5daecf9867b0081"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -213044,7 +213185,7 @@ rule DITEKSHEN_MALWARE_Win_Kdcsponge : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c891db94df9cde9eaa6096ad68d96c7b85a9c03e255ce43ccb8543a016bd3853"
score = 75
- quality = 40
+ quality = 65
tags = "FILE"
hash1 = "e391c2d3e8e4860e061f69b894cf2b1ba578a3e91de610410e7e9fa87c07304c"
@@ -213289,7 +213430,7 @@ rule DITEKSHEN_MALWARE_Win_Onlylogger : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "1b39a4d2a6d3a2633cfa98adc1dfe99d10d2493fd06c9f875c56ec7689b7a561"
score = 75
- quality = 50
+ quality = 25
tags = "FILE"
strings:
@@ -213518,7 +213659,7 @@ rule DITEKSHEN_MALWARE_Win_Chebka : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "cc8123a5d20fac51d4dfc225e743539456efb4d649060d078c3ed93e7724da01"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -213553,7 +213694,7 @@ rule DITEKSHEN_MALWARE_Win_Flagpro : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c5e5944426b7be690ad62dd0d98a8fc6f8135cab0dbdd8a5aaf1670491eda59d"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -213639,7 +213780,7 @@ rule DITEKSHEN_MALWARE_Win_Garrantdecrypt : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "84b139e51f0ef0389c641d62409d702b0ae7ec6ecd2fa54baf2cf0c0078a8f5a"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -213667,7 +213808,7 @@ rule DITEKSHEN_MALWARE_Win_Locked : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "b838b996946fb268c66bac68d5e326ff3049340dfb08f2e0a77492df49915d5a"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -213774,7 +213915,7 @@ rule DITEKSHEN_MALWARE_Win_Lokilocker : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "bf78f5e8f40c1a19f6b078a85854e95d5ef1f321393a831edda17b0d65515da7"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -213920,7 +214061,7 @@ rule DITEKSHEN_MALWARE_Win_Blackcat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "cd76e5b87f33d91c17fd032417583c3f68d0e310aaf6f08e26ec5d53844ed9d2"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -213941,6 +214082,38 @@ rule DITEKSHEN_MALWARE_Win_Blackcat : FILE
condition:
( uint16( 0 ) == 0x5a4d or uint16( 0 ) == 0x457f ) and ( all of ( $x* ) or 5 of ( $s* ) or ( 1 of ( $x* ) and 3 of ( $s* ) ) )
}
+rule DITEKSHEN_MALWARE_Win_Koxic : FILE
+{
+ meta:
+ description = "Detects Koxic ransomware"
+ author = "ditekSHen"
+ id = "6a82bf44-b155-5746-b798-20a13623a14a"
+ date = "2020-11-06"
+ modified = "2024-11-01"
+ reference = "https://github.com/ditekshen/detection"
+ source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L9291-L9309"
+ license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+ logic_hash = "d874c8ebf330814e52d159cbf71f8bc05ebeb4a9fb93d96c3f861b51e57925a3"
+ score = 75
+ quality = 25
+ tags = "FILE"
+
+ strings:
+ $c1 = " INFO: >> %TEMP%\\" ascii wide
+ $c2 = "cmd /c \"wmic" ascii wide
+ $c3 = "cmd /c \"echo" ascii wide
+ $c4 = "cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q \"%s\"" fullword wide
+ $c5 = /sc config.{1,30}start=disabled/ fullword ascii wide
+ $s1 = "Container: %s" fullword wide
+ $s2 = "Shotcut dir : %s" fullword wide
+ $s3 = "\\Microsoft\\Windows\\Network Shortcuts\\" fullword wide
+ $s4 = "Thread %d started." fullword ascii
+ $s5 = "ADD our TOXID:" wide
+ $s6 = "[Recommended] Using an email" wide
+
+ condition:
+ uint16( 0 ) == 0x5a4d and ( ( 4 of ( $s* ) and 1 of ( $c* ) ) or ( 2 of ( $s* ) and ( #c1 > 5 or #c2 > 5 or #c3 > 5 or #c5 > 5 ) ) )
+}
rule DITEKSHEN_MALWARE_Win_Timetime : FILE
{
meta:
@@ -214023,7 +214196,7 @@ rule DITEKSHEN_MALWARE_Win_Surtr : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "a8db5588079d471d8904f0444973973a0c01dbec1ccbe3d43a34d41a0dde495d"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -214084,7 +214257,7 @@ rule DITEKSHEN_MALWARE_Win_Jesterstealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "c84df5d3ad2bc7a75a11c07995cc034c2a92b2f6f6f6943288add9c44c57bf6d"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -214291,7 +214464,7 @@ rule DITEKSHEN_MALWARE_Win_Bandit : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "e557f5a928b5da90f3ec878d6d8615a2d8b5f33e97954cd3278044f76b543386"
score = 75
- quality = 32
+ quality = 57
tags = "FILE"
strings:
@@ -214341,7 +214514,7 @@ rule DITEKSHEN_MALWARE_Win_Laplas : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "e4a1f39a539782118db9c4ab89d03e359420397ef970165389cc79e7ea0952b3"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
clamav_sig1 = "MALWARE.Win.LapLas-DotNET"
clamav_sig2 = "MALWARE.Win.LapLas-GoLang"
@@ -214381,7 +214554,7 @@ rule DITEKSHEN_MALWARE_Win_Mystic : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "26e0b85141df818d70124c0b19b5b6a05ac24ae679724d7a8ad94415a6462d17"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -214496,7 +214669,7 @@ rule DITEKSHEN_MALWARE_Win_Multi_Family_Infostealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "0fdd1cdc4f2e5bee6c763e6e6b2e79d85285e44e2b5e3168a56d7d360252ee99"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -214659,7 +214832,7 @@ rule DITEKSHEN_MALWARE_Win_Lummastealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "74014c5bcc85977b90faed93b348c34e47ee033b06c2f145348ca9c54c27bda5"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
clamav1 = "MALWARE.Win.Trojan.LummaStealer"
@@ -214791,7 +214964,7 @@ rule DITEKSHEN_MALWARE_Win_Arrowrat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "13e6d4fd274f75c50aa4110276812d02885c03cfc269dde480db66955e5f703a"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -214923,7 +215096,7 @@ rule DITEKSHEN_MALWARE_Win_Stealerium : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "a2834e7fe26ad0197a9e490ab517029ceed2e09506fcc37e6ddf0c1804fa6cb9"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -215018,7 +215191,7 @@ rule DITEKSHEN_MALWARE_Win_Hakunamatata_Builder : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "ac258851de38504cf63ba51fd06f8a9a3dfbe0096d199ba702e9763b5ecc43e4"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -215331,7 +215504,7 @@ rule DITEKSHEN_MALWARE_Win_Arcrypt : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "cc9fa68d093fdf9745a06beb28e29108cb2ba846122ce097ad892213b1edba25"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -215371,7 +215544,7 @@ rule DITEKSHEN_MALWARE_Win_Rootteamstealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "d1693865253067527d58c980653d550b55d022d5a394b88090a958e5d5818143"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -215455,7 +215628,7 @@ rule DITEKSHEN_MALWARE_Win_Blitzgrabber : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "8baceacf3c2af61e00b31e8106820b6f1ce2e7a9d98eaed965e698109ae08314"
score = 75
- quality = 46
+ quality = 71
tags = "FILE"
strings:
@@ -215606,7 +215779,7 @@ rule DITEKSHEN_MALWARE_Win_Phemedronestealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "74e150cc971f5648f9e3f6146afba162b1a29cf2744c862b2320db52c2efa930"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -215641,7 +215814,7 @@ rule DITEKSHEN_MALWARE_Win_WSHRAT : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "297bfe65815637a464e2a8fc23570c6e79694ffe0467d5898b7c845f1450de95"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -215851,7 +216024,7 @@ rule DITEKSHEN_MALWRE_Win_Darkgate : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "805a04bbb3915d539e76927393384a2786c25490e8b9fc151d5b12415247578b"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -216153,7 +216326,7 @@ rule DITEKSHEN_MALWARE_Win_Qwixxrat : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "e6e44697e393da35215f7835f122cb74b05dbeebb558345d5110d6fbc809f4dd"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -216365,7 +216538,7 @@ rule DITEKSHEN_MALWARE_Win_Agnianestealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "0031fbe6d76868819cbcfc638433d60a50e8f5cfd14ff25af88ed3dffefd7d62"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
snort = "923828001"
clamav = "ditekSHen.MALWARE.Win.AgnianeStealer"
@@ -216603,7 +216776,7 @@ rule DITEKSHEN_MALWARE_Win_Risepro : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "f6f1832f316df51ca108a3c75034bd53c3823cd3d9b16da120e12e252dbf90ff"
score = 75
- quality = 46
+ quality = 71
tags = "FILE"
strings:
@@ -216769,7 +216942,7 @@ rule DITEKSHEN_MALWARE_Win_Simda : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "3f06e86033e8f9534f9904a2a63c4717a9532eb235f6f4405ef1db7d9b93f036"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -216825,7 +216998,7 @@ rule DITEKSHEN_MALWARE_Win_Umbralstealer : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "1686e4626e4d6335f028d6cb6471c32dac747a77fc95d97b4c9dfd043ba975e9"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -216956,7 +217129,7 @@ rule DITEKSHEN_MALWARE_Win_Scoutelite : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "935bd891a9b68cb6ddad86db843de624f3a7ec0824f2b4c6ff0da56422b79668"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
strings:
@@ -217298,7 +217471,7 @@ rule DITEKSHEN_MALWARE_Win_Ktlvdoor : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "3ced9b558c7e17acd015cd2c9dd0c5d024bf9c31c7f2e7c9b7b937124109cf8b"
score = 75
- quality = 48
+ quality = 73
tags = "FILE"
strings:
@@ -217460,7 +217633,7 @@ rule DITEKSHEN_MALWARE_Win_Cicada3301 : FILE
license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
logic_hash = "b8b7596bc8ae01b89742e17bd3dbfcc1e2fad486cc6ea19c8de813fc677509f4"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
clamav1 = "MALWARE.Win.Ransomware.Cicada3301"
@@ -217599,7 +217772,7 @@ rule DITEKSHEN_MALWARE_Win_Babylockerkz : FILE
* YARA Rule Set
* Repository Name: WithSecureLabs
* Repository: https://github.com/WithSecureLabs/iocs
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 303d48d900d24dbf0f1c17429bfe051eed995d29
* Number of Rules: 15
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -217676,7 +217849,7 @@ rule WITHSECURELABS_Ducktail_Artifacts : FILE
license_url = "https://github.com/WithSecureLabs/iocs/blob/303d48d900d24dbf0f1c17429bfe051eed995d29/LICENSE"
logic_hash = "1daa5e654058c802826b6a306b5bfc9d0c05c4ee54607e94e618a8d409ce74d9"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
version = "1.0"
hash1 = "3dbd9e1c3d0fd6358d4adcba04fdfc0b6e8acc49"
@@ -218029,7 +218202,7 @@ rule WITHSECURELABS_Andariel_Jelusrat_PDB : FILE
license_url = "https://github.com/WithSecureLabs/iocs/blob/303d48d900d24dbf0f1c17429bfe051eed995d29/LICENSE"
logic_hash = "a14d808ff783b7c42f3e4600386d578d63c88a0cd7c492cb1a026e0580b551f3"
score = 75
- quality = 50
+ quality = 75
tags = "FILE"
strings:
@@ -218090,7 +218263,7 @@ rule WITHSECURELABS_SILKLOADER
* YARA Rule Set
* Repository Name: HarfangLab
* Repository: https://github.com/HarfangLab/iocs
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: 278c38e11e99d35af836cb9140e0857fd9226574
* Number of Rules: 36
* Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -218594,7 +218767,7 @@ rule HARFANGLAB_Samecoin_Campaign_Tasksspreader : FILE
hash = "b447ba4370d9becef9ad084e7cdf8e1395bafde1d15e82e23ca1b9808fef13a7"
logic_hash = "61d602c343365608e5bc587ee9c7898e256f2411d78c7fe74c211e68bf4ab707"
score = 75
- quality = 53
+ quality = 78
tags = "FILE"
context = "file"
@@ -219133,7 +219306,7 @@ rule HARFANGLAB_Apt31_Rawdoor_Payload : FILE
hash = "fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b"
logic_hash = "51bd04603419d5bc77f12618df986f6b31ea8ddea553c6bc7580698fa236b3ed"
score = 75
- quality = 55
+ quality = 80
tags = "FILE"
context = "file"
@@ -219167,7 +219340,7 @@ rule HARFANGLAB_Iis_Module_Hijackserver_Native : FILE
hash = "c1ca053e3c346513bac332b5740848ed9c496895201abc734f2de131ec1b9fb2"
logic_hash = "f0539a40958b34bb8372f8a8a6ca22617626fc7806556d6353175aa5f2ec0aea"
score = 75
- quality = 55
+ quality = 80
tags = "FILE"
context = "file"
@@ -219284,7 +219457,7 @@ rule HARFANGLAB_Apache_Module_Hijackserver_Php : FILE
hash = "e107bf25abc1cff515b816a5d75530ed4d351fa889078e547d7381b475fe2850"
logic_hash = "fe503e8d30a354927c1d4e1cffa18411b4c3ac5058cd3aef8df0e7d87624fe43"
score = 75
- quality = 53
+ quality = 78
tags = "FILE"
context = "file"
@@ -219403,7 +219576,7 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE
* YARA Rule Set
* Repository Name: LOLDrivers
* Repository: https://github.com/magicsword-io/LOLDrivers/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: e6e16dd6f19280f8a7bbab50a7e2eca80d5c6b22
* Number of Rules: 569
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -237158,8 +237331,8 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_4DA0 :
* YARA Rule Set
* Repository Name: SEKOIA
* Repository: https://github.com/SEKOIA-IO/Community
- * Retrieval Date: 2026-02-01
- * Git Commit: 80f51fd7496e3df4d2e166a34f8235e76f4aa1bf
+ * Retrieval Date: 2026-02-08
+ * Git Commit: eb4a01ac59073178c241b45b6def27c8873569e3
* Number of Rules: 746
* Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
*
@@ -237194,8 +237367,8 @@ rule SEKOIA_Apt_Kimsuky_Fpspy : FILE
date = "2024-09-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_fpspy.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_fpspy.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "6d6c1b175e435f5564341cc1f2c33ddf"
hash = "54c58b72f98cb63c44e7694add551e9d"
logic_hash = "65904b77a30b2e2a25f8d80ab32742f0ad931f07c034ae576a4fbde7e1fd999c"
@@ -237224,8 +237397,8 @@ rule SEKOIA_Implant_Lin_Geacon : FILE
date = "2024-01-11"
modified = "2024-12-19"
reference = "https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_lin_geacon.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_lin_geacon.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c6fa5815bf618eb588d511f18231042944dee20c1b13096c44910d43ca552bfa"
score = 75
quality = 80
@@ -237265,8 +237438,8 @@ rule SEKOIA_Tool_Win_Forkplayground : FILE
date = "2023-02-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_forkplayground.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_forkplayground.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "23d93b7eef978f76c9aa6c0bc28a661d160b0a871fd320442b6c27bc92bc279e"
score = 75
quality = 80
@@ -237294,8 +237467,8 @@ rule SEKOIA_Trojan_Win_Bbtok_Iso_Sep23 : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://research.checkpoint.com/2023/behind-the-scenes-of-bbtok-analyzing-a-bankers-server-side-components/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_win_bbtok_iso_sep23.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_win_bbtok_iso_sep23.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "140e83d2e0d012cdd5625ea89c3b3af05a80877cfc8215bbe20823e7e88c80b1"
logic_hash = "efef1e4e50d84cd30c025c86beb751c73a996cca896f90729571f48259ffc110"
score = 75
@@ -237323,8 +237496,8 @@ rule SEKOIA_Tool_Powershell_Unicorn : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_powershell_unicorn.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_powershell_unicorn.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8be79789cf77d4f304d9fef4ad6a2d2ac7686b015fff3301fb3e369f2f06230a"
score = 75
quality = 80
@@ -237349,8 +237522,8 @@ rule SEKOIA_Rat_Win_Asbit : FILE
date = "2022-09-19"
modified = "2024-12-19"
reference = "https://blogs.juniper.net/en-us/threat-research/asbit-an-emerging-remote-desktop-trojan"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_asbit.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_asbit.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1362ebe89a4d2645eb687d92510daa355a16f05da7f5513817f8439f29722827"
score = 75
quality = 80
@@ -237375,8 +237548,8 @@ rule SEKOIA_Apt_Toneshell_Loader : FILE
date = "2024-10-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_toneshell_loader.yar#L1-L40"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_toneshell_loader.yar#L1-L40"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "41e0d172d900344a3692b88fff7527d9"
hash = "782cf7183735935f3f7aad041cec3184"
hash = "97c1f436028c58b51d4c92ee9c9ce424"
@@ -237423,8 +237596,8 @@ rule SEKOIA_Tool_Sharpsecdump : FILE
date = "2023-06-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_sharpsecdump.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_sharpsecdump.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f183069d843767daa97bc81385e5e1b3a19c556f8171f28f8806aebe7a226176"
score = 75
quality = 80
@@ -237450,8 +237623,8 @@ rule SEKOIA_Tool_Edrsandblast_Strings : FILE
date = "2024-01-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_edrsandblast_strings.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_edrsandblast_strings.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8528c4c440734ba97b98b6e0857d95f38a91eaf9120ba2eacff292c864fb86a5"
score = 75
quality = 80
@@ -237487,8 +237660,8 @@ rule SEKOIA_Rat_Win_Nighthawk : FILE
date = "2022-11-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_nighthawk.yar#L3-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_nighthawk.yar#L3-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9a0c72de5b097f74d3c44586b8355c410470992f37d9a09c5f6db36ad6286d70"
score = 75
quality = 80
@@ -237517,8 +237690,8 @@ rule SEKOIA_Ta410_Control_Flow_Obfuscation : FILE
date = "2022-10-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ta410_control_flow_obfuscation.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ta410_control_flow_obfuscation.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "6cf78943728286d0bddd99049d81065673ab7f679029cdd5f5dc69f90197136e"
logic_hash = "3ee6ee07e7a7be285290ec91de649afff3e5dc222bcfc58709b642d4dd53dc41"
score = 75
@@ -237549,8 +237722,8 @@ rule SEKOIA_Apt_Luckymouse_Rshell_Strings : FILE
date = "2022-08-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_luckymouse_rshell_strings.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_luckymouse_rshell_strings.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ffca47856d4c4d83312220cff23c0a556be0e675d59ac009c2f74fc0e39cb816"
score = 75
quality = 80
@@ -237583,8 +237756,8 @@ rule SEKOIA_Wiper_Win_Caddywiper : FILE
date = "2022-03-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/wiper_win_caddywiper.yar#L4-L37"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/wiper_win_caddywiper.yar#L4-L37"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "01a9910b42f402398bbe84546074256f56b10fe0f8524a9a9723aebe43b26a14"
score = 75
quality = 80
@@ -237612,8 +237785,8 @@ rule SEKOIA_Stealer_Win_Luca : FILE
date = "2022-07-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/stealer_win_luca.yar#L3-L49"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/stealer_win_luca.yar#L3-L49"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3694db49d84f92c70c51e4fe6f126fd56b3d7d8ed26619137fd55b0adb97865e"
score = 75
quality = 78
@@ -237664,8 +237837,8 @@ rule SEKOIA_Infostealer_Win_Blackguard_Mar23 : FILE
date = "2023-03-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_blackguard_mar23.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_blackguard_mar23.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "63d77808036478da0c8d38a6d3581ccd2d4e46ae16ec9e817f09f8b633b01843"
score = 75
quality = 80
@@ -237698,8 +237871,8 @@ rule SEKOIA_Apt_Win_Disabledefender
date = "2022-09-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_win_disabledefender.yar#L3-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_win_disabledefender.yar#L3-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3b8c8d9144d9f97ee053c7cefc30d3920940bc33efcd1d7f5c61666217ef7896"
score = 75
quality = 80
@@ -237726,8 +237899,8 @@ rule SEKOIA_Strongpity_Malware : FILE
date = "2024-02-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/strongpity_malware.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/strongpity_malware.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "14be5eccb4e754d6dad69cda51a924241cc75f5d758bc2d746acfe41e1684b3a"
score = 75
quality = 80
@@ -237752,8 +237925,8 @@ rule SEKOIA_Apt_Mustangpanda_Windows_Remoteshell : FILE
date = "2022-12-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_windows_remoteshell.yar#L1-L121"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_windows_remoteshell.yar#L1-L121"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4a72ae1574022d6454e29a6b05a0279f2e774f8218d24a3a866721d958c52e1a"
score = 75
quality = 80
@@ -237843,8 +238016,8 @@ rule SEKOIA_Koi_Powershell_Loading_Obfuscatednet
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/koi_powershell_loading_obfuscatednet.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/koi_powershell_loading_obfuscatednet.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "82f30c04474ea77af5169771a2c0e75ba792fd32dc559b8c29172b73ace4ef10"
score = 75
quality = 80
@@ -237870,8 +238043,8 @@ rule SEKOIA_Apt_Sidecopy_Cheex : FILE
date = "2024-08-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sidecopy_cheex.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sidecopy_cheex.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "825c7a1603f800ff247c8f3e9a1420af"
logic_hash = "e5561466b616c746b33c0c4a46e8bdb0859e55aef8896bc1b14e54838c1661ee"
score = 75
@@ -237895,8 +238068,8 @@ rule SEKOIA_Apt_Muddywater_Manifestation_Backdoor_Obfuscated : FILE
date = "2022-01-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_manifestation_backdoor_obfuscated.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_manifestation_backdoor_obfuscated.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8610f0895fafd2bc9a19bbff816754b563565ba6b105cc3d0a32b80bf5ebdc47"
score = 75
quality = 80
@@ -237921,8 +238094,8 @@ rule SEKOIA_Hacktool_Ntospy_Strings : FILE
date = "2023-12-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_ntospy_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_ntospy_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e5bd963419e515d65a03592051822fd801f4a21d54cdb18d408556c4bfef78f5"
score = 75
quality = 80
@@ -237947,8 +238120,8 @@ rule SEKOIA_Luckymouse_Sysupdate_Loader : FILE
date = "2022-08-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/luckymouse_sysupdate_loader.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/luckymouse_sysupdate_loader.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9d46b74d8e5f94ecd844cffcd6d0d29eb662374c1d6fbe87acf3c877e5f963b3"
score = 75
quality = 80
@@ -237971,8 +238144,8 @@ rule SEKOIA_Rat_Win_Borat : FILE
date = "2022-04-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_borat.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_borat.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "53d6d9fe6b3218d97079e624379863d927d0b783b24acbda359b18daafb5162e"
score = 75
quality = 80
@@ -238005,8 +238178,8 @@ rule SEKOIA_Backdoor_Lin_Sysupdate : FILE
date = "2023-03-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_lin_sysupdate.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_lin_sysupdate.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "93e17cd535444e9cabc7440b1226526e67ddb81a84eb6377689a62f268b9dfee"
score = 75
quality = 80
@@ -238034,8 +238207,8 @@ rule SEKOIA_Apt_Cloudmensis_Downloader_Strings : FILE
date = "2022-07-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudmensis_downloader_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudmensis_downloader_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9532530f9b6c39d64611354f5d3c95e7c8b9ebf917ab797c162c3b51945db1fc"
score = 75
quality = 80
@@ -238061,8 +238234,8 @@ rule SEKOIA_Weevely_Webshell_Payload : FILE
date = "2024-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/weevely_webshell_payload.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/weevely_webshell_payload.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bb02ec519d77526cc81ebd7743336b333b9498f79079f7008970cf1bb51c4948"
score = 75
quality = 80
@@ -238087,8 +238260,8 @@ rule SEKOIA_Tool_Masky_Strings : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_masky_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_masky_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "35dc536879d9464919028ace6b65b225455621035184d7b58468d259ccda62aa"
score = 75
quality = 80
@@ -238115,8 +238288,8 @@ rule SEKOIA_Apt_Boldmove_Strings : FILE
date = "2023-01-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_boldmove_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_boldmove_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "71649451b88629da1779c0856b2f1f60f87501962c69556f7943b049688a2d96"
score = 75
quality = 80
@@ -238143,8 +238316,8 @@ rule SEKOIA_Apt_Darkpink_Kamikakabot_Strings
date = "2023-02-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_darkpink_kamikakabot_strings.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_darkpink_kamikakabot_strings.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0bc37c96b591d8edb1fd288ef874b3cc31879ce166b8734a3dd0e29644cbea55"
score = 75
quality = 80
@@ -238182,8 +238355,8 @@ rule SEKOIA_Stealer_Win_Mgbot_Credential_Stealer : FILE
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/stealer_win_mgbot_credential_stealer.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/stealer_win_mgbot_credential_stealer.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "27f1b0ac818753804f0e67ac158d9376ab6beff8613ef94a1aa6cf8dd6815d49"
score = 75
quality = 80
@@ -238211,8 +238384,8 @@ rule SEKOIA_Ransomware_Win_Karma : FILE
date = "2021-08-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_karma.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_karma.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ef272be7ae5fea084120db95f7b002e9061d72442836e836ca43ddc7b461be4e"
score = 75
quality = 80
@@ -238240,8 +238413,8 @@ rule SEKOIA_Hacktool_Socat_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_socat_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_socat_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8f0c907fa2de4141c55073ea5b4a8174f50c716fc7a60d3e838115859a938084"
score = 75
quality = 80
@@ -238266,8 +238439,8 @@ rule SEKOIA_Spyware_And_Fastfire : FILE
date = "2022-11-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/spyware_and_fastfire.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/spyware_and_fastfire.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2600fc0a8fc6279936decf80256be1fc8cb581a59ef6646fe48b5885e104365e"
score = 75
quality = 80
@@ -238297,8 +238470,8 @@ rule SEKOIA_Tool_Sy_Runas : FILE
date = "2023-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_sy_runas.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_sy_runas.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b606f921b0ff6adf0e6979d43be0ddf77e2967e703562f1dea4406d1f5b3f5fd"
score = 75
quality = 80
@@ -238324,8 +238497,8 @@ rule SEKOIA_Infostealer_Win_Whitesnake_Loader_Feb23 : FILE
date = "2023-03-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_whitesnake_loader_feb23.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_whitesnake_loader_feb23.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c9d4414fb17c28a3ea2e75837732e1657bdc7b2df4a7ab34e458d659441759e8"
score = 75
quality = 80
@@ -238352,8 +238525,8 @@ rule SEKOIA_Apt_Unc3524_Quietexit_Strings : FILE
date = "2022-05-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unc3524_quietexit_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unc3524_quietexit_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9f8bc7516fdefd94c6bddaf77ea3ac1ba8a3a6380530118c4b28d74b42eaae54"
score = 75
quality = 80
@@ -238382,8 +238555,8 @@ rule SEKOIA_Loader_Win_Gcleaner : FILE
date = "2022-10-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_gcleaner.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_gcleaner.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f38aaab2911e4e901780bb6df2c58f02fa80d3e39fb56f60072285d0a929ba23"
score = 75
quality = 80
@@ -238414,8 +238587,8 @@ rule SEKOIA_Rat_Win_Romcom_Payload
date = "2022-11-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_romcom_payload.yar#L4-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_romcom_payload.yar#L4-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "56f016df8e9165522e18f34bdb7c3044ee8927f53dd6818fa2b3d6424191d8e0"
score = 75
quality = 80
@@ -238436,8 +238609,8 @@ rule SEKOIA_Tool_Win_Blackfly_Proxy_Config : FILE
date = "2023-02-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_blackfly_proxy_config.yar#L4-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_blackfly_proxy_config.yar#L4-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a421d933209f3a81f7430f1b933074701a1fc965c1b4bc321cc7b4e89802f483"
score = 75
quality = 80
@@ -238462,8 +238635,8 @@ rule SEKOIA_Malware_Sugargh0St_Strings : FILE
date = "2023-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_sugargh0st_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_sugargh0st_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b878b5d3b3f62952d79c0ea5811838f4e79302b85f25494e91dc730dec8e1d8d"
score = 75
quality = 80
@@ -238489,8 +238662,8 @@ rule SEKOIA_Malware_Valleyrat_Strings_Config : FILE
date = "2024-08-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_valleyrat_strings_config.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_valleyrat_strings_config.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "b1887a48e59ac7b1b1742854d2a228af"
hash = "f6c69e83ce61aacacfbc410345008268"
hash = "63ad42e03aca6ce447fb447e21aeb385"
@@ -238523,8 +238696,8 @@ rule SEKOIA_Apt_Apt41_Powershell_Exfiltration_Script : FILE
date = "2023-11-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt41_powershell_exfiltration_script.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt41_powershell_exfiltration_script.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0ba4118855d6bd54cbb3a35e3b5fc36484eeb1e742ed3480e6c967b078ec4881"
score = 75
quality = 72
@@ -238550,8 +238723,8 @@ rule SEKOIA_Downloader_Win_Curl_Agent
date = "2023-05-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_curl_agent.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_curl_agent.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b34375ec051c969adec82901c1130b0a389261912559d70c652ee826cb2d4107"
score = 75
quality = 80
@@ -238578,8 +238751,8 @@ rule SEKOIA_Apt_Kimsuky_Powershell : FILE
date = "2024-09-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_powershell.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_powershell.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "6babb53d881448dc58dd7c32fcd4208a"
hash = "29ec7a4495ea512d44d33c9847893200"
hash = "fde68771cebd7ecd81721b0dff5b7869"
@@ -238608,8 +238781,8 @@ rule SEKOIA_Apt_Sugargh0Stcampaign_Malicious_Lnk : FILE
date = "2023-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sugargh0stcampaign_malicious_lnk.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9efa131fdb02f31812c8a3f2053e1b60d0970c748eb0f82aed92a1c0719e048c"
score = 75
quality = 80
@@ -238633,8 +238806,8 @@ rule SEKOIA_Unk_Quad7_Fsynet_Strings : FILE
date = "2024-08-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/unk_quad7_fsynet_strings.yar#L1-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/unk_quad7_fsynet_strings.yar#L1-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "f42849076e24b7827218f7a25bc11ccc"
hash = "b3b09819f820a4ecd31f82f369000af2"
hash = "92093dd7ba6ae8fe34a215c4c4bd1cd4"
@@ -238673,8 +238846,8 @@ rule SEKOIA_Apt_Lazarus_Vhd_Ransomware_Loader : FILE
date = "2022-11-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_vhd_ransomware_loader.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_vhd_ransomware_loader.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "33000fd79b5aae59dcbf445bb4d0d65cf5f939f376a4e3d9e23e14b11ca297da"
score = 75
quality = 80
@@ -238710,8 +238883,8 @@ rule SEKOIA_Infostealer_Win_Blustealer : FILE
date = "2022-10-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_blustealer.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_blustealer.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fc7c11a9ddd21228aa773da6054220211327727a87d48008b7edb202c48666d8"
score = 75
quality = 80
@@ -238748,8 +238921,8 @@ rule SEKOIA_Yara_Runascs : FILE
date = "2023-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/yara_runascs.yar#L3-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/yara_runascs.yar#L3-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fe9b02704d07b5ebe6ad94283e4c1ec2846a54f5c1fb2115a1f6411cf8c19059"
score = 75
quality = 80
@@ -238780,8 +238953,8 @@ rule SEKOIA_Ransomware_Win_Blackmatter
date = "2021-08-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_blackmatter.yar#L4-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_blackmatter.yar#L4-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5a407a9901314211e13bef30254f1d129cf3c731ea970abff8602f1ae40177cb"
score = 75
quality = 80
@@ -238801,8 +238974,8 @@ rule SEKOIA_Ransomware_Win_Wing : FILE
date = "2024-01-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_wing.yar#L1-L52"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_wing.yar#L1-L52"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c9f373c12f4fb5efc29d0f293a2e0b46cf03c1abe124e9dd4118bef6c6e3f731"
score = 75
quality = 78
@@ -238858,8 +239031,8 @@ rule SEKOIA_Koiloader_Lnk : FILE
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/koiloader_lnk.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/koiloader_lnk.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "49953c76796f671ed80afa21872aac500d706f2af4426a5ec2854e16b9d0e474"
score = 75
quality = 80
@@ -238885,8 +239058,8 @@ rule SEKOIA_Guloader_Powershell_1 : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/guloader_powershell_1.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/guloader_powershell_1.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9fd2d0e31f939e7e96444eaa4802c9c33407c5fb77067670d8ce2d3796199961"
score = 75
quality = 80
@@ -238912,8 +239085,8 @@ rule SEKOIA_Tool_Bypassgodzilla : FILE
date = "2024-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_bypassgodzilla.yar#L1-L38"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_bypassgodzilla.yar#L1-L38"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "571c9042c627abba19ba1d591e2083eb"
hash = "56cfc5a876f8f55bf184be9f368b6d8a"
hash = "d4f7ca537701aee8849c474bc4df19d1"
@@ -238951,8 +239124,8 @@ rule SEKOIA_Tool_Advancedrun_Strings : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_advancedrun_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_advancedrun_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "a1d50ebe6124584f32de0625475cdb74"
logic_hash = "58e5e0c903057ff382a78a37ba289cbaa5949d99a4b5ff77a223e86aab591f5d"
score = 75
@@ -238979,8 +239152,8 @@ rule SEKOIA_Apt_Mustangpanda_Tinynote : FILE
date = "2023-06-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_tinynote.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_tinynote.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "20723b449d057ddf09fa34aa7511275939f98c6c84593af64d99f980c679b2c1"
score = 75
quality = 80
@@ -239007,8 +239180,8 @@ rule SEKOIA_Rat_Win_Babylon : FILE
date = "2023-08-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_babylon.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_babylon.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "142f10e519561d6552c9cb8d267280b9ede203a2f4723d904ab07217b0565bd1"
score = 75
quality = 80
@@ -239043,8 +239216,8 @@ rule SEKOIA_Apt_Muddywater_Muddyc2Go_Dll_Launcher_Strings : FILE
date = "2024-03-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_muddyc2go_dll_launcher_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_muddyc2go_dll_launcher_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "1a0827082d4b517b643c86ee678eaa53f85f1b33ad409a23c50164c3909fdaca"
logic_hash = "b91653e313258ebd2073a398d0467800056ac94adab02c3a83aa8a379710e4e6"
score = 75
@@ -239070,8 +239243,8 @@ rule SEKOIA_Infostealer_Win_Leaf : FILE
date = "2023-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_leaf.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_leaf.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f8c0ff694c9f7a02613000d85a40f6b400dcca60711e589f7ccd3546f571aea6"
score = 75
quality = 80
@@ -239111,8 +239284,8 @@ rule SEKOIA_Apt_Ivanti_Krustyloader : FILE
date = "2024-01-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_ivanti_krustyloader.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_ivanti_krustyloader.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fe982dffcff4bec78593080d7745aeb32bc2e3b7e0df373bbbd53bc6f53cfcbf"
score = 75
quality = 30
@@ -239146,8 +239319,8 @@ rule SEKOIA_Rule_Lazarus_Generic_Downloader_7C3F94702Fa7 : FILE
date = "2022-08-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rule_lazarus_generic_downloader_7c3f94702fa7.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rule_lazarus_generic_downloader_7c3f94702fa7.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1ee58eb760fb74ef089f7d3eb423f314fe1c22e8c85b01eba0e965dea8c846ce"
score = 75
quality = 80
@@ -239174,8 +239347,8 @@ rule SEKOIA_Apt_Mustangpanda_Zpakage : FILE
date = "2023-03-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_zpakage.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_zpakage.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "711c0e83f4e626a7b54e3948b281a71915a056c5341c8f509ecba535bc199bee"
logic_hash = "52ad51589ca154fbf6e5829a2c80a9b811809288bed6995820a0ca8aa218d8ef"
score = 75
@@ -239212,8 +239385,8 @@ rule SEKOIA_Win_Clipper_Generic : FILE
date = "2024-07-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/win_clipper_generic.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/win_clipper_generic.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f2fb2285adb10269aaf3d028d3803775ad86833b36cf24dabb8d404a6380b505"
score = 75
quality = 78
@@ -239237,8 +239410,8 @@ rule SEKOIA_Downloader_Win_Andarloader : FILE
date = "2023-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_andarloader.yar#L4-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_andarloader.yar#L4-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "33e5490b9564333c27a2c23d7f0362c582ca3bd352cafde6b334dc376fd37762"
score = 75
quality = 80
@@ -239260,8 +239433,8 @@ rule SEKOIA_Apt37_Rokrat_Macho
date = "2022-09-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt37_rokrat_macho.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt37_rokrat_macho.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "526dc4594db099ed8090a673e761f84f6dd7ce860e380214e4d3f1ec08fc2345"
score = 75
quality = 66
@@ -239290,8 +239463,8 @@ rule SEKOIA_Apt_Mustangpanda_Mqsttang_Qmagent : FILE
date = "2023-03-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_mqsttang_qmagent.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_mqsttang_qmagent.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4e7aa53e561cad512b031240bce6ad207b80ff7438eee39cd05bb92412aaa632"
score = 75
quality = 30
@@ -239320,8 +239493,8 @@ rule SEKOIA_Rat_Win_Dcrat_Qwqdanchun : FILE
date = "2023-01-26"
modified = "2024-12-19"
reference = "https://github.com/qwqdanchun/DcRat"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_dcrat_qwqdanchun.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_dcrat_qwqdanchun.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e6f8664e57ecce3bd7b2af5c67d564d526b32d12218b772b0e9f53709044e14d"
score = 75
quality = 80
@@ -239356,8 +239529,8 @@ rule SEKOIA_Downloader_Mac_Smooth_Operator : FILE
date = "2023-07-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_smooth_operator.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_smooth_operator.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "031f766d6ab7d94ed7ba4324d4bdfa3fbc11986fba35487a88a1ee3aba090c82"
score = 75
quality = 80
@@ -239381,8 +239554,8 @@ rule SEKOIA_Apt_Yemen_Apk_Guardzoo : FILE
date = "2024-08-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_yemen_apk_guardzoo.yar#L1-L40"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_yemen_apk_guardzoo.yar#L1-L40"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "3afad114c68489e2d294720339baf570"
hash = "c59d0f5c8d00485199f147b96c5abca0"
hash = "75c58948725133160085dc1cfdf602ec"
@@ -239429,8 +239602,8 @@ rule SEKOIA_Infostealer_Win_Mars_Stealer_Xor_Routine : FILE
date = "2022-04-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_mars_stealer_xor_routine.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_mars_stealer_xor_routine.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c7e65550a225431552e8a81bbce81dd66350021b6444c94fe7a37aa96712e9b1"
score = 75
quality = 80
@@ -239453,8 +239626,8 @@ rule SEKOIA_Vpn_Mul_Softether
date = "2024-04-15"
modified = "2024-12-19"
reference = "https://www.softether.org/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/vpn_mul_softether.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/vpn_mul_softether.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f93e838631518590e518f29557c60a40734da30b62c056f8ebb8febed389551b"
score = 75
quality = 80
@@ -239489,8 +239662,8 @@ rule SEKOIA_Tool_Multidump_Strings : FILE
date = "2024-03-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_multidump_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_multidump_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8d98cf89d56f5a949023364f94c8d55f8875408b082fb52e118f99d46533124d"
score = 75
quality = 80
@@ -239518,8 +239691,8 @@ rule SEKOIA_Apt_Oilrig_Sc5Kv3_Strings : FILE
date = "2023-12-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_sc5kv3_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_sc5kv3_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ace8e227abd97d0ec21815cc58c24d46e4944f2b0e1987672be53f81356a7a57"
score = 75
quality = 80
@@ -239543,8 +239716,8 @@ rule SEKOIA_Malware_Win_Passlib : FILE
date = "2022-07-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_win_passlib.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_win_passlib.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5e76f7c40a00182ee076720b4c19a45e82a8ce11740fdd8e9419f9d9e93cdb41"
score = 75
quality = 80
@@ -239583,8 +239756,8 @@ rule SEKOIA_Typhon_Reborn_Stealer
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/typhon_reborn_stealer.yar#L3-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/typhon_reborn_stealer.yar#L3-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0db77a2e1d6b7274b0256fe469b72953c1b8598cbfc1715a43e5fbfa7899fe4c"
score = 75
quality = 80
@@ -239608,8 +239781,8 @@ rule SEKOIA_Malware_Venom_Agent_Strings : FILE
date = "2022-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_venom_agent_strings.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_venom_agent_strings.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "66dd1cb7bd66fcf78c8eaad8aaab7cfd624b898b7b479e571bacf5c4e48edac9"
score = 75
quality = 80
@@ -239648,8 +239821,8 @@ rule SEKOIA_Apt_Ta428_Tmanger_Strings : FILE
date = "2022-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_ta428_tmanger_strings.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_ta428_tmanger_strings.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e045f38367fa7f3cdcc908e60de4386889c7878c95b1a40f63fd70683699b0f1"
score = 75
quality = 80
@@ -239682,8 +239855,8 @@ rule SEKOIA_Apt_Nobelium_Nativezone_Gen : FILE
date = "2022-02-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_nobelium_nativezone_gen.yar#L3-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_nobelium_nativezone_gen.yar#L3-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "63ad9fc510541f98237fa5b254dc4a147539cbf485b2889d97bf3b619c3db3ae"
score = 75
quality = 80
@@ -239708,8 +239881,8 @@ rule SEKOIA_Implant_Mac_Smoothoperator_Update_Agent : FILE
date = "2023-07-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_mac_smoothoperator_update_agent.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_mac_smoothoperator_update_agent.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d5a0d87ac810097983df92ab1b1ff9775093b0aaaf551a74ff6fe5149dbd3a21"
score = 75
quality = 80
@@ -239735,8 +239908,8 @@ rule SEKOIA_Apt_Micdown_Encrypted_Configuration : FILE
date = "2023-08-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_micdown_encrypted_configuration.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_micdown_encrypted_configuration.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9b80bd284f9aa9e4073bdead7bb0c5412ec1809c36a85dfd35d9ea7ac62da8a3"
score = 75
quality = 80
@@ -239759,8 +239932,8 @@ rule SEKOIA_Apt_Uta0218_Upstyle_Backdoor_Strings : FILE
date = "2024-04-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_uta0218_upstyle_backdoor_strings.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_uta0218_upstyle_backdoor_strings.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bcba657b0b302f4b46f09bc4b815a581d22208b5d9f99e1233878f775241f92e"
score = 75
quality = 80
@@ -239790,8 +239963,8 @@ rule SEKOIA_Apt_Spynote_Android_Dex_Strings : FILE
date = "2022-08-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_spynote_android_dex_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_spynote_android_dex_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "474617628afe110d9e7ea2acef57c5e560139b57aa7e497bf9e111af239e9588"
score = 75
quality = 80
@@ -239817,8 +239990,8 @@ rule SEKOIA_Apt_Lazarus_Backdoored_Jslib : FILE
date = "2024-10-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_backdoored_jslib.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_backdoored_jslib.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "52e92be527690f4e63608cbc699e2f70"
logic_hash = "205ad321afcb22ae2bf6cf2a58ce970ea9b0edda7fab60ddeda5ea36ecfe3cb9"
score = 75
@@ -239843,8 +240016,8 @@ rule SEKOIA_Apt_Sandworm_Powergap_Apr2022 : FILE
date = "2022-04-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sandworm_powergap_apr2022.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sandworm_powergap_apr2022.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f1532cce42ab1315d3ab7882fa43ad05255055da720a123bed034242d439da2a"
score = 75
quality = 68
@@ -239872,8 +240045,8 @@ rule SEKOIA_Rootkit_Win_Purplefox_Svchost_Txt : FILE
date = "2022-03-28"
modified = "2024-12-19"
reference = "https://www.trendmicro.com/en_us/research/22/c/purple-fox-uses-new-arrival-vector-and-improves-malware-arsenal.html"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rootkit_win_purplefox_svchost_txt.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rootkit_win_purplefox_svchost_txt.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a1de949cb2e898ed031f5c796f7152af12dfae5431dfaf269f25ebe72f0ae004"
score = 75
quality = 80
@@ -239901,8 +240074,8 @@ rule SEKOIA_Apt_Apt28_Ukrnet_Phishing_Page : FILE
date = "2024-09-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_ukrnet_phishing_page.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_ukrnet_phishing_page.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "20dc3a5beb8e3a7801e010b4113efef1"
hash = "5f1462144d7704101cd71c679ea0322b"
logic_hash = "3d077a7ce35094bcbda763c131d4564ffbcea0373f5cbd30406ada4e9db36529"
@@ -239934,8 +240107,8 @@ rule SEKOIA_Apt_Andariel_Siennablue : FILE
date = "2023-11-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_andariel_siennablue.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_andariel_siennablue.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0876deb2e76098ac8d304737243d3a76e9741b2ca1570034bec51fea5a40818d"
score = 75
quality = 80
@@ -239961,8 +240134,8 @@ rule SEKOIA_Ransomware_Win_Blackcat : FILE
date = "2022-01-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_blackcat.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_blackcat.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8a60fd14835f9e8683c3e60a19f23bc00020ccd22e74bffbc8ed19fcb8d0e39a"
score = 75
quality = 80
@@ -239999,8 +240172,8 @@ rule SEKOIA_Apt_Lazarus_Blindingcan_Rtti
date = "2022-10-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_blindingcan_rtti.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_blindingcan_rtti.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fbec1f9a180782bf330d86facbada9af018741897c58f4ab6e0b52a1b38ae966"
score = 75
quality = 80
@@ -240024,8 +240197,8 @@ rule SEKOIA_Win_Malware_Statc_Downloader : FILE
date = "2023-08-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/win_malware_statc_downloader.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/win_malware_statc_downloader.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "173ea5af2e71b6ed70abd52a5d2f4de040393a6d2ff4978bbb6e73d96742b010"
logic_hash = "a99970a6ace88234e5e2bda009f8d87e6a0dc8c1a4655cca128e30292a21502c"
score = 75
@@ -240058,8 +240231,8 @@ rule SEKOIA_Apt_Uac0154_Malicious_Html_Smuggling : FILE
date = "2023-10-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_uac0154_malicious_html_smuggling.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_uac0154_malicious_html_smuggling.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ba37b076ac29edcb9af7792420b527b0d64e7838e0237b39afe98a817eafdf7e"
score = 75
quality = 80
@@ -240084,8 +240257,8 @@ rule SEKOIA_Trojan_Win_Bbtok_Dll1_Sep23 : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://research.checkpoint.com/2023/behind-the-scenes-of-bbtok-analyzing-a-bankers-server-side-components/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_win_bbtok_dll1_sep23.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_win_bbtok_dll1_sep23.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "5353956345206982af9bde55300fc405ba6e40722e8f51e8717c30ad32bc8f91"
logic_hash = "1b1e25f7d760d275d2ef01390c215edb1752ad65383c92a21d71d9e65da3c5f8"
score = 75
@@ -240119,8 +240292,8 @@ rule SEKOIA_Backdoor_Powershellempire_Python : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_powershellempire_python.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_powershellempire_python.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "81c74a73ff7fe02420f29a53b350f1b53964f5a04f0694fed5b1b4bd6cc5ad03"
score = 75
quality = 80
@@ -240144,8 +240317,8 @@ rule SEKOIA_Apt_Luckymouse_Compromised_Electronapp : FILE
date = "2022-08-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_luckymouse_compromised_electronapp.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_luckymouse_compromised_electronapp.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "939546b75d5f7161bb8eb1fd838a9a7c0c88cb58a0f01f67e687523e5b31b0aa"
score = 75
quality = 80
@@ -240168,8 +240341,8 @@ rule SEKOIA_Downloader_Mac_Rustbucket_Swiftloader
date = "2023-12-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_rustbucket_swiftloader.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_rustbucket_swiftloader.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "acb5b88f8af53cd3d83de0fd6c3049ce017f038dc7c8b31f70e65e60bf713dfb"
score = 75
quality = 80
@@ -240196,8 +240369,8 @@ rule SEKOIA_Apt_Sidecopy_Malicious_Macro : FILE
date = "2023-05-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sidecopy_malicious_macro.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sidecopy_malicious_macro.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b1d9d7af8507b478b2a8d34a4a5ca3714b219a42d5b3f9d5026d98351294e1cf"
score = 75
quality = 80
@@ -240225,8 +240398,8 @@ rule SEKOIA_Downloader_Mac_Rustbucket : FILE
date = "2023-04-24"
modified = "2024-12-19"
reference = "https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_mac_rustbucket.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_mac_rustbucket.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1b9e9a3f4fb4804eb94ab8d3573781d67f96d180b258cfc10be384eec44509ed"
score = 75
quality = 78
@@ -240262,8 +240435,8 @@ rule SEKOIA_Tool_Win_Driverjack : FILE
date = "2024-09-11"
modified = "2024-12-19"
reference = "https://github.com/klezVirus/DriverJack/blob/master/DriverJack"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_driverjack.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_driverjack.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "649fc12915bdcdebbc3798a8ad0b9b32"
logic_hash = "0ea81c32b75ff66434f0c949be7d1478ce9268eb1b67dc5b7d6c7604cedcd72c"
score = 75
@@ -240291,8 +240464,8 @@ rule SEKOIA_Apt_Cloudmensis_Spyagent_Strings : FILE
date = "2022-07-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudmensis_spyagent_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudmensis_spyagent_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ad858b1b78fb4ac6efee093b11fde14956d63bc6b300ef37bf1f2a3356cf4402"
score = 75
quality = 80
@@ -240319,8 +240492,8 @@ rule SEKOIA_Apt_Apt41_Powershell_Collection_Script : FILE
date = "2023-11-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt41_powershell_collection_script.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt41_powershell_collection_script.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8b0462636c9f6270baff2bf09638e94db6d5a0472b8216ddd1919a77b6a63aca"
score = 75
quality = 70
@@ -240347,8 +240520,8 @@ rule SEKOIA_Apt_Aptc36_Vbs_Maldoc : FILE
date = "2022-02-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_aptc36_vbs_maldoc.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_aptc36_vbs_maldoc.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cf448731378e97d740d42aa19d1bb81330c3998f07e94ce57bd8d82fc39c6428"
score = 75
quality = 51
@@ -240376,8 +240549,8 @@ rule SEKOIA_Apt_Kimsuky_Sharpext_Devps1_Strings : FILE
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharpext_devps1_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharpext_devps1_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "32e96440838bf63679b2a05ce4e6c226bed515ceb5180e3cf079206e21a0c0c5"
score = 75
quality = 55
@@ -240402,8 +240575,8 @@ rule SEKOIA_Implant_Lin_Lightning : FILE
date = "2022-07-21"
modified = "2024-12-19"
reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_lin_lightning.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_lin_lightning.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "215eea8275fa69a901f6413b334d2824086098e9a9bb2cffd7cb9df5c869be4c"
score = 75
quality = 80
@@ -240437,8 +240610,8 @@ rule SEKOIA_Infostealer_Win_Irontiger_Chrome_Stealer : FILE
date = "2023-03-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_irontiger_chrome_stealer.yar#L3-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_irontiger_chrome_stealer.yar#L3-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dfddebf9623661508e993541106d4dcbb2270b311b2902567bd309810aff58dd"
score = 75
quality = 80
@@ -240475,8 +240648,8 @@ rule SEKOIA_Apt_Polonium_Powershell_Creepydrive_Strings
date = "2022-06-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_polonium_powershell_creepydrive_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_polonium_powershell_creepydrive_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "28b8f10a36d13e97e606b082f20c50c3d48241409e7f1aca621e2af9d756dbe5"
score = 75
quality = 80
@@ -240508,8 +240681,8 @@ rule SEKOIA_Ransomware_Lin_Avoslocker_Strings : FILE
date = "2022-02-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_lin_avoslocker_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_lin_avoslocker_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b65cf6713027644de281f17a4c5c170fc09a154e7119d04a92aceed0e2d7e4fd"
score = 75
quality = 80
@@ -240537,8 +240710,8 @@ rule SEKOIA_Apt_Badmagic_Listfiles_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_listfiles_pshscript.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_listfiles_pshscript.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4401d31e4b0484776aab51c161a301fc4ee3e944a1669df763bd274014178368"
score = 75
quality = 80
@@ -240562,8 +240735,8 @@ rule SEKOIA_Shell_Win_Danfuan : FILE
date = "2022-11-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/shell_win_danfuan.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/shell_win_danfuan.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "96929ef478a8773022233a4092b3c157867aae6ee185568a6327d033c05a68f1"
score = 75
quality = 80
@@ -240588,8 +240761,8 @@ rule SEKOIA_Apt_Susp_Apt28_Uac0063_Hatvibe
date = "2024-07-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_susp_apt28_uac0063_hatvibe.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_susp_apt28_uac0063_hatvibe.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "332d9db35daa83c5ad226b9bf50e992713bc6a69c9ecd52a1223b81e992bc725"
logic_hash = "41e1f97e45bc42ad3057cc173d036806687223782e54997e7803c888ee394b09"
score = 65
@@ -240617,8 +240790,8 @@ rule SEKOIA_Hacktool_Credentialkatz : FILE
date = "2024-10-30"
modified = "2024-12-19"
reference = "https://github.com/Meckazin/ChromeKatz"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_credentialkatz.yar#L1-L34"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_credentialkatz.yar#L1-L34"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2762e066128e186526c5ff272fc9184c0262d81d8c513e6515c25c189418931c"
logic_hash = "dbfc0a6e8ad6701a071cb76564a2aeb9924ff7f13306f5dca1e1045c51f07ae7"
score = 75
@@ -240659,8 +240832,8 @@ rule SEKOIA_Rat_Darkvision_String : FILE
date = "2024-09-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_darkvision_string.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_darkvision_string.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "8ec5526cecc596e0711c82e39cd4f2ce"
hash = "2dd476464e46d91ffe68483cb478d9b4"
hash = "20de7547d79d3637430b6a0787e59df5"
@@ -240696,8 +240869,8 @@ rule SEKOIA_Backdoor_Win_Minibike : FILE
date = "2024-04-08"
modified = "2024-12-19"
reference = "https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_minibike.yar#L4-L37"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_minibike.yar#L4-L37"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d09ab10aff629c6edafa7df640e98bcb6b2523a9bf4e2f2ca87f6694ccfe21bf"
score = 75
quality = 80
@@ -240726,8 +240899,8 @@ rule SEKOIA_Exploit_Cve20191458_Strings : CVE_2019_1458 FILE
date = "2022-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_cve20191458_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_cve20191458_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8e22a79b3d7dc45d63062c71909faee61584c71b6ea7353ba0f40c00745a2075"
score = 75
quality = 80
@@ -240754,8 +240927,8 @@ rule SEKOIA_Crime_Sload_Powershellarchiveexfiltrator_Strings : FILE
date = "2022-08-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crime_sload_powershellarchiveexfiltrator_strings.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crime_sload_powershellarchiveexfiltrator_strings.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7d6234ced7e5915a5b27ce2065772c74adb5c2398a8c972421fb5ec6b1b7771f"
score = 75
quality = 80
@@ -240780,8 +240953,8 @@ rule SEKOIA_Tool_Ladon_Strings : FILE
date = "2024-06-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_ladon_strings.yar#L1-L61"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_ladon_strings.yar#L1-L61"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6f2a34bddea2a2370c0a45cde888f51632689973373e3c6ba739a34dc220bfa1"
score = 75
quality = 78
@@ -240835,8 +241008,8 @@ rule SEKOIA_Tool_Win_Snap2Html : FILE
date = "2024-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_snap2html.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_snap2html.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8805a80193ba1323dffd68456833f27cc93f2182660a5047dbe69e8ed65ac184"
score = 75
quality = 80
@@ -240870,8 +241043,8 @@ rule SEKOIA_Apt_Cerana_Keeper_Dropboxflop : FILE
date = "2024-10-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cerana_keeper_dropboxflop.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cerana_keeper_dropboxflop.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2b65b74e52fbf25cb400dbdfcd1a06a7"
logic_hash = "5b2dfdf0c35f574e7006bb3e6eafa10d0e7fc7d980d443b31d4d6d6b7cec2fce"
score = 75
@@ -240895,8 +241068,8 @@ rule SEKOIA_Exploit_Linux_Eop_Polkit_Pkexec_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_polkit_pkexec_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_polkit_pkexec_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "42d04204481c165ba1b5c4ee5ff1094c31400669b0eca041d736473d481e74b7"
score = 75
quality = 80
@@ -240921,8 +241094,8 @@ rule SEKOIA_Tool_Webshell_B374K_Strings : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_webshell_b374k_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_webshell_b374k_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "1d27b23fceecbb9e854c41f6a8fb878e"
hash = "71fd853a3f3efc3dc2846e866187ee59"
hash = "187e001c32487d0d68197ddb7e7796c3"
@@ -240952,8 +241125,8 @@ rule SEKOIA_Backoor_Win_Gobear
date = "2024-02-13"
modified = "2024-12-19"
reference = "https://medium.com/s2wblog/kimsuky-disguised-as-a-korean-company-signed-with-a-valid-certificate-to-distribute-troll-stealer-cfa5d54314e2"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backoor_win_gobear.yar#L4-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backoor_win_gobear.yar#L4-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8ca2699058ded62cbf4b78040985a4e5ebce0a1ff94034206c81a4c8e91f479b"
score = 75
quality = 80
@@ -240974,8 +241147,8 @@ rule SEKOIA_Loader_Win_Abcloader : FILE
date = "2024-08-19"
modified = "2024-12-19"
reference = "https://nsfocusglobal.com/new-apt-group-actor240524-a-closer-look-at-its-cyber-tactics-against-azerbaijan-and-israel/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_abcloader.yar#L4-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_abcloader.yar#L4-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "0d1dca5eaad49c2dbd979e1bf0b5f8d0"
hash = "9a640889e82407b06c546fea15be668f"
logic_hash = "64d171d31c2f03ac18dde61d5b57fba91448045404b0ff619fb8cd437a561b1f"
@@ -241001,8 +241174,8 @@ rule SEKOIA_Apt_Sidecopy_Reverserat_Strings : FILE
date = "2023-05-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sidecopy_reverserat_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sidecopy_reverserat_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "be657405b5703dc402b53350aa7ef18529bda3dc44c759585c4cfa1bc1eb76ff"
score = 75
quality = 80
@@ -241032,8 +241205,8 @@ rule SEKOIA_Apt_Konni_Check_Bat : FILE
date = "2023-11-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_konni_check_bat.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_konni_check_bat.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "13a9dd6978985eb17960794c6de2ee2e6411e6afeb705ff95ced72bc0efb5d8c"
score = 75
quality = 80
@@ -241064,8 +241237,8 @@ rule SEKOIA_Implant_Mac_Rustbucket : FILE
date = "2023-04-24"
modified = "2024-12-19"
reference = "https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_mac_rustbucket.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_mac_rustbucket.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747"
logic_hash = "ab7bc706b0d3f0dcd739ffe7f8153ba7377892143d8d53ce1591519ffe4ae84f"
score = 75
@@ -241092,8 +241265,8 @@ rule SEKOIA_Rootkit_Win_Purplefox_360_Tct : FILE
date = "2022-03-28"
modified = "2024-12-19"
reference = "https://www.trendmicro.com/en_us/research/22/c/purple-fox-uses-new-arrival-vector-and-improves-malware-arsenal.html"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rootkit_win_purplefox_360_tct.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rootkit_win_purplefox_360_tct.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6b4ca65bc05ea1e8036140a62b94c8b75afe30a5e37cae9a5ae2a9c828cd6275"
score = 75
quality = 80
@@ -241119,8 +241292,8 @@ rule SEKOIA_Manjusaka_Samples : FILE
date = "2022-08-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/manjusaka_samples.yar#L1-L41"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/manjusaka_samples.yar#L1-L41"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "58dcc406c87a8ec66c0904c4cf518cb38bca1aa9058196ce5d496f6269258200"
score = 75
quality = 78
@@ -241168,8 +241341,8 @@ rule SEKOIA_Apt_Unc4990_Explorer_Ps1_Reverse_B64 : FILE
date = "2024-02-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unc4990_explorer_ps1_reverse_b64.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bf13fbf2dbe6a718510f3e435a9fe06517ed962f8e129d79a15e6a301e5713ca"
score = 75
quality = 80
@@ -241194,8 +241367,8 @@ rule SEKOIA_Spyware_And_Strongpity_Mobile_Backdoor : FILE
date = "2023-01-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/spyware_and_strongpity_mobile_backdoor.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/spyware_and_strongpity_mobile_backdoor.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9005fe938433223f32642f6bbf7c4c58f0b927a006e283c8b12f79103ec02cfc"
score = 75
quality = 80
@@ -241218,8 +241391,8 @@ rule SEKOIA_Infostealer_Win_Stealerium : FILE
date = "2022-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_stealerium.yar#L1-L36"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_stealerium.yar#L1-L36"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f420848164ad4b6966f2a776a58d90b7d70c8b151a42d6f56b654f1700b5e564"
score = 75
quality = 78
@@ -241262,8 +241435,8 @@ rule SEKOIA_Apt_Icepeony_Iceevent : FILE
date = "2024-10-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_icepeony_iceevent.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_icepeony_iceevent.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "07c291c9cea4430676c303128bbbb8e3"
hash = "489b573b37ab8bc74cca3704e723b895"
hash = "265f6cf778d26e62903fb295f89507e3"
@@ -241295,8 +241468,8 @@ rule SEKOIA_Implant_Win_Knotweed_Jumplump : FILE
date = "2022-07-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_knotweed_jumplump.yar#L3-L75"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_knotweed_jumplump.yar#L3-L75"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a2637a8a082b6a23756da188808405046ae986a5973f64859462c92e9306e6c8"
score = 75
quality = 55
@@ -241375,8 +241548,8 @@ rule SEKOIA_Apt_Mustang_Panda_Toneins : FILE
date = "2022-11-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustang_panda_toneins.yar#L4-L44"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustang_panda_toneins.yar#L4-L44"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b71932f16ffb1d8d1780b6f9b4db2f0c98d1c770829a4d2284e78c19d37e54bb"
score = 75
quality = 80
@@ -241415,8 +241588,8 @@ rule SEKOIA_Loader_Fakebat_Powershell_Fingerprint_May24 : FILE
date = "2024-06-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_fakebat_powershell_fingerprint_may24.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_fakebat_powershell_fingerprint_may24.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "04e5c888e5f71873c4fa2d732fbd8e40be3edf406300e65e489e1fa378028c5f"
score = 75
quality = 80
@@ -241449,8 +241622,8 @@ rule SEKOIA_Hacktool_Ntdsdumpex_Strings : FILE
date = "2022-02-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_ntdsdumpex_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_ntdsdumpex_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3295816133ca00aeaf3f4967135ed045ed64d20393f482eafbe4e74f0f63aa47"
score = 75
quality = 80
@@ -241478,8 +241651,8 @@ rule SEKOIA_Wiper_Hermeticwiper_Variants
date = "2022-02-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/wiper_hermeticwiper_variants.yar#L3-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/wiper_hermeticwiper_variants.yar#L3-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d0c358517b0a6334d430d3bd75d6c58243ce84e0f90afe48a5069a1e1954119c"
score = 75
quality = 80
@@ -241505,8 +241678,8 @@ rule SEKOIA_Guloader_Unpacker : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/guloader_unpacker.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/guloader_unpacker.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6be9d7fa829480466aef2a7e78a7dadfac92f7774ab3374254305040c105496f"
score = 75
quality = 80
@@ -241531,8 +241704,8 @@ rule SEKOIA_Apt_Gamaredon_Gammaload_Malicioushta : FILE
date = "2022-08-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_gammaload_malicioushta.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_gammaload_malicioushta.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e41ce63e7c6df2edb548ddc57d51af914dab9200e37eb12463169d587205aa7a"
score = 75
quality = 80
@@ -241559,8 +241732,8 @@ rule SEKOIA_Infostealer_Mac_Realst : FILE
date = "2023-09-11"
modified = "2024-12-19"
reference = "https://iamdeadlyz.gitbook.io/malware-research/july-2023/fake-blockchain-games-deliver-redline-stealer-and-realst-stealer-a-new-macos-infostealer-malware#realst-stealer-macos"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_mac_realst.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_mac_realst.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "72e694e5c32cbaeb7dff7913fde671619e2c8d892e552546dd1682e38f6804c5"
score = 75
quality = 30
@@ -241598,8 +241771,8 @@ rule SEKOIA_Apt_Apt41_Javascript_Dropper : FILE
date = "2024-02-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt41_javascript_dropper.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt41_javascript_dropper.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3e34af7141e41044c3d3e099e8b8deafc7441ea47ccbd8af7ffe686f10bb18a2"
score = 75
quality = 80
@@ -241627,8 +241800,8 @@ rule SEKOIA_Apt_37_Chinotto : FILE
date = "2023-02-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_37_chinotto.yar#L1-L50"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_37_chinotto.yar#L1-L50"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a721f102b4c9568379649f8004fa4eb460240145ab829d8ce3740dafb52d13c8"
score = 75
quality = 80
@@ -241683,8 +241856,8 @@ rule SEKOIA_Apt_Tealkurma_Snappytcp_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_tealkurma_snappytcp_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_tealkurma_snappytcp_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b91adef3332850d952cace104fc05e1b09e6175a27ae991905defc46de608e88"
score = 75
quality = 80
@@ -241709,8 +241882,8 @@ rule SEKOIA_Clwiper_Strings : FILE
date = "2022-09-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/clwiper_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/clwiper_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b6bcd7e20b07ab8a9a54672f60a8ffe6d6bf787630f01b9dcefd1cbc78297050"
score = 75
quality = 80
@@ -241738,8 +241911,8 @@ rule SEKOIA_Launcher_Win_Stealthmutant_Bat_Launcher : FILE
date = "2021-08-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/launcher_win_stealthmutant_bat_launcher.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/launcher_win_stealthmutant_bat_launcher.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "06ae4bc3ed938738dfca10c182a6a2363aa6aa70e730aefd41f6fe73c675785d"
score = 75
quality = 80
@@ -241769,8 +241942,8 @@ rule SEKOIA_Apt_Sofacy_Graphitemalware_Generic : FILE
date = "2022-09-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sofacy_graphitemalware_generic.yar#L3-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sofacy_graphitemalware_generic.yar#L3-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f4c994c36768bae6d6e3b5aeefb634e485ab7b483a693781f29d5ff44c71996f"
score = 75
quality = 80
@@ -241799,8 +241972,8 @@ rule SEKOIA_Kimsuky_Konni_Dll : FILE
date = "2022-09-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/kimsuky_konni_dll.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/kimsuky_konni_dll.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7099156decdfe35cde22958133d851479f12180fff7b5744af0c549ab8259636"
score = 75
quality = 80
@@ -241836,11 +242009,11 @@ rule SEKOIA_Infostealer_Win_Solarmarker_Powershell : FILE
date = "2022-12-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_solarmarker_powershell.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_solarmarker_powershell.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "32267cf7e03ed65da969aeeff5ef5d7291e47446ea11a4b391f085967e8aa67d"
score = 75
- quality = 55
+ quality = 80
tags = "FILE"
version = "1.0"
classification = "TLP:CLEAR"
@@ -241868,8 +242041,8 @@ rule SEKOIA_Nomercy : FILE
date = "2022-07-11"
modified = "2024-12-19"
reference = "https://blog.cyble.com/2022/07/07/nomercy-stealer-adding-new-features/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/nomercy.yar#L1-L61"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/nomercy.yar#L1-L61"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "175bc58f1b34bb60f6cacc15747e944cbbdd58fe287ff46abed969eaa39870db"
score = 75
quality = 78
@@ -241930,8 +242103,8 @@ rule SEKOIA_Apt_Kimsuky_Validator_Strings : FILE
date = "2024-06-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_validator_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_validator_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a627dae8c12f0f6f8472bc12b8e1a85137f92f6e389f817ab9023c90720a42b0"
score = 75
quality = 80
@@ -241955,8 +242128,8 @@ rule SEKOIA_Platypus_Winlinmac_Strings : FILE
date = "2023-12-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/platypus_winlinmac_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/platypus_winlinmac_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3c8e928fb8328381997230d4b60de20d07a9a3aee006aad9fc0b67fcfe61a63b"
score = 75
quality = 80
@@ -241986,8 +242159,8 @@ rule SEKOIA_Apt_Evasive_Panda_Rphost_Dll : FILE
date = "2024-03-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_evasive_panda_rphost_dll.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_evasive_panda_rphost_dll.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "fa44028115912c95b5efb43218f3c7237d5c349f"
logic_hash = "2132f1c69db8fd5793c858ada2443fdfa1f941e68d24cc337766df99f8b3a895"
score = 75
@@ -242012,8 +242185,8 @@ rule SEKOIA_Koi_Netstealer : FILE
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/koi_netstealer.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/koi_netstealer.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "814db1092820ff1ed9e592dc92c72ad73643eb6d68df9f593ed637434373e41b"
score = 75
quality = 80
@@ -242040,8 +242213,8 @@ rule SEKOIA_Koiloader_Powershell_Reflective_Loading : FILE
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/koiloader_powershell_reflective_loading.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/koiloader_powershell_reflective_loading.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "27deec01027a73129c6c8057eff1b48190c89ac18dcd7c390fc177d82a897290"
score = 75
quality = 80
@@ -242068,8 +242241,8 @@ rule SEKOIA_Apt_3Cx_Payload_Stealer : FILE
date = "2023-03-31"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_3cx_payload_stealer.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_3cx_payload_stealer.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "17630ab86a3da3408e29765c0c30f14c76b870b88fea634b998392fe5d46cfa2"
score = 75
quality = 80
@@ -242095,8 +242268,8 @@ rule SEKOIA_Tinyfluff_Nodejs : FILE
date = "2022-04-20"
modified = "2024-12-19"
reference = "https://blog.group-ib.com/oldgremlin_comeback"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tinyfluff_nodejs.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tinyfluff_nodejs.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "bd0a6a3628f268a37ac9d708d03f57feef5ed55e"
hash = "bd0a6a3628f268a37ac9d708d03f57feef5ed55e"
logic_hash = "7fa07b6ea32b914887bdcada0f9fda086bc29a44bfdf27e7433ef589192f4b82"
@@ -242122,8 +242295,8 @@ rule SEKOIA_Apt_Mustang_Panda_Nupakage : FILE
date = "2023-03-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustang_panda_nupakage.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustang_panda_nupakage.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "255c77af714b1b66275f3973fb112994ccb028d5d60562bbde30df5a761f03d3"
score = 50
quality = 78
@@ -242146,8 +242319,8 @@ rule SEKOIA_Tool_Safetykatz : FILE
date = "2023-06-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_safetykatz.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_safetykatz.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f443dd5be1e15f8385427d965f8c8476c5f1b57b7c9ab53d9e13eb47735e09d3"
score = 75
quality = 80
@@ -242172,8 +242345,8 @@ rule SEKOIA_Apt_Konni_Dropper : FILE
date = "2023-11-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_konni_dropper.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_konni_dropper.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6d1b1f5ccbdc20908891e5f40ceb85c251b1ca2a395fa4b106e63718c6393a22"
score = 75
quality = 80
@@ -242199,8 +242372,8 @@ rule SEKOIA_Apt_Coathanger_Beacon : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_coathanger_beacon.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_coathanger_beacon.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e44496e62de8c885d5bd941819a97f4c0dd90ce2d0cfe9d042ab9590cc354ddb"
score = 75
quality = 80
@@ -242229,8 +242402,8 @@ rule SEKOIA_Installer_Win_Minibus : FILE
date = "2024-04-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/installer_win_minibus.yar#L4-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/installer_win_minibus.yar#L4-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "24326c9f5dcb7e66d47b65bf6bec6fe78be18c8d41a3039fbd09b453568a3f8f"
score = 75
quality = 80
@@ -242256,8 +242429,8 @@ rule SEKOIA_Implant_Win_Geacon : FILE
date = "2024-01-11"
modified = "2024-12-19"
reference = "https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_geacon.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_geacon.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "74b0d2fbb8b7f6666543ba4fdfd9f9d2064d3a89d21c90d794b57f0009199fea"
score = 75
quality = 80
@@ -242297,8 +242470,8 @@ rule SEKOIA_Apt_Badmagic_Commonmagic_Main : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_commonmagic_main.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_commonmagic_main.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9bcfd6e9e150399c7f11abc41205119ddf24ea0fef5816ed905cd9b1e9ec5c1e"
score = 75
quality = 80
@@ -242323,8 +242496,8 @@ rule SEKOIA_Apt_Gamaredon_Gamaredon_Lnk_Usb_Spreader_Encoded : FILE
date = "2023-06-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader_encoded.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "28358a4a6acdcdfc6d41ea642220ef98c63b9c3ef2268449bb02d2e2e71e7c01"
logic_hash = "81ab55330b3003cb698ade7e14eaea5fb03e5d2d3dd310b7db682aeef9b51f6e"
score = 75
@@ -242351,8 +242524,8 @@ rule SEKOIA_Loader_Win_Fudloader : FILE
date = "2023-09-25"
modified = "2024-12-19"
reference = "https://github.com/0day2/FUD-Loader/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_fudloader.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_fudloader.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bf19169963cfcbcf41a2dc5f9447738e957878972590b2a8d310eed1c54f3676"
score = 75
quality = 80
@@ -242382,8 +242555,8 @@ rule SEKOIA_Apt_Stripedfly : FILE
date = "2023-11-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_stripedfly.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_stripedfly.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ded64ae30cf994162d4af649a34eadd4b8619cbced4392a6684129f8cf906136"
score = 75
quality = 80
@@ -242408,8 +242581,8 @@ rule SEKOIA_Win_Malware_Janelarat_Strings : FILE
date = "2023-08-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/win_malware_janelarat_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/win_malware_janelarat_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "00df0a1f037e24ff1528d524fb7398735e2c3e0a9995a9f95a5293b04748f06e"
logic_hash = "cf2ca92cf790211f69ea9645f1c1b865d5503d14a1dcce535b4a69c735ea3dad"
score = 75
@@ -242434,8 +242607,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_5 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_5.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_5.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a68342b5bb2622deb71432da85cc249f35ca5b7b5dc70e069d6dcb6e9488e97e"
score = 75
quality = 80
@@ -242462,8 +242635,8 @@ rule SEKOIA_Apt_Ir_Sugarush_Implant : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_ir_sugarush_implant.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_ir_sugarush_implant.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0d249552013c29ce1eb66dca2d93e5cde0a1b0fb80aae55469bec3bda224be91"
score = 75
quality = 80
@@ -242490,8 +242663,8 @@ rule SEKOIA_Apt_Kimsuky_Sharptongue_Strings : FILE
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharptongue_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharptongue_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a7a9045485f6e713a8ae1bc87cd1296d64905b18e5d13d6e2b9a95328181af54"
score = 75
quality = 80
@@ -242517,8 +242690,8 @@ rule SEKOIA_Apt_Toddycat_Toddybox_Strings : FILE
date = "2023-11-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_toddycat_toddybox_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_toddycat_toddybox_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b71fad12d4485268cbeff98b8a8d6067ac8f62164be60cdb61f3f37ab471a247"
score = 75
quality = 80
@@ -242548,8 +242721,8 @@ rule SEKOIA_Tool_Xiebroc2_Strings
date = "2024-09-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_xiebroc2_strings.yar#L1-L40"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_xiebroc2_strings.yar#L1-L40"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "84e665bcbf963a2cf67d879aa3422d79"
hash = "3558c376420724694ba244a2e2acd20c"
hash = "e29fb9cd825db51a7a2e519f188e61ba"
@@ -242597,8 +242770,8 @@ rule SEKOIA_Backdoor_Xploitspy_Strings : FILE
date = "2022-08-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_xploitspy_strings.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_xploitspy_strings.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "eabb1dbeaa8aefc33beb7fb158bbd8ad2c5b848d34c99473704da36a6dc461aa"
score = 75
quality = 80
@@ -242632,8 +242805,8 @@ rule SEKOIA_Apt_Badmagic_Commonmagic_Generic_1 : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_commonmagic_generic_1.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_commonmagic_generic_1.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "513226d050945af1a8bbc51f9a48936c815bfc6cd43b0766e34ac000d3c90625"
score = 75
quality = 80
@@ -242659,8 +242832,8 @@ rule SEKOIA_Apt_Cloudatlas_Powershower_Obfuscated : FILE
date = "2022-11-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_powershower_obfuscated.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_powershower_obfuscated.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fdb1edb3982eb5356cdf5fd1fa9fcc41d5048848b2a05589e87836ac0b05ec7a"
score = 75
quality = 80
@@ -242685,8 +242858,8 @@ rule SEKOIA_Builder_Win_Royalroad_Rtf : FILE
date = "2022-06-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/builder_win_royalroad_rtf.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/builder_win_royalroad_rtf.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "831962105248e33422344d1431b90f2b567439b54252668f9294ea388f405b41"
score = 75
quality = 80
@@ -242710,8 +242883,8 @@ rule SEKOIA_Infostealer_Win_Vidar_Str_Jul22 : FILE
date = "2022-07-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_vidar_str_jul22.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_vidar_str_jul22.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "394d148155d46753df188a252678c5ce9d0aa321da8907e74b844d5aa8494a47"
score = 75
quality = 80
@@ -242747,8 +242920,8 @@ rule SEKOIA_Apt_Badmagic_Commonmagic_Generic_2 : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_commonmagic_generic_2.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_commonmagic_generic_2.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d3916ab749ae5b6e0a8abdc9641de13e0328809a6e20c6ce04ada5dbfb742689"
score = 75
quality = 80
@@ -242774,8 +242947,8 @@ rule SEKOIA_Crime_Sload_Vbs_Downloader_Strings_1 : FILE
date = "2022-08-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crime_sload_vbs_downloader_strings_1.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crime_sload_vbs_downloader_strings_1.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "06e4fcb6c48078c6c44d779820fc901b0f335b9495097ed28206826a959d0712"
score = 75
quality = 80
@@ -242800,8 +242973,8 @@ rule SEKOIA_Tool_Iodine_Strings : FILE
date = "2024-02-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_iodine_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_iodine_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "049b5af42d204061bd7e0c0294bb0abea492647dce8ec63fa3f296d1a19cb246"
score = 75
quality = 80
@@ -242827,8 +243000,8 @@ rule SEKOIA_Koi_Koiloader : FILE
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/koi_koiloader.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/koi_koiloader.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7b4f12b0dec3927a46db1c8b2163e54a0a515d2b7360ba94647097fecf3d4653"
score = 75
quality = 80
@@ -242854,8 +243027,8 @@ rule SEKOIA_Water_Sigbin_Group
date = "2024-06-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/water_sigbin_group.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/water_sigbin_group.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dd51945bf79e37b50d377eda3641eb32438dcb5a1c55fb4a9b66a5b5a8b5ed0d"
score = 75
quality = 80
@@ -242881,8 +243054,8 @@ rule SEKOIA_Tool_Dogtunnel_Strings : FILE
date = "2024-03-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_dogtunnel_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_dogtunnel_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "04e7141e67ba841b0955b9e36c43be1f5b22e635b96d58b8b1b52fd507ddd929"
score = 75
quality = 80
@@ -242909,8 +243082,8 @@ rule SEKOIA_Apt_Kimsuky_Sharpext_Devtoolmodule_Strings : FILE
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharpext_devtoolmodule_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharpext_devtoolmodule_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "61007801d28636c6d88b14225f34910d03e82337520257637a5017d58600b2bc"
score = 75
quality = 80
@@ -242936,8 +243109,8 @@ rule SEKOIA_Loader_Win_Jennlog
date = "2021-10-04"
modified = "2024-12-19"
reference = "https://www.sentinelone.com/labs/new-version-of-apostle-ransomware-reemerges-in-targeted-attack-on-higher-education/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_jennlog.yar#L4-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_jennlog.yar#L4-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0ffcd1f35570b28a1bd6f9a0361f8f921942f7345dcb2896fc092bb92f7d4d6d"
score = 75
quality = 80
@@ -242957,8 +243130,8 @@ rule SEKOIA_Apt_Gamaredon_Getlogicaldrive_Hunting : FILE
date = "2023-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_getlogicaldrive_hunting.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_getlogicaldrive_hunting.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4ec19e4d5723bc33d6f11598ce538403678e906bc416b58fea6e1b10cd26e5b6"
score = 50
quality = 60
@@ -242987,8 +243160,8 @@ rule SEKOIA_Implant_Win_Apt29_2022_10
date = "2023-02-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_apt29_2022_10.yar#L4-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_apt29_2022_10.yar#L4-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b9300c2f06b54b16e1cab579d686d986caacf3b6eccec3a4e62d58e94b50bfb4"
score = 75
quality = 80
@@ -243010,8 +243183,8 @@ rule SEKOIA_Loader_Win_Erbium : FILE
date = "2022-09-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_erbium.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_erbium.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e93e9dbf0e5412afa4640b4cf5d94374c4df38f8044d44c375e86508c0d4190a"
score = 75
quality = 80
@@ -243038,8 +243211,8 @@ rule SEKOIA_Backdoor_Win_Minibus : FILE
date = "2024-02-29"
modified = "2024-12-19"
reference = "https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_minibus.yar#L4-L41"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_minibus.yar#L4-L41"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "57dabcc15c84c4497b3561f19a7e464fb0dfe93576f4caea88c7cd8534cb4bfd"
score = 75
quality = 80
@@ -243065,8 +243238,8 @@ rule SEKOIA_Win_Loader_Astasialoader_Strings : FILE
date = "2023-08-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/win_loader_astasialoader_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/win_loader_astasialoader_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "44b6f7508a82ff6a4d65defc189303eeee393b5fd498de73d74d0a2c75c87401"
logic_hash = "02a7bed506865d761ec03b8de4b7fc636b71f48c62e933013f2ffa23deabb62e"
score = 75
@@ -243097,8 +243270,8 @@ rule SEKOIA_Apt_Oilrig_Saitama_Backdoor_May2022_2 : FILE
date = "2022-05-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_saitama_backdoor_may2022_2.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_saitama_backdoor_may2022_2.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "622c386d4b10b81a5c84f9c093d91add04497a707ba88e8395fda8587b5c3791"
score = 75
quality = 80
@@ -243125,8 +243298,8 @@ rule SEKOIA_Apt_Kimsuky_Sharptongue_Vbslauncher_Strings : FILE
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharptongue_vbslauncher_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharptongue_vbslauncher_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9e1383a71b4ab5ca1de5016061f0e9c83e6f3e1a41eef25dae15cd1aab8b581f"
score = 75
quality = 80
@@ -243151,8 +243324,8 @@ rule SEKOIA_Backdoor_Win_Sponsor : FILE
date = "2024-03-29"
modified = "2024-12-19"
reference = "https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_sponsor.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_sponsor.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "844104863e8e0c49da3a41d39fe210e01329eeaecec6ffc231aae12392773ef6"
score = 75
quality = 80
@@ -243183,8 +243356,8 @@ rule SEKOIA_Infostealer_Win_Edgeguard : FILE
date = "2023-08-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_edgeguard.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_edgeguard.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "11396aea2e166456ec8311f95a8037aac41f69caf3158f8c19cb0c38327842d6"
score = 75
quality = 80
@@ -243224,8 +243397,8 @@ rule SEKOIA_Apt_Gamaredon_Htmlsmuggling_Attachment_Stage2 : FILE
date = "2023-01-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_htmlsmuggling_attachment_stage2.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_htmlsmuggling_attachment_stage2.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "42e637f628db6719342ae104c6c89bb80609c5f3f5c2586daccb31f7d688a2a1"
score = 75
quality = 80
@@ -243252,8 +243425,8 @@ rule SEKOIA_Ransomware_Win_Fonix : FILE
date = "2021-10-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_fonix.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_fonix.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2085fae62c07f63723a417566c204b0a9942de35ed80272d1486dc2c96ca0037"
score = 75
quality = 80
@@ -243277,8 +243450,8 @@ rule SEKOIA_Backdoor_Lin_Bpfdoor : FILE
date = "2022-05-05"
modified = "2024-12-19"
reference = "https://github.com/Neo23x0/signature-base/blob/master/yara/mal_lnx_implant_may22.yar"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_lin_bpfdoor.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_lin_bpfdoor.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c917bd12731d761645adea72bc68c50927a0c2b0c31b2109f7065a992d338329"
score = 75
quality = 80
@@ -243304,8 +243477,8 @@ rule SEKOIA_Backdoor_Powershellempire_Csharp : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_powershellempire_csharp.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_powershellempire_csharp.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "536ef1167627c3dadb866d55e7eae2220c3fbd6961e2cfa71656656d984b9b90"
score = 75
quality = 80
@@ -243336,8 +243509,8 @@ rule SEKOIA_Tool_Htran_Strings : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_htran_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_htran_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6a414cec8ad623c735779b9005074f88b07d88b29b23918d98a541a2612a3fa0"
score = 75
quality = 80
@@ -243365,8 +243538,8 @@ rule SEKOIA_Ransomware_Win_Avoslocker : FILE
date = "2021-08-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_avoslocker.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_avoslocker.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d7f14f78ac569011ecf964109c72d75de4942361033a544350a2f73c7af64a0c"
score = 75
quality = 80
@@ -243395,8 +243568,8 @@ rule SEKOIA_Exploit_Linux_Eop_Dirtypipe_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_dirtypipe_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_dirtypipe_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0abb8de541acea57ced20f66c0aad7b010fea647996039809d36e94555dee204"
score = 75
quality = 80
@@ -243422,8 +243595,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_10 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_10.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_10.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6ded3f5b7e9c7f2c09e3bc0869e41775e4bb31a39e6fef8209f50f5091e8d2e2"
score = 75
quality = 80
@@ -243448,8 +243621,8 @@ rule SEKOIA_Apt_Mustangpanda_Coolclient : FILE
date = "2023-03-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_coolclient.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_coolclient.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9fd552604299ecb8fa28042ee26e72bbe4fb9804ad087bf4a373b2c2e17d43b0"
score = 75
quality = 80
@@ -243474,8 +243647,8 @@ rule SEKOIA_Tool_Ssf_Strings : FILE
date = "2024-05-31"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_ssf_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_ssf_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a6fa09a25c90e00466a2b59f8c604084996224c93021ad72ed8705bf05da5d97"
score = 75
quality = 80
@@ -243505,8 +243678,8 @@ rule SEKOIA_Apt_Granitetyphoon_Sword2023_Strings : FILE
date = "2023-05-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_granitetyphoon_sword2023_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_granitetyphoon_sword2023_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8644547f093295eeac30c9040796329a3e2222c06a942d14899545726c8bed78"
score = 75
quality = 80
@@ -243533,11 +243706,11 @@ rule SEKOIA_Technique_Csv_Dde_Exec_Regex : FILE
date = "2022-02-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/technique_csv_dde_exec_regex.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/technique_csv_dde_exec_regex.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fd4c64ad094b8ed543cc6990f2e4f341bb38ba0b4d335347e5676475da94dc06"
score = 75
- quality = 28
+ quality = 53
tags = "FILE"
version = "1.0"
classification = "TLP:CLEAR"
@@ -243561,8 +243734,8 @@ rule SEKOIA_Apt_Sandworm_Orcshred_Apr2022 : FILE
date = "2022-04-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sandworm_orcshred_apr2022.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sandworm_orcshred_apr2022.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "de38cf43fa5cc756c26ae241f2e60636c2aabbe4254fdeca2340c62873498de7"
score = 75
quality = 80
@@ -243588,8 +243761,8 @@ rule SEKOIA_Infostealer_Win_Spacestealer : FILE
date = "2022-11-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_spacestealer.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_spacestealer.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "94edfd0606816ff01d1345357a852cab4321d8881921e51ba96d8d2d4cb893b5"
score = 75
quality = 80
@@ -243628,8 +243801,8 @@ rule SEKOIA_Keylogger_Win_Donot
date = "2023-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/keylogger_win_donot.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/keylogger_win_donot.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "eb935f84335e934346511b4108f70df469deef6ecaaba809c144197c04a28f64"
score = 75
quality = 80
@@ -243654,8 +243827,8 @@ rule SEKOIA_Downloader_Win_Apt33_Tickler : FILE
date = "2024-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_apt33_tickler.yar#L4-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_apt33_tickler.yar#L4-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e6fff291b73812e5a999fbc566e8f7181dcdf01b849a9664ba05fe0a2bc982fe"
score = 75
quality = 80
@@ -243675,8 +243848,8 @@ rule SEKOIA_Tool_Tacticalrmm_Installer_Strings : FILE
date = "2024-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_tacticalrmm_installer_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_tacticalrmm_installer_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0f8d66eb1c9c6ed9571a1dd7de05072aec6d3cda874618889d4fd51e5965bb26"
score = 75
quality = 80
@@ -243702,8 +243875,8 @@ rule SEKOIA_Tool_Cheat_Engine : FILE
date = "2024-07-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_cheat_engine.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_cheat_engine.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2a70016be13c4eff7f7381fd0e34c345c95f09d4cd8b754ea68d59adfe3fe4b6"
score = 75
quality = 80
@@ -243733,8 +243906,8 @@ rule SEKOIA_Bot_Lin_Kinsing_Strings : FILE
date = "2023-11-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bot_lin_kinsing_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bot_lin_kinsing_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "164b22734541d43047a2ea868cf0a269efe69c64a6392030168f4d391b1be777"
score = 75
quality = 80
@@ -243765,8 +243938,8 @@ rule SEKOIA_Apt_Unk_Dex_China_Freedom_Trap_Spyware : FILE
date = "2022-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unk_dex_china_freedom_trap_spyware.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unk_dex_china_freedom_trap_spyware.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "ceb70fce74898ea64ded6880a978441c"
logic_hash = "f85f78a1a58fa8b2698637f8c540877ea1c5141ff7f74e8c2f2755f5aba5a599"
score = 75
@@ -243804,8 +243977,8 @@ rule SEKOIA_Apt_Mustangpanda_Maliciousdll_Loading_Plugx_Strings
date = "2023-12-18"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_maliciousdll_loading_plugx_strings.yar#L3-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_maliciousdll_loading_plugx_strings.yar#L3-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "651c096cf7043a01d939dff9ba58e4d69f15b2244c71b43bedb4ada8c37e8859"
logic_hash = "667901d36585248a891b90ff8ed7006030151fbbbe0d4a85570944a94edba7f8"
score = 75
@@ -243834,8 +244007,8 @@ rule SEKOIA_Hacktool_Win_Gmer : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_win_gmer.yar#L3-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_win_gmer.yar#L3-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dbd4e97c343dcb14c6e814afa820a9fbb5aa4290c7ddf9d864029bb35bb96dbf"
score = 75
quality = 80
@@ -243860,8 +244033,8 @@ rule SEKOIA_Apt_Badmagic_Installpzz_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_installpzz_pshscript.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_installpzz_pshscript.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "58256cffd1d5060769f304393c22b6488abe9515eb7df2a967ba2fed85a9ec9a"
score = 75
quality = 80
@@ -243887,8 +244060,8 @@ rule SEKOIA_Launcher_Win_Romcom_Launcher : FILE
date = "2022-11-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/launcher_win_romcom_launcher.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/launcher_win_romcom_launcher.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7d94f187c3fb85cbfe961dd3b292dc1abd36a8cee7c9ff9ec08c4c1e23d38588"
score = 75
quality = 78
@@ -243911,8 +244084,8 @@ rule SEKOIA_Loader_Win_Aresloader : FILE
date = "2023-05-02"
modified = "2024-12-19"
reference = "https://blog.cyble.com/2023/04/28/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_aresloader.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_aresloader.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2edbb625394506e865580373d5c3454b4fa201183c84d247b4373f24e25f5fd4"
score = 75
quality = 80
@@ -243947,8 +244120,8 @@ rule SEKOIA_Apt_Cloudatlas_Stagescalldllmainafterexec
date = "2023-10-31"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_stagescalldllmainafterexec.yar#L1-L46"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_stagescalldllmainafterexec.yar#L1-L46"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6d1c1717b4012e72b0069068158265dfd215cd7685a5489aba3de4a9024bfa28"
score = 75
quality = 80
@@ -244002,8 +244175,8 @@ rule SEKOIA_Infostealer_Win_Daolpu_Str : FILE
date = "2024-07-23"
modified = "2024-12-19"
reference = "https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_daolpu_str.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_daolpu_str.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9372a88efcdca6ca57f354fb31569522e5458271cc51dfedf09c6178a47a5b67"
score = 75
quality = 80
@@ -244037,8 +244210,8 @@ rule SEKOIA_Implant_Win_Magicrat : FILE
date = "2022-09-13"
modified = "2024-12-19"
reference = "https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_magicrat.yar#L4-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_magicrat.yar#L4-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9abc223c5ae9300b06b9161cbd9f5a501b6aaf46970b0bb74d98168792b7e659"
score = 75
quality = 80
@@ -244062,8 +244235,8 @@ rule SEKOIA_Rat_Win_Ninerat
date = "2023-12-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_ninerat.yar#L4-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_ninerat.yar#L4-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bbb695444a6ec0d6049d0ce233ca37de6f78393e5ceb5d454867c8b554269684"
score = 75
quality = 80
@@ -244093,8 +244266,8 @@ rule SEKOIA_Infostealer_Win_Aurora : FILE
date = "2022-11-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_aurora.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_aurora.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e88cbb012ffb65aa8a70b76163a834c0bc4615b0effc93945c6d915e33c04549"
score = 75
quality = 78
@@ -244137,8 +244310,8 @@ rule SEKOIA_Apt_Muddywater_Powershell_Reverse_Secure_Proxy
date = "2023-11-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_powershell_reverse_secure_proxy.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_powershell_reverse_secure_proxy.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6507bc030d60af5559492bbb02bc619646306ab06c9bd9d3f78ae6ce55307bda"
score = 75
quality = 80
@@ -244163,8 +244336,8 @@ rule SEKOIA_Apt_Mustangpanda_Tonedrop : FILE
date = "2023-06-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_tonedrop.yar#L1-L43"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_tonedrop.yar#L1-L43"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "97f9138810fbc56fa1cab671865b3234f63fcd0f9a15ba012dfe76e86c6dbd48"
score = 75
quality = 78
@@ -244211,8 +244384,8 @@ rule SEKOIA_Hacktool_Win_Uknowseckeylogger : FILE
date = "2022-10-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_win_uknowseckeylogger.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_win_uknowseckeylogger.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "83a731a5b1853edcce963d458fc170206086305f3e43403c930c9633918e8ff1"
score = 75
quality = 80
@@ -244240,8 +244413,8 @@ rule SEKOIA_Apt_Gamaredon_Stealer_Obfuscation_1 : FILE
date = "2022-02-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_stealer_obfuscation_1.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_stealer_obfuscation_1.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7f6a5f8af73c4eb7debbadfd22232ad4e3f44e3aae36c3d624ce7a1a050e8782"
score = 75
quality = 80
@@ -244265,8 +244438,8 @@ rule SEKOIA_Backdoor_Lin_Bifrost : FILE
date = "2024-03-05"
modified = "2024-12-19"
reference = "https://unit42.paloaltonetworks.com/new-linux-variant-bifrost-malware/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_lin_bifrost.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_lin_bifrost.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a3fd671c02c29f67cf5b8d2d0e857336da72f989688f2db19cd028398080c5e2"
score = 75
quality = 80
@@ -244293,8 +244466,8 @@ rule SEKOIA_Apt_Unk_Hrserv_Webshell_Strings : FILE
date = "2023-11-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unk_hrserv_webshell_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unk_hrserv_webshell_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b5650e08227bbdb82c635bd67abae57e3107be9126639619809bfbe2a7ffee89"
score = 75
quality = 80
@@ -244323,8 +244496,8 @@ rule SEKOIA_Loader_Win_Squirrelwaffle_Doc : FILE
date = "2021-09-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_squirrelwaffle_doc.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_squirrelwaffle_doc.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b9f7c3605e25c8c7caa5f70e492d46fb70e7cb6002704440e7346ebfb2bbc7bf"
score = 75
quality = 76
@@ -244348,8 +244521,8 @@ rule SEKOIA_Rat_Win_Konni_Rat : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_konni_rat.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_konni_rat.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "764e75d3e433a8784e826f436896c50c9622129412ff277b55ec9aaf1402ff5e"
score = 75
quality = 80
@@ -244380,8 +244553,8 @@ rule SEKOIA_Wiper_Win_Ruransom : FILE
date = "2022-11-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/wiper_win_ruransom.yar#L4-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/wiper_win_ruransom.yar#L4-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e16cfe7a273bfa01e2ae56174e6ea10a84d42542a62dda5e7b095a0c30082a31"
score = 75
quality = 80
@@ -244406,8 +244579,8 @@ rule SEKOIA_Infostealer_Win_Nekostealer : FILE
date = "2023-01-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_nekostealer.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_nekostealer.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f027775bebb48ceb128392040ec2ac8ad84f2a2009760c040e4d376c2f06b663"
score = 75
quality = 80
@@ -244434,8 +244607,8 @@ rule SEKOIA_Exploit_Linux_Eop_Ubuntu_Overlayfs_Local_Privesc_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_ubuntu_overlayfs_local_privesc_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "48ff9d2a10eef1e9b9088ba4a53aa77f43324e5d51da65b65a5829276067f011"
score = 75
quality = 80
@@ -244463,8 +244636,8 @@ rule SEKOIA_Apt_Gelsemium_Firewood_Backdoor : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gelsemium_firewood_backdoor.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gelsemium_firewood_backdoor.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2251bc7910fe46fd0baf8bc05599bdcf"
logic_hash = "dea8c7cfb35b3cc026a0df844e118b495e3ad0a85f55e2fd3b63a41dde2ea944"
score = 75
@@ -244491,8 +244664,8 @@ rule SEKOIA_Hacktool_Ligolo_Strings : FILE
date = "2022-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_ligolo_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_ligolo_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "12609bed61ef4d86737bc652a75c74f01e4a251466129ff56da0d7e002566d50"
score = 75
quality = 80
@@ -244519,8 +244692,8 @@ rule SEKOIA_Apt_Gamaredon_Ddrdoh_Vbs_Downloader_Vbs : FILE
date = "2023-01-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader_vbs.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c91e1ce26c0735e8c68fe39f2fbeda8aed51cd4f9a0b967b5d184843728dcef4"
score = 75
quality = 78
@@ -244548,8 +244721,8 @@ rule SEKOIA_Apt_Cloudatlas_Init_Module_Virtualalloc : FILE
date = "2023-09-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_init_module_virtualalloc.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_init_module_virtualalloc.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "31ffaeccc0b8fe36eea3b3a8200eff6a420b1a3937fd439dc84121654fcea502"
score = 75
quality = 80
@@ -244582,8 +244755,8 @@ rule SEKOIA_Apt_Globalshadow : FILE
date = "2024-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_globalshadow.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_globalshadow.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "68c16b6f178c88c12c9555169887c321"
logic_hash = "034a994be5d5b00fc7d1a43a0cb0b5b576358cea26f3354fd574132560ca0ae3"
score = 75
@@ -244617,8 +244790,8 @@ rule SEKOIA_Apt_Ta410_Flowcloud_Rtti : FILE
date = "2022-10-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_ta410_flowcloud_rtti.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_ta410_flowcloud_rtti.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "97f052c409c9b5de025d34180979cd4c322e67bab9f894d3b56c928340a6859b"
score = 75
quality = 80
@@ -244643,8 +244816,8 @@ rule SEKOIA_Apt_Emissarypanda_Web_Auto_Attack_Tool : FILE
date = "2022-08-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_emissarypanda_web_auto_attack_tool.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_emissarypanda_web_auto_attack_tool.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bc55758367ba0a6b5cf963bcb51b7770b2c7b1cf43b0b79e663b4110f6a7bba8"
score = 75
quality = 80
@@ -244673,8 +244846,8 @@ rule SEKOIA_Tool_Exploit_Rottenpotato_Strings : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_exploit_rottenpotato_strings.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_exploit_rottenpotato_strings.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c634fcced6889caf895ddf57bab5564fb2b0a4c83f1d6ba4dae655f2e5d935db"
score = 75
quality = 80
@@ -244707,8 +244880,8 @@ rule SEKOIA_Apt_Muddywater_Powgoop_Decode_Loop : FILE
date = "2022-01-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_powgoop_decode_loop.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_powgoop_decode_loop.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1d60f53014fb1934a85a573856244431c8f565c2f024511991817e6235566815"
score = 75
quality = 80
@@ -244733,8 +244906,8 @@ rule SEKOIA_Infostealer_Win_Raccoon_Str_Takemypainback : FILE
date = "2022-10-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_raccoon_str_takemypainback.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_raccoon_str_takemypainback.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "50d30828dab7e197619eeac4ebd2ab6692a9ac40a5091e23642cd1bdde8e9910"
score = 75
quality = 80
@@ -244761,8 +244934,8 @@ rule SEKOIA_Apt_Kimsuky_Vbs : FILE
date = "2024-09-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_vbs.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_vbs.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "12386be22ca82fce98a83a5a19e632bc"
hash = "7b5783d42240651af78ebf7e01b31fe8"
hash = "ff7d68e5fb253664ce64c85457b28041"
@@ -244793,8 +244966,8 @@ rule SEKOIA_Infostealer_Win_Acridrain_Mar23 : FILE
date = "2023-03-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_acridrain_mar23.yar#L1-L40"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_acridrain_mar23.yar#L1-L40"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7fa1822acc6264a3a58fffef3fc572f8818d99037b20d5abb8bfb41f025949d4"
score = 75
quality = 78
@@ -244840,8 +245013,8 @@ rule SEKOIA_Apt_Apt28_Wayzgoose_Exploit_String : FILE
date = "2024-04-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_wayzgoose_exploit_string.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_wayzgoose_exploit_string.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "804de275f7e8c43fe5690c0bd9338b134c0c47f845f1c3b3a747c3765815084c"
score = 75
quality = 80
@@ -244868,8 +245041,8 @@ rule SEKOIA_Backdoor_Win_Spacecolon : FILE
date = "2023-08-25"
modified = "2024-12-19"
reference = "https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_spacecolon.yar#L1-L39"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_spacecolon.yar#L1-L39"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1251df19c521e9ee9da307d56eea265265f2bee4a8e7eec099e4ebfb4e2bd7a2"
score = 75
quality = 78
@@ -244915,8 +245088,8 @@ rule SEKOIA_Clipper_Win_Cryptoclippy : FILE
date = "2023-04-11"
modified = "2024-12-19"
reference = "https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/clipper_win_cryptoclippy.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/clipper_win_cryptoclippy.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "057cb5bb957c2338a50c05cfa0177f75bcf263281ddcc5f365298bccafc64cb4"
score = 75
quality = 80
@@ -244948,8 +245121,8 @@ rule SEKOIA_Apt_Scanbox_Obfuscated_Versions : FILE
date = "2022-09-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_scanbox_obfuscated_versions.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_scanbox_obfuscated_versions.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0395d1ac9a593aa8249f6d16c485e431349cecf2f379d2b5bac466541f71968c"
score = 75
quality = 80
@@ -244977,8 +245150,8 @@ rule SEKOIA_Guerrilla_Lemongroup : FILE
date = "2023-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/guerrilla_lemongroup.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/guerrilla_lemongroup.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b644cb537a42217f2549f37bfe07ae0b7ba39fc248ab3d5fd870384c7684683b"
score = 75
quality = 80
@@ -245011,8 +245184,8 @@ rule SEKOIA_Generic_Php_Webshell : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_php_webshell.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_php_webshell.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "617264a785b8e9e87a39e12d7b72963d94e0686a174716347369fe71ab7a78af"
score = 75
quality = 80
@@ -245035,8 +245208,8 @@ rule SEKOIA_Apt_Apt37_Malicious_Hta_File : FILE
date = "2023-03-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt37_malicious_hta_file.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt37_malicious_hta_file.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "85289bea86641ea9c359c361d075783449d453017485170abc87c47872792210"
score = 75
quality = 80
@@ -245064,8 +245237,8 @@ rule SEKOIA_Apt_Apt_K_47_Walkershell : FILE
date = "2024-02-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt_k_47_walkershell.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt_k_47_walkershell.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0dffd8e4d6c244a4faea0f8b8cda1e544a732ad9982e7963b21d5f71080f8f5d"
score = 75
quality = 80
@@ -245093,8 +245266,8 @@ rule SEKOIA_Tool_Paexec_Strings : FILE
date = "2022-09-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_paexec_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_paexec_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9c3bae822fd317bdc89c07542b05f6255d6af214071194570500eb2a12924ff6"
score = 75
quality = 80
@@ -245120,8 +245293,8 @@ rule SEKOIA_Apt_Ta410_Driver_Keylogger : FILE
date = "2022-10-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_ta410_driver_keylogger.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_ta410_driver_keylogger.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5ed152cc068f194cb7bf8c34744f0f1ebd4f621e6ae47f14bab64b18d94af4c5"
score = 75
quality = 80
@@ -245151,8 +245324,8 @@ rule SEKOIA_Exploit_Linux_Eop_Pwnkit_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_pwnkit_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_pwnkit_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9805cc7a6022f7a3372df5d74cef68c6fd0e51072154c82212415846f3603667"
score = 75
quality = 80
@@ -245181,8 +245354,8 @@ rule SEKOIA_Infostealer_Win_Lighting : FILE
date = "2022-04-07"
modified = "2024-12-19"
reference = "https://blog.cyble.com/2022/04/05/inside-lightning-stealer/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_lighting.yar#L1-L40"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_lighting.yar#L1-L40"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1c1d39ce886a433a352c55bf436b959ef528ad7ce38027243ed5b5f1ac79822f"
score = 75
quality = 78
@@ -245226,8 +245399,8 @@ rule SEKOIA_Tool_Enum4Linux_Strings
date = "2024-02-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_enum4linux_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_enum4linux_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d3f7ddbdfb679b34777298aec84464d55fac7600b855526a7f13d8c8f17ab888"
score = 75
quality = 80
@@ -245258,8 +245431,8 @@ rule SEKOIA_Loader_Win_Svcready_Imports : FILE
date = "2022-06-08"
modified = "2024-12-19"
reference = "https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_svcready_imports.yar#L3-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_svcready_imports.yar#L3-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f210c5363d19dbc822b8476f8ecfd86184af8f1c36819a6c868f171152e7cb74"
score = 75
quality = 80
@@ -245283,8 +245456,8 @@ rule SEKOIA_Hacktool_Gtunnel_Strings : FILE
date = "2023-04-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_gtunnel_strings.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_gtunnel_strings.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "76a67f0487fea7b890863bef06a48f665b611f7659eb374cd83cd4be01b812ab"
score = 75
quality = 55
@@ -245314,8 +245487,8 @@ rule SEKOIA_Apt_Andariel_Nestdoor_Variants_Strings : FILE
date = "2024-06-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_andariel_nestdoor_variants_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_andariel_nestdoor_variants_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bc01138d1fc079c2b778175742e121f10cb47f29cc4eb04d38b4f0f5740f05a4"
score = 75
quality = 80
@@ -245343,8 +245516,8 @@ rule SEKOIA_Hacktool_Microsocks_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_microsocks_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_microsocks_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b76b66fbdd9a7e2ea8adb68781d6b14c18189a8b330a61c2a65e7394ef8024c3"
score = 75
quality = 80
@@ -245369,8 +245542,8 @@ rule SEKOIA_Backdoor_Win_Andardoor : FILE
date = "2023-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_andardoor.yar#L4-L34"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_andardoor.yar#L4-L34"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "631836634222f4e081d3070c92150a4e14f06bcdd462fbfdf0756aa1f2661b59"
score = 75
quality = 80
@@ -245398,8 +245571,8 @@ rule SEKOIA_Apt_Gamaredon_Htmlsmuggling_Attachment : FILE
date = "2023-01-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_htmlsmuggling_attachment.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_htmlsmuggling_attachment.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e13da493404b27ef0c026ca32accbb30792981e810c099d633f5de225e241b4d"
score = 75
quality = 80
@@ -245425,8 +245598,8 @@ rule SEKOIA_Zip_Win_Abcloader
date = "2024-08-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/zip_win_abcloader.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/zip_win_abcloader.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "0c7d8e611781b29e15df415640858294"
logic_hash = "024d068a86432f35b0f7af0c4cdccb37d0979d01e90f7c9d1ae8a2dddfa3bfc8"
score = 75
@@ -245451,8 +245624,8 @@ rule SEKOIA_Apt_Lazarus_Lambload_Timecheck : FILE
date = "2023-11-27"
modified = "2024-12-19"
reference = "https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_lambload_timecheck.yar#L1-L67"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_lambload_timecheck.yar#L1-L67"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "019e559f3596cf83f7e7ada05f6550b50b2d45d577600fa549470b98af93e23b"
score = 75
quality = 80
@@ -245500,8 +245673,8 @@ rule SEKOIA_Malware_Win_Mex : FILE
date = "2022-07-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_win_mex.yar#L1-L57"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_win_mex.yar#L1-L57"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1335a212d1af0087cd0e0402f3d6c864d1aafd3df3f1e4bb3851c96c3ff403cb"
score = 75
quality = 55
@@ -245564,8 +245737,8 @@ rule SEKOIA_Tool_Gsocket_Strings : FILE
date = "2024-06-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_gsocket_strings.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_gsocket_strings.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c54308293a9f64b571282eac9fba01e4671ba6b0cd45936fab92d4d9af904bbb"
score = 75
quality = 80
@@ -245593,8 +245766,8 @@ rule SEKOIA_Apt_Oilrig_Oilbooster_Strings : FILE
date = "2023-12-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_oilbooster_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_oilbooster_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9562d373ba7602d250aec1eefa2d671da64e897e490da284ffa0e310074266cf"
score = 75
quality = 80
@@ -245620,8 +245793,8 @@ rule SEKOIA_Infostealer_Win_Phoenix : FILE
date = "2023-06-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_phoenix.yar#L1-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_phoenix.yar#L1-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c8a3a9a36c978cfc28fc6e21af10894161279dfd2e2ad665c3296fda10f6303d"
score = 75
quality = 80
@@ -245661,8 +245834,8 @@ rule SEKOIA_Apt_Apt10_Hui_Loader : FILE
date = "2022-07-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt10_hui_loader.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt10_hui_loader.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "33df202599c6bceff2cf76acdc0096f7167acb69c541b3cfe4cdc34edc174005"
score = 75
quality = 80
@@ -245685,8 +245858,8 @@ rule SEKOIA_Loader_Amadey_Stealer_Plugin : FILE
date = "2023-05-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_amadey_stealer_plugin.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_amadey_stealer_plugin.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0410492f9424797b670a14f43ce063458e59d7958e213c07c3d488a40bf370e6"
score = 75
quality = 80
@@ -245721,8 +245894,8 @@ rule SEKOIA_Radx_Stealer : FILE
date = "2023-12-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/radx_stealer.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/radx_stealer.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b83ca089bb0ea7ad8b0f372de9a95ea9d35514f6a063b63986e6fd25bdc07095"
score = 75
quality = 80
@@ -245749,8 +245922,8 @@ rule SEKOIA_Malware_Win_Lyceum_Maldoc_Macro_20220613
date = "2022-06-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_win_lyceum_maldoc_macro_20220613.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_win_lyceum_maldoc_macro_20220613.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a9f4957e8198b4cb2229913a405b3e0fc97cbd3598bb583dbfdaf56ca278d4cb"
score = 75
quality = 80
@@ -245773,8 +245946,8 @@ rule SEKOIA_Tool_Lsass_Dump_Strings : FILE
date = "2024-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_lsass_dump_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_lsass_dump_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "f4540f42902c068b9290239729c45324"
logic_hash = "7dfee9368297b3fd6c7f247a65b5344da0f5438c2145c5d53af48983d0d9a745"
score = 75
@@ -245800,8 +245973,8 @@ rule SEKOIA_Rat_Win_Xworm_V3 : FILE
date = "2023-03-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_xworm_v3.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_xworm_v3.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "0016647c3c7031e744c0af6f9eadb73ab5cab1ca4f8ce7633f4aa069b62755cd"
hash = "07e747a9313732d2dcf7609b6a09ac58d38f5643299440b827ec55f260e33c12"
hash = "de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147"
@@ -245839,8 +246012,8 @@ rule SEKOIA_Apt_Unk_Malicious_Lnk : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://www.seqrite.com/blog/operation-oxidovy-sophisticated-malware-campaign-targets-czech-officials-using-nato-themed-decoys/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unk_malicious_lnk.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unk_malicious_lnk.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "a8d7e56eb01a8cf576533db9af2e92ec"
logic_hash = "993411ceba45d1212a4840e6a35b72b52e64e78cbb2599ebc5c70c2fd3b8e552"
score = 75
@@ -245867,8 +246040,8 @@ rule SEKOIA_Infostealer_Win_Enigma_Initial_Loader : FILE
date = "2023-01-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_enigma_initial_loader.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_enigma_initial_loader.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "03b9d7296b01e8f3fb3d12c4d80fe8a1bb0ab2fd76f33c5ce11b40729b75fb23"
logic_hash = "b7687a480a2a633e7cc9a60d62f3392011712bd018ed634927419cfb4edb4a78"
score = 75
@@ -245900,8 +246073,8 @@ rule SEKOIA_Pe_Princeransomware_Strings : FILE
date = "2024-08-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/pe_princeransomware_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/pe_princeransomware_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "8bd8de169f45e32bab53f6e06088836d6f0526105f03efa1faf84f3b02c43011"
hash = "a83aad6861c8fdfe2392b8e286ab7051d223c6b0bbba5996165964f429657a37"
logic_hash = "18577c5673b4fc5280dee88aefac3747c254a97fdc84b584af241277361f6400"
@@ -245927,8 +246100,8 @@ rule SEKOIA_Infostealer_Win_Phoenixwave : FILE
date = "2022-04-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_phoenixwave.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_phoenixwave.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "efeffb2f0df4c2f8156c401bac5f44c415c4c3e02e84e8db55dad68488f39fea"
score = 75
quality = 80
@@ -245969,8 +246142,8 @@ rule SEKOIA_Hacktool_Duplicatedump_Strings : FILE
date = "2023-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_duplicatedump_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_duplicatedump_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "feff083ed432781884941fc02eee6d6ce54f70f1b85d24db2f3e1d0147a81a7a"
score = 75
quality = 80
@@ -245997,8 +246170,8 @@ rule SEKOIA_Tool_Nssm_Strings : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_nssm_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_nssm_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "beceae2fdc4f7729a93e94ac2ccd78cc"
logic_hash = "ca883f3ed9f510cbcd9b96ad167e9d6725341c311b023f22edcba721e801f07d"
score = 75
@@ -246027,8 +246200,8 @@ rule SEKOIA_Implant_Win_Lyceum : FILE
date = "2022-06-13"
modified = "2024-12-19"
reference = "https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_lyceum.yar#L4-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_lyceum.yar#L4-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f6b4acf48877c1dd62fd2bfa19d701b0a79f052ec44fc5d4fe3dc7b02aa689c8"
score = 75
quality = 80
@@ -246052,8 +246225,8 @@ rule SEKOIA_Tool_Rathole_Strings : FILE
date = "2024-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_rathole_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_rathole_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f7c42328a38b2c101ea2d179b6adf9cf3d842d9e1c91e85fc6e684ee4f82458f"
score = 75
quality = 80
@@ -246080,8 +246253,8 @@ rule SEKOIA_Apt_Cloudatlas_Powershower_Variant : FILE
date = "2023-12-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_powershower_variant.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_powershower_variant.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7bcfafd5a52d685fe33715c8c3725d95947c65863902fde05cf85685a6bfeab8"
score = 75
quality = 80
@@ -246105,8 +246278,8 @@ rule SEKOIA_Evilnumpayload_Fmtstr
date = "2022-07-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/evilnumpayload_fmtstr.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/evilnumpayload_fmtstr.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7aa55d0677e58658bb76a2d7386a7434011b5f9b8c9de1b718c37f85907ddcc3"
score = 75
quality = 80
@@ -246141,8 +246314,8 @@ rule SEKOIA_Apt_Badmagic_Generic_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_generic_pshscript.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_generic_pshscript.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f442e1ba815cc7eae0c627db5ad1917021d69b8ce37155923a0f19776aeba95d"
score = 75
quality = 80
@@ -246166,8 +246339,8 @@ rule SEKOIA_Implant_Any_Sliver_Not_Stripped : FILE
date = "2021-11-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_any_sliver_not_stripped.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_any_sliver_not_stripped.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5240f3ea1fb421697eeb12eb17d0b31c036b53f39c3a590473d87065b5d28e3e"
score = 75
quality = 80
@@ -246191,8 +246364,8 @@ rule SEKOIA_Tool_Godpotato : FILE
date = "2023-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_godpotato.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_godpotato.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ea182b187fcd1ba61d3e2d10a689cf0212267dede1342e817e47551506a780ab"
score = 75
quality = 80
@@ -246221,8 +246394,8 @@ rule SEKOIA_Apt_Kimsuky_Vbs_Powershell_Downloader : FILE
date = "2022-08-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_vbs_powershell_downloader.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_vbs_powershell_downloader.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dc24ca206a3122b34be978287f907b12c809f76058fe9355bbd00b3159b0a4d4"
score = 75
quality = 80
@@ -246247,8 +246420,8 @@ rule SEKOIA_Loader_Win_Konni_Wpnprv : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_konni_wpnprv.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_konni_wpnprv.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "32178c97795aeead9c186e0b7fb508376045acb7534e6ce9e617c06fd399c3da"
score = 75
quality = 55
@@ -246276,8 +246449,8 @@ rule SEKOIA_Generic_Bat_Script_Mock_Http_Services : FILE
date = "2023-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_bat_script_mock_http_services.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_bat_script_mock_http_services.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d34be59cfb054895381580e7852bba6b899cfb680882b7fd24a72438131c3bee"
score = 75
quality = 80
@@ -246307,8 +246480,8 @@ rule SEKOIA_Apt_Toddycat_Waexp_Strings : FILE
date = "2024-04-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_toddycat_waexp_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_toddycat_waexp_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4377183b326329fb14ae3911fbb1e29cde220d7b247d048fba4bbbda9de8938d"
score = 75
quality = 80
@@ -246334,8 +246507,8 @@ rule SEKOIA_Rootkit_Win_Purplefox_Kernel_Driver : FILE
date = "2022-03-28"
modified = "2024-12-19"
reference = "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/c/purple-fox-uses-new-arrival-vector-and-improves-malware-arsenal/IOCs-Purple-Fox.txt"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rootkit_win_purplefox_kernel_driver.yar#L3-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rootkit_win_purplefox_kernel_driver.yar#L3-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "91d7caca7c0c41e70813d52b5662bf0238d078fca519bfc2c03f3f87fe3805b8"
score = 75
quality = 80
@@ -246362,8 +246535,8 @@ rule SEKOIA_Apt_Apt29_Quarterrig
date = "2023-04-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt29_quarterrig.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt29_quarterrig.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9628418789a9bc24c7e44dbc9106ffa6316aefebe33b91c749b54cb5462b1309"
score = 75
quality = 80
@@ -246389,8 +246562,8 @@ rule SEKOIA_Apt_Lazarus_Pondrat : FILE
date = "2024-09-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_pondrat.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_pondrat.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "b62c912de846e743effdf7e5654a7605"
hash = "61d7b2c7814971e5323ec67b3a3d7f45"
hash = "ce35c935dcc9d55b2c79945bac77dc8e"
@@ -246422,8 +246595,8 @@ rule SEKOIA_Apt_Evasive_Panda_Downloader_Certificate_Exe : FILE
date = "2024-03-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_evasive_panda_downloader_certificate_exe.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_evasive_panda_downloader_certificate_exe.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "38115b463378f58035a0ef0536a6af4adbec7c275164758d312e95300670b695"
score = 75
quality = 80
@@ -246446,8 +246619,8 @@ rule SEKOIA_Malware_Swordldr : FILE
date = "2024-09-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_swordldr.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_swordldr.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "d0cc758082e303275cbb8cd6b2048eff"
hash = "7aa57da44718cd88f7d37b33a5d3ad74"
logic_hash = "9e408181b9122925c0ff9efdaed688e659596b58b9108c0f280d9bc1624d73cb"
@@ -246483,8 +246656,8 @@ rule SEKOIA_Apt_Reaper_2Fa_Phishing_Webpage
date = "2023-03-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_reaper_2fa_phishing_webpage.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_reaper_2fa_phishing_webpage.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3f0ae0b35ea181b4712feeb34e866519921917179297148982e5298df9f133a9"
score = 75
quality = 80
@@ -246515,8 +246688,8 @@ rule SEKOIA_Apt_Aptc60_Downloader_Strings : FILE
date = "2024-09-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_aptc60_downloader_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_aptc60_downloader_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "b14ef85a60ac71c669cc960bdf580144"
logic_hash = "f05480834e6d91a852a190a2ecec05aaea1affa8a605a56c80962a9fbfc8f0c0"
score = 75
@@ -246543,8 +246716,8 @@ rule SEKOIA_Apt_Oilrig_Powerexchange : FILE
date = "2023-10-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_powerexchange.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_powerexchange.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5e505e9bbb17500f7e9a316b66bccb62089172582478230e0bda736bbefa1fd6"
score = 75
quality = 80
@@ -246571,8 +246744,8 @@ rule SEKOIA_Infostealer_Win_Blackcap : FILE
date = "2023-03-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_blackcap.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_blackcap.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b826c88d557ea0a516534946ad9531eda1a875cb9c4ddf92d9b98f8c7b86623e"
score = 75
quality = 80
@@ -246598,8 +246771,8 @@ rule SEKOIA_Merlin_Linux_Elf : FILE
date = "2022-01-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/merlin_linux_elf.yar#L4-L34"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/merlin_linux_elf.yar#L4-L34"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f7edd517a575b54c9ee8acdc7a5ebac7c0c9eb286abc49e2962b02aad40e5973"
score = 40
quality = 80
@@ -246625,8 +246798,8 @@ rule SEKOIA_Tool_Impersonate_Strings : FILE
date = "2024-07-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_impersonate_strings.yar#L3-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_impersonate_strings.yar#L3-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "63c46a2d97d0a8360351b8906665186c5ad2dcaa6f2edba6da7bf4de2ce00241"
score = 75
quality = 80
@@ -246657,8 +246830,8 @@ rule SEKOIA_Tool_Exploit_Badpotato_Strings : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_exploit_badpotato_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_exploit_badpotato_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a45935ea5877a4b81468cbe0e1a4a7232b955771442f84bb3b88b7992ed23937"
score = 75
quality = 80
@@ -246686,8 +246859,8 @@ rule SEKOIA_Apt_Oilrig_Clipog_Strings : FILE
date = "2023-10-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_clipog_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_clipog_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "16f3fef59db9c58025a4a977de944b628e9dc850f87c1bb22e2f2f97601e5107"
score = 75
quality = 80
@@ -246713,8 +246886,8 @@ rule SEKOIA_Hacktool_Win_Processhacker : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_win_processhacker.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_win_processhacker.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cfcfaa7f3afc8b82ce0188d9ead63746a7effd40acb6ad504f8d70a45d8476d5"
score = 75
quality = 80
@@ -246739,8 +246912,8 @@ rule SEKOIA_Loader_Win_Bumblebee : FILE
date = "2022-04-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_bumblebee.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_bumblebee.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "97755e8d593acbc9acc8ce7f1a82a345fc7eea049addbb96577f6abc1b6d5fd6"
score = 75
quality = 80
@@ -246765,8 +246938,8 @@ rule SEKOIA_Exploit_Linux_Eop_Dirtyc0W_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_dirtyc0w_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_dirtyc0w_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "70f0dda642e7892e35c1afabb4fa6a9fe62ad82d5aa2d90787e83809bc6f5859"
score = 75
quality = 80
@@ -246791,8 +246964,8 @@ rule SEKOIA_Bot_Win_Yamabot : FILE
date = "2023-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bot_win_yamabot.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bot_win_yamabot.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cb183cbf9703d96b5f463d635885eab66e0d36c4763752a5cb934538ada60ec3"
score = 75
quality = 80
@@ -246820,8 +246993,8 @@ rule SEKOIA_Infostealer_Win_Whitesnake_Stealer_Feb23 : FILE
date = "2023-03-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_whitesnake_stealer_feb23.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_whitesnake_stealer_feb23.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "90007c38c644b79b2a60d9a252bd95071c5be57c649d73b66a73a1158cddc2fb"
score = 75
quality = 80
@@ -246855,8 +247028,8 @@ rule SEKOIA_Apt_Sandworm_Awfulshred_Obfuscation_Apr2022 : FILE
date = "2022-04-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sandworm_awfulshred_obfuscation_apr2022.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sandworm_awfulshred_obfuscation_apr2022.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3e1eed3a4b638893828289f928a75b855bc9e1e29444ffa81c0461fdc1277cad"
score = 75
quality = 80
@@ -246880,8 +247053,8 @@ rule SEKOIA_Apt_Oilrig_Webshell : FILE
date = "2024-10-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_webshell.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_webshell.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0e0879bafa1becf7e4aef008229a79ab8e0c50eda03232abd5cbb8fc59f482d3"
score = 75
quality = 80
@@ -246907,8 +247080,8 @@ rule SEKOIA_Infostealer_Win_Titan : FILE
date = "2023-01-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_titan.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_titan.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "996dc320c83f57c47afe50ad032bac43ad1fbfbbd5a86e517089a062b0382993"
score = 75
quality = 80
@@ -246941,8 +247114,8 @@ rule SEKOIA_Apt_Muddywater_Manifestation_Backdoor : FILE
date = "2022-01-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_manifestation_backdoor.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_manifestation_backdoor.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "477ed53ccd337dd21ab84b7d36b995a653d0aad6676e02cbe5e9f581bface253"
score = 75
quality = 80
@@ -246969,8 +247142,8 @@ rule SEKOIA_Apt_Mustangpanda_Malicious_Lnk_Worm : FILE
date = "2023-09-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_malicious_lnk_worm.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_malicious_lnk_worm.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ca19a925af695cbbb41fdfbb161dceafeb8aae6d42000cc09bb07e1dbdfdb9e5"
score = 75
quality = 80
@@ -246993,8 +247166,8 @@ rule SEKOIA_Apt_Suspected_Sandworm_Sdelete_Wiper : FILE
date = "2023-10-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_suspected_sandworm_sdelete_wiper.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_suspected_sandworm_sdelete_wiper.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "094b946b89cfb475b8692f88af73fa8768a933139e0df9d6e7d7aa8614d3ab14"
score = 75
quality = 80
@@ -247019,8 +247192,8 @@ rule SEKOIA_Apt_Oilrig_Saitama_Backdoor_May2022 : FILE
date = "2022-05-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_saitama_backdoor_may2022.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_saitama_backdoor_may2022.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b3876995fde9c26052c39859684cec05e8c1bc8e2a62946b49ed328e84499dc6"
score = 75
quality = 80
@@ -247047,8 +247220,8 @@ rule SEKOIA_Crypter_Vbs_To_Exe
date = "2023-01-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crypter_vbs_to_exe.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crypter_vbs_to_exe.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4b3a411de3f36a7f9a310e1b789988c3d9d53eb195d04b374bdf1e5b4157b1e9"
score = 75
quality = 55
@@ -247075,8 +247248,8 @@ rule SEKOIA_Infostealer_Win_Xfiles : FILE
date = "2022-02-03"
modified = "2024-12-19"
reference = "https://twitter.com/3xp0rtblog/status/1375206169384521730"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_xfiles.yar#L1-L50"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_xfiles.yar#L1-L50"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "404ee02fa1905f49c3c3ca525cfb3c5ba1d2ec46554239035c1891d21f547a2c"
score = 75
quality = 78
@@ -247129,8 +247302,8 @@ rule SEKOIA_Pe_Stealer_Scarletstealer_Strings : FILE
date = "2023-12-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/pe_stealer_scarletstealer_strings.yar#L1-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/pe_stealer_scarletstealer_strings.yar#L1-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "308055cbe960614112682585b5709a62c2639752df07661d6b2bb13e390b3b08"
score = 75
quality = 80
@@ -247169,11 +247342,11 @@ rule SEKOIA_Loader_Win_Batloader_Scripts : FILE
date = "2022-11-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_batloader_scripts.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_batloader_scripts.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "aab6c7780bbc7bed8994b4e70129107bb7b719642fae92b1d3f9146eb11efabc"
score = 75
- quality = 55
+ quality = 80
tags = "FILE"
version = "1.0"
classification = "TLP:CLEAR"
@@ -247207,8 +247380,8 @@ rule SEKOIA_Apt_Aridviper_Rustsysjoker : FILE
date = "2023-11-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_aridviper_rustsysjoker.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_aridviper_rustsysjoker.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cb3c5d37095c27aa169a6aa61fa12972ff71877c615eaa254c3906ef10c662a9"
score = 75
quality = 80
@@ -247234,8 +247407,8 @@ rule SEKOIA_Rootkit_Lin_Winnti : FILE
date = "2024-05-22"
modified = "2024-12-19"
reference = "https://x.com/naumovax/status/1792902386295394629"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rootkit_lin_winnti.yar#L4-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rootkit_lin_winnti.yar#L4-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d57f9190d2d0c65dad6378d705328c0e9ef679eb8dad75af77d4bbc4f9d0f8d9"
score = 40
quality = 80
@@ -247270,8 +247443,8 @@ rule SEKOIA_Exploit_Linux_Eop_Cve20177308_Strings : CVE_2017_7308 FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_cve20177308_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_cve20177308_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c9fd605ced8bb2c3861f642cdc08b99b320ee19658ce60f1b9679a1ccc427bf7"
score = 75
quality = 80
@@ -247297,8 +247470,8 @@ rule SEKOIA_Apt_Blackwood_Nspx30_Plugin : FILE
date = "2024-01-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_blackwood_nspx30_plugin.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_blackwood_nspx30_plugin.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cf7c232a5a817ff5c0da04744abf99ed2fcea587e3e6f6e8bf3aef7ca8f2b51b"
score = 75
quality = 76
@@ -247323,8 +247496,8 @@ rule SEKOIA_Malware_Valleyrat_Downloader_Strings : FILE
date = "2024-06-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_valleyrat_downloader_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_valleyrat_downloader_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "321683ac5bdec626cf140cb50507fb03aea2a32635eb6cec884a3fa43c1a9d91"
score = 75
quality = 80
@@ -247350,8 +247523,8 @@ rule SEKOIA_Tool_3Proxy_Strings : FILE
date = "2024-03-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_3proxy_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_3proxy_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f1d9bea9975af9bfa3f1a8cbf2c1d65fe1d39f303d5dbe6131887653cbbe7021"
score = 75
quality = 80
@@ -247375,8 +247548,8 @@ rule SEKOIA_Hacktool_Sharpview_Strings : FILE
date = "2022-02-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_sharpview_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_sharpview_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "762e8d292e052cb0922743c2f5b14170e91fe440e05331892b20b5921e0559da"
score = 75
quality = 80
@@ -247404,8 +247577,8 @@ rule SEKOIA_Apt_Gamaredon_Subtle_Paws : FILE
date = "2024-02-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_subtle_paws.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_subtle_paws.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2fcebcf3401912e06ca4a34bf4e8d5318c6b2e08b00c4939ab932f3fb94cbc89"
score = 75
quality = 80
@@ -247431,12 +247604,12 @@ rule SEKOIA_Emmenhtal_Strings_Hta_Exe : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/emmenhtal_strings_hta_exe.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/emmenhtal_strings_hta_exe.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "e86a22f1c73b85678e64341427c7193ba65903f3c0f29af2e65d7c56d833d912"
logic_hash = "93f85a4ccb58c6aeb664c4c843ff80a4ab7b4308a944537f7ebe087515a61659"
score = 75
- quality = 55
+ quality = 80
tags = "FILE"
version = "1.0"
classification = "TLP:CLEAR"
@@ -247460,8 +247633,8 @@ rule SEKOIA_Implant_Any_Sliver : FILE
date = "2021-11-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_any_sliver.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_any_sliver.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c7a2790fd13de0476cfe16ef26b2d4c8775f4f453d076c78975e2c372f03322c"
score = 75
quality = 80
@@ -247488,8 +247661,8 @@ rule SEKOIA_Tool_Pivotnacci_Webshell : FILE
date = "2024-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_pivotnacci_webshell.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_pivotnacci_webshell.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a57792915b4c888547ebe0b08b928e4bc32b3526c98a3ccc9fca0193cedee20a"
score = 75
quality = 80
@@ -247520,8 +247693,8 @@ rule SEKOIA_Downloader_Win_Newsterminal : FILE
date = "2024-08-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_newsterminal.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_newsterminal.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2b756515400d7e3b6e21ee3a83f313c8"
logic_hash = "45c6c2b5b3723bf3ed46c82e6a254547d8c8b3446bb2fa4b4f0fc8441731ae7e"
score = 75
@@ -247548,8 +247721,8 @@ rule SEKOIA_Backdoor_Win_Volgmer : FILE
date = "2023-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_volgmer.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_volgmer.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "700fcfcc3df1d81af99db38e305f64ca87f8368fc0149c9ad64d75c2917ec1f3"
score = 75
quality = 80
@@ -247589,8 +247762,8 @@ rule SEKOIA_Loader_Amadey_Standalone_May23 : FILE
date = "2023-05-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_amadey_standalone_may23.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_amadey_standalone_may23.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "40d2d7a52066ca4e1a65c82ebfa882a77616a1c68f1d315946ab14467787d468"
score = 75
quality = 80
@@ -247614,8 +247787,8 @@ rule SEKOIA_Apt_Unk_Batcopier_Strings : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://www.seqrite.com/blog/operation-oxidovy-sophisticated-malware-campaign-targets-czech-officials-using-nato-themed-decoys/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unk_batcopier_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unk_batcopier_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0007d6d00d5b8db048456bb566ef9ed4516c4e1b392cc73c40396785ba885f55"
score = 75
quality = 80
@@ -247640,8 +247813,8 @@ rule SEKOIA_Apt_Scanbox_Framework_Not_Obfuscated : FILE
date = "2022-09-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_scanbox_framework_not_obfuscated.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_scanbox_framework_not_obfuscated.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "52779571eb4e68442542a1c4cff58d5b00a264bb567396126cd93dc4ec4eda45"
score = 75
quality = 80
@@ -247672,8 +247845,8 @@ rule SEKOIA_Apt_Badmagic_Commonmagic_Usbstealer : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_commonmagic_usbstealer.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_commonmagic_usbstealer.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a600f17bce9159b581c234cc101d1a0d093954fc9c79052dbca5451714fd7502"
score = 75
quality = 80
@@ -247699,8 +247872,8 @@ rule SEKOIA_Apt_Backdoordiplomaty_Custommerlinagent_Strings : FILE
date = "2024-06-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_backdoordiplomaty_custommerlinagent_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_backdoordiplomaty_custommerlinagent_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "31d13e234dc3f68f6826a5310ac38693750f896318249d04a31c5e6c8d5eba91"
score = 75
quality = 80
@@ -247726,8 +247899,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_9 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_9.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_9.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "deb0773e6300ed0f4c099359731812216390017eaf8de678b2a5ed237906f03f"
score = 75
quality = 80
@@ -247752,8 +247925,8 @@ rule SEKOIA_Downloader_Win_Donot
date = "2023-03-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_donot.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_donot.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f6a03e6cfda74c1fbb1e8939a66735498d604a821b8b51492c2c5c6a46a38b6e"
score = 75
quality = 80
@@ -247779,8 +247952,8 @@ rule SEKOIA_Loader_Win_Revil_Loader
date = "2021-07-19"
modified = "2024-12-19"
reference = "https://www.mcafee.com/blogs/other-blogs/mcafee-labs/revil-ransomware-uses-dll-sideloading"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_revil_loader.yar#L4-L34"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_revil_loader.yar#L4-L34"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "15680c5e5d801d65e581869ad88d89863c8a51e3f94a3d2f37c02c5fd14df07f"
score = 75
quality = 80
@@ -247813,8 +247986,8 @@ rule SEKOIA_Pe_Stealer_Axilestealer_Strings : FILE
date = "2023-12-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/pe_stealer_axilestealer_strings.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/pe_stealer_axilestealer_strings.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "829b80c07ed4d9439d66956dbb106aa0cc9961dd2e5c05ffbe6c67e516613590"
score = 75
quality = 80
@@ -247848,8 +248021,8 @@ rule SEKOIA_Apt_Sandworm_Notpetya_Strings : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sandworm_notpetya_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sandworm_notpetya_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5600071de4b4022a71c48fbcd4b5e47ff6dfa291cc5eac65720bbf763068a6e3"
score = 75
quality = 80
@@ -247877,8 +248050,8 @@ rule SEKOIA_Apt_Cloudatlas_Powershower_Module : FILE
date = "2022-11-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_powershower_module.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_powershower_module.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7542eb882ee44203d806ad936126be2476b6e3a85ad8c93b6fd6c8226fe82617"
score = 75
quality = 80
@@ -247904,8 +248077,8 @@ rule SEKOIA_Hacktool_Impacket_Compiled_Binary : FILE
date = "2022-02-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_impacket_compiled_binary.yar#L1-L36"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_impacket_compiled_binary.yar#L1-L36"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "133f9d0103774701894ea884bc2c52840b405fa21acb9ebab615816ec411b0bf"
score = 75
quality = 80
@@ -247947,8 +248120,8 @@ rule SEKOIA_Hafnium_Tarrask_Malware
date = "2022-04-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hafnium_tarrask_malware.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hafnium_tarrask_malware.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f9309707d25cfe6bccf050f24e14c42b53f3d017916a02eaada74c4782efdd5c"
score = 50
quality = 76
@@ -247972,8 +248145,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_13 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_13.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_13.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fb6b71bf1e89abf872fb3ef02a228f370f0fcc10d5aab70418fe8735283165da"
score = 75
quality = 80
@@ -248000,8 +248173,8 @@ rule SEKOIA_Apt_Darkpink_Loader_Decryptionroutine : FILE
date = "2023-01-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_darkpink_loader_decryptionroutine.yar#L4-L49"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_darkpink_loader_decryptionroutine.yar#L4-L49"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fe2726b77c293fc2aa19216025cfa2b4cd0c5194730cbc57a1fcceb6f6198977"
score = 75
quality = 80
@@ -248046,8 +248219,8 @@ rule SEKOIA_Backdoor_Win_Rollsling : FILE
date = "2023-10-24"
modified = "2024-12-19"
reference = "https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_rollsling.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_rollsling.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5cee25638bdc86b3ffb1c616943d647ca170c5c0140ae3e3118f56b504fa862f"
score = 75
quality = 80
@@ -248075,8 +248248,8 @@ rule SEKOIA_Win_Infostealer_Serpent_Strings : FILE
date = "2023-12-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/win_infostealer_serpent_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/win_infostealer_serpent_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5266d1c8228f02e8ac9da5ddd8b968fde0d0e83afa408d405ec4ca50c3453928"
score = 75
quality = 80
@@ -248105,8 +248278,8 @@ rule SEKOIA_Apt_Gamaredon_Stealer_Obfuscation_2 : FILE
date = "2022-02-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_stealer_obfuscation_2.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_stealer_obfuscation_2.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6ffd8504ba8ca614d3941bd46b944d85e0ad4b9d8d2960d508f50550497d2852"
score = 75
quality = 80
@@ -248129,8 +248302,8 @@ rule SEKOIA_Infostealer_Win_Bebra : FILE
date = "2023-02-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_bebra.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_bebra.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "7841746c54c53dbcafdf3f357c7a84b90fe3b089e07f30dea15ef6f7f15b0f00"
logic_hash = "588fa3091f0dc565123c60d59479202d036e092499eca6204d420395ddc332f9"
score = 75
@@ -248164,8 +248337,8 @@ rule SEKOIA_Dropper_Win_Selfau3
date = "2024-02-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/dropper_win_selfau3.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/dropper_win_selfau3.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5f69457127ae6cb84b04f72dd30393dbcf32b4ba26ec6d529eebcc03191cbed3"
score = 75
quality = 80
@@ -248192,8 +248365,8 @@ rule SEKOIA_Tool_Ehole : FILE
date = "2023-06-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_ehole.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_ehole.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "df937417b2f8e12f80fbe2edaa0863de6ed7862c117dff2a21255cb7d1d9ad3d"
score = 75
quality = 80
@@ -248221,8 +248394,8 @@ rule SEKOIA_Apt_Reaper_Malicious_Lnk : FILE
date = "2023-09-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_reaper_malicious_lnk.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_reaper_malicious_lnk.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8cec5819dd7b01b3993acae056f5640fa28ffe76b05d2d9e59779a73eb00bd6e"
score = 75
quality = 80
@@ -248246,8 +248419,8 @@ rule SEKOIA_Apt_Uta0178_Javascript_Inclusion_Strings
date = "2024-01-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_uta0178_javascript_inclusion_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_uta0178_javascript_inclusion_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d3fedf49417178df374d6ae20e57ffcfa00cb68a647769964c049d9a8e0f4958"
score = 75
quality = 80
@@ -248274,8 +248447,8 @@ rule SEKOIA_Apt_Sandworm_Caddywiper_Stacked_Strings : FILE
date = "2022-04-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sandworm_caddywiper_stacked_strings.yar#L1-L74"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sandworm_caddywiper_stacked_strings.yar#L1-L74"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e8c94e8611a50080368785d2b341a95d5359d1d814e1d665553324118700ed10"
score = 75
quality = 80
@@ -248357,8 +248530,8 @@ rule SEKOIA_Apt_Polonium_Technocreep_Strings : FILE
date = "2022-10-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_polonium_technocreep_strings.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_polonium_technocreep_strings.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6fbd14d39f215b835c0fe7709041ca982774be42d389397d19a41fda6f7a00d1"
score = 75
quality = 80
@@ -248391,8 +248564,8 @@ rule SEKOIA_Apt_Badmagic_Startrevsocks_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_startrevsocks_pshscript.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_startrevsocks_pshscript.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6a4615afb836330634cde9559dacfff50daef44a370f6191c6771a2066074a31"
score = 75
quality = 80
@@ -248417,8 +248590,8 @@ rule SEKOIA_Apt_Kimsuky_Malicious_Gotopwsh_Lnk : FILE
date = "2023-09-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_malicious_gotopwsh_lnk.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1537ea232e745b1ed9e4b7f6b9ba779a3498f5edf0c46bdccfdc511137b2bb3a"
score = 75
quality = 80
@@ -248441,8 +248614,8 @@ rule SEKOIA_Rat_Win_Atharvan
date = "2023-02-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_atharvan.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_atharvan.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fee9a5a684b3e9bd629a0e87bdf63ba0c1fc1e970ca3b7fec8d7a4f2f60a355a"
score = 75
quality = 78
@@ -248465,8 +248638,8 @@ rule SEKOIA_Apt_Konni : FILE
date = "2022-09-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_konni.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_konni.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8f178421fd0968f4ce809054022579c7fc8dede5f6514e89966d13acb83d75d9"
score = 75
quality = 80
@@ -248497,8 +248670,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_6 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_6.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_6.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "38919408d2d0a9f51822302f4f821bf5776f119bf0d1b54b71b1040c7ad59da5"
score = 75
quality = 80
@@ -248525,8 +248698,8 @@ rule SEKOIA_Backdoor_Win_Sidewinder_Cobaltstrike_2022_09
date = "2022-10-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_sidewinder_cobaltstrike_2022_09.yar#L4-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_sidewinder_cobaltstrike_2022_09.yar#L4-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f2b719170783c1bfaa4c4772e5cff73797be3056204566844c236d1857869e4c"
score = 75
quality = 80
@@ -248549,8 +248722,8 @@ rule SEKOIA_Miner_Win_Xmrig_Strings : FILE
date = "2024-01-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/miner_win_xmrig_strings.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/miner_win_xmrig_strings.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "34aa0da9d3bb277927c87a3745ec9e35881682319c91141da6ff1cff7e0610d9"
score = 75
quality = 80
@@ -248591,8 +248764,8 @@ rule SEKOIA_Tool_Sharphoundpowershell_Strings : FILE
date = "2022-08-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_sharphoundpowershell_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_sharphoundpowershell_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "29756acb0afd8aabac170ca8288f1dcffcb2e601c9bdba1cc7a30b8b415661f6"
score = 75
quality = 80
@@ -248621,8 +248794,8 @@ rule SEKOIA_Loader_Win_Doppeldridex
date = "2021-09-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_doppeldridex.yar#L3-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_doppeldridex.yar#L3-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4ceed302cb36b73d98070996ede64742579a261ef3ede6e1eb1723ddca32e839"
score = 75
quality = 80
@@ -248643,8 +248816,8 @@ rule SEKOIA_Apt_Badmagic_Modules
date = "2023-05-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_modules.yar#L3-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_modules.yar#L3-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "no hash has been found on 2023-05-25 to test the rule"
logic_hash = "6f8bc35dbf0fd4083a8d93b04b55b2e0e215cd23350243ddd7ba9dd4745c4496"
score = 50
@@ -248665,8 +248838,8 @@ rule SEKOIA_Spyware_And_Bahamut
date = "2022-11-23"
modified = "2024-12-19"
reference = "https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/spyware_and_bahamut.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/spyware_and_bahamut.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5f44c938fed9b32eaf183be979a67e0c7fde409e72875359105ad7ffb393893d"
score = 75
quality = 80
@@ -248693,8 +248866,8 @@ rule SEKOIA_Bot_Lin_Lucifer_Strings : FILE
date = "2024-09-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bot_lin_lucifer_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bot_lin_lucifer_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "23276c627d27f36c1ec15b1779835b921652a8fcff898041f1920902262faf41"
score = 75
quality = 80
@@ -248722,8 +248895,8 @@ rule SEKOIA_Backdoor_Mul_Supershell_Client : FILE
date = "2024-04-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_mul_supershell_client.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_mul_supershell_client.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "93490f4a16fb7dcde671b82e3187341abf4fc95e965219233ca7689f3cd3855f"
score = 75
quality = 80
@@ -248752,8 +248925,8 @@ rule SEKOIA_Loader_Win_Red0044_Powershell_May24 : FILE
date = "2024-05-03"
modified = "2024-12-19"
reference = "https://twitter.com/crep1x/status/1786150734121120075"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_red0044_powershell_may24.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_red0044_powershell_may24.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "73939f65b93b320b9e220ee284ea524864a6b05c7608213009ac5f00b3faeedc"
score = 75
quality = 80
@@ -248786,8 +248959,8 @@ rule SEKOIA_Malware_Remcom_Strings : FILE
date = "2022-08-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_remcom_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_remcom_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a46bb87bf4722303d33707afb19c8d4f209b98a88552363363520536911469ae"
score = 75
quality = 80
@@ -248816,8 +248989,8 @@ rule SEKOIA_Apt_Apt33_Tickler : FILE
date = "2024-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt33_tickler.yar#L4-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt33_tickler.yar#L4-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "8bd712b0a49f4fecd39d30ebd121832c"
hash = "3f29429fce0168748d7cc75e1478aedc"
logic_hash = "97b858819a1920e6dcdd1a9489754a948de8e6e39b4282e7fe4f6431617a9849"
@@ -248839,8 +249012,8 @@ rule SEKOIA_Apt_Flightnight_Malicious_Lnk : FILE
date = "2024-04-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_flightnight_malicious_lnk.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_flightnight_malicious_lnk.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3446852709fe425b2c053ffdb9c078cf20e442ef50fe20402d3b4c9e9d8b543a"
score = 75
quality = 80
@@ -248866,8 +249039,8 @@ rule SEKOIA_Backdoor_Mul_Sparkrat : FILE
date = "2023-01-30"
modified = "2024-12-19"
reference = "https://github.com/XZB-1248/Spark"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_mul_sparkrat.yar#L1-L59"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_mul_sparkrat.yar#L1-L59"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "377fc647e9a7ee6d5ad69370d5a2264302215401417951432f904c25e26169b9"
score = 75
quality = 55
@@ -248932,8 +249105,8 @@ rule SEKOIA_Tool_Swor : FILE
date = "2024-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_swor.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_swor.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "d3f92b3349109fc6de26f5e40800fec15308c27fa4fe81fe42af5030637a3a63"
logic_hash = "bcd1c0afece740b82b606aad8bdebcc88b72ae61df6513318215a217021efab4"
score = 75
@@ -248961,8 +249134,8 @@ rule SEKOIA_Loader_Win_Jinxloader_Strings : FILE
date = "2023-12-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_jinxloader_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_jinxloader_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "816cb6019cba1aa2e229ab476fcdf378348981920cbe17d3dfb875f8b2dcbf81"
score = 75
quality = 80
@@ -248988,8 +249161,8 @@ rule SEKOIA_Apt_Gamaredon_Ddrdoh_Powershell_Backdoor : FILE
date = "2023-01-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_ddrdoh_powershell_backdoor.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_ddrdoh_powershell_backdoor.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "32d088affb65d410b2715fde28227792ea9f406e324de4a2e204e9850f0b81ce"
score = 75
quality = 80
@@ -249016,8 +249189,8 @@ rule SEKOIA_Hacktool_Stowaway_Strings : FILE
date = "2023-11-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_stowaway_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_stowaway_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "10d28637e47d43497923a192c9e3a8bb35b480a314c71132866bdf0e49c2c460"
score = 75
quality = 80
@@ -249049,8 +249222,8 @@ rule SEKOIA_Apt_Uac0154_Powershell_Infection_Chain_1 : FILE
date = "2023-10-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_uac0154_powershell_infection_chain_1.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_uac0154_powershell_infection_chain_1.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a849c397e7f61e41ea7e67a265717d7d66f6af42f3d1e930020d1433dd3aab18"
score = 75
quality = 80
@@ -249076,8 +249249,8 @@ rule SEKOIA_Infostealer_Win_Agrat : FILE
date = "2022-06-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_agrat.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_agrat.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5b02880dbc75d9e4d95ec55c8e8630a47198ee4cc25e3ff79c93e9fe634fadca"
score = 75
quality = 80
@@ -249112,8 +249285,8 @@ rule SEKOIA_Apt_Oilrig_Maliciousdocument_May2022 : FILE
date = "2022-05-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_maliciousdocument_may2022.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_maliciousdocument_may2022.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d4aa960d4471ddf66ec6f98a5c883177763771ba9960b749509311a05384d9a7"
score = 75
quality = 80
@@ -249142,8 +249315,8 @@ rule SEKOIA_Tool_Execit_Obfuscator_Strings : FILE
date = "2024-09-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_execit_obfuscator_strings.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_execit_obfuscator_strings.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "1c185e2e11d8eadccfb130766ca30d85"
hash = "a0898f57f2b139ea278d8a7e97bbe358"
hash = "e0e12a8891f5585ce1ad55dbffb4f9c2"
@@ -249178,8 +249351,8 @@ rule SEKOIA_Loader_Amadey_Clipper_Plugin : FILE
date = "2023-05-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_amadey_clipper_plugin.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_amadey_clipper_plugin.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6f5a2fa9c687f0fb2423ca97540d0173551dd04b31d092e4d47d6d7d22dfb965"
score = 75
quality = 80
@@ -249208,8 +249381,8 @@ rule SEKOIA_Loader_Win_Squirrelwaffle : FILE
date = "2021-09-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_squirrelwaffle.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_squirrelwaffle.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ab1a95f09564d0417d5c06c578d4dc8d790ec09bc67716d8c9e5207262a0594d"
score = 75
quality = 80
@@ -249234,8 +249407,8 @@ rule SEKOIA_Ransomware_Win_Eking_Rich_Header
date = "2021-10-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_eking_rich_header.yar#L4-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_eking_rich_header.yar#L4-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0028200fc2e929dba6fcc4ddf5d8e07825842e2f65c69ad94ebd032ae3748c90"
score = 75
quality = 80
@@ -249255,8 +249428,8 @@ rule SEKOIA_Unk_Quad7_Netd_Strings : FILE
date = "2024-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/unk_quad7_netd_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/unk_quad7_netd_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "cdb37db4543dde5ca2bd98a43699828f"
logic_hash = "abd59c5fa0c4c73a2cd9a2263d5573d896c6c0d71d96bd59167b1e2d7fbf108e"
score = 75
@@ -249286,8 +249459,8 @@ rule SEKOIA_Icebot_Exported_Function : FILE
date = "2022-01-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/icebot_exported_function.yar#L4-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/icebot_exported_function.yar#L4-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c029693f555726d28375717fe459ccf4521d2d63fc7053032bbafd60129848f0"
score = 75
quality = 80
@@ -249314,8 +249487,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_11 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_11.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_11.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "00c0dcc244db608d3a0d7500cdebadcc69ba0d56091a0a1fd7d58c27d255861f"
score = 75
quality = 80
@@ -249341,8 +249514,8 @@ rule SEKOIA_Crime_Sload_Scheduledtask_Dropper_Strings
date = "2022-08-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crime_sload_scheduledtask_dropper_strings.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crime_sload_scheduledtask_dropper_strings.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3a48009933d1de47314ec15c262375636574a7565016eab3792106fa2c0ba79f"
score = 75
quality = 78
@@ -249367,8 +249540,8 @@ rule SEKOIA_Apt_Badmagic_Startngrok_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_startngrok_pshscript.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_startngrok_pshscript.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f15f9dc2c35f3f7cd816aa539c03b857254c3628c9b14eacca1110bb85b1a24c"
score = 75
quality = 80
@@ -249395,8 +249568,8 @@ rule SEKOIA_Infostealer_Win_Pennywise_Mar23 : FILE
date = "2023-03-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_pennywise_mar23.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_pennywise_mar23.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "55d7d6894de23af38230eaaff0a38c31d11d3df34aacd21fd93393d266c9357c"
score = 75
quality = 80
@@ -249429,8 +249602,8 @@ rule SEKOIA_Latrodectus_Br4_Js_Dropper
date = "2024-06-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/latrodectus_br4_js_dropper.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/latrodectus_br4_js_dropper.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a835bd9a9ad68fd2f285ec5c04a5c78ba5ca85381ff30048ac375bef220fd72f"
score = 75
quality = 80
@@ -249454,8 +249627,8 @@ rule SEKOIA_Apt_Agent_Racoon_Strings : FILE
date = "2023-12-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_agent_racoon_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_agent_racoon_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4e32606edffab0907e343ab2fef8642c0064d83c2933531619f9dee8957d2fe4"
score = 75
quality = 80
@@ -249485,8 +249658,8 @@ rule SEKOIA_Backdoor_Win_Foresttiger : FILE
date = "2023-10-24"
modified = "2024-12-19"
reference = "https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_foresttiger.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_foresttiger.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "401adaad1597c017c976c5b0b8f67851469c95758779b7691ebb037d0dda9f38"
score = 75
quality = 80
@@ -249514,8 +249687,8 @@ rule SEKOIA_Tool_Sharphoundexecutable_Strings : FILE
date = "2022-08-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_sharphoundexecutable_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_sharphoundexecutable_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1b28a2b9dd594f344a1a2a74fd9b30527a66dabb451b21afca40a0e6ec8d3553"
score = 75
quality = 80
@@ -249544,8 +249717,8 @@ rule SEKOIA_Latrodectus_Exports : FILE
date = "2024-07-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/latrodectus_exports.yar#L3-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/latrodectus_exports.yar#L3-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "01385f31b1f2fc94453a2ead136a1f7fb253a72bee95f74d755acfa97abdb26d"
score = 75
quality = 80
@@ -249565,8 +249738,8 @@ rule SEKOIA_Hacktool_Nbtscan_Strings : FILE
date = "2022-02-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_nbtscan_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_nbtscan_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "87e4f5dd16ee29dfd23b70dccbc41b0ef40c2db28f42fbd7fd84e5e93ca5c943"
score = 75
quality = 80
@@ -249595,8 +249768,8 @@ rule SEKOIA_Suspicious_Users_Dev : FILE
date = "2022-12-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/suspicious_users_dev.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/suspicious_users_dev.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6084b319efb7b4137517c63dd2ed1023a4b25513b7ac50e95154bbac0fea0af7"
score = 65
quality = 80
@@ -249621,8 +249794,8 @@ rule SEKOIA_Infostealer_Win_Redline_Strings : FILE
date = "2022-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_redline_strings.yar#L1-L47"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_redline_strings.yar#L1-L47"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "44443e16b788231b3f256b4d1e91c458c33963d5737d69fc5850f6b0efa7726b"
score = 75
quality = 78
@@ -249675,8 +249848,8 @@ rule SEKOIA_Rat_Win_Tutclient : FILE
date = "2024-02-09"
modified = "2024-12-19"
reference = "https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_tutclient.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_tutclient.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f780948ab03dd0cd64d023367186a88c9eaa566170142e34aaa08788d9a684eb"
score = 75
quality = 80
@@ -249704,8 +249877,8 @@ rule SEKOIA_Apt_Aptk47_Asyncshell : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_aptk47_asyncshell.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_aptk47_asyncshell.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "ce6a589d5e3604112e5595a1f8d53e1e"
hash = "751f427da8e11d8ab394574260735220"
logic_hash = "ac202f7dc317d17118badf71c32776c5666eea4a47e1b439a287b6b8766e9da6"
@@ -249735,8 +249908,8 @@ rule SEKOIA_Apt_Oilrig_Odagent_Strings : FILE
date = "2023-12-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_oilrig_odagent_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_oilrig_odagent_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "14a1399ff3519632e3bbb6eea0d44e9908cfc03728bd26f610ab75fff6a8d2c6"
score = 75
quality = 80
@@ -249764,8 +249937,8 @@ rule SEKOIA_Wiper_Win_Nominatus_Toxicbattery : FILE
date = "2022-11-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/wiper_win_nominatus_toxicbattery.yar#L4-L42"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/wiper_win_nominatus_toxicbattery.yar#L4-L42"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c226a4c3bcc451482eb782c1cb84f3e956be1e214368d1b315076078d3148955"
score = 75
quality = 80
@@ -249800,8 +249973,8 @@ rule SEKOIA_Crimeware_Njrat_Strings : FILE
date = "2022-08-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crimeware_njrat_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crimeware_njrat_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "47102adde81682c3c1c856c3495c6f98a9e39aa052eac2ab0a803dab44d19c26"
score = 75
quality = 80
@@ -249832,8 +250005,8 @@ rule SEKOIA_Backdoor_Win_Mgbot_Main
date = "2024-03-20"
modified = "2024-12-19"
reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_mgbot_main.yar#L4-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_mgbot_main.yar#L4-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "61b335c88ce8bc56396b597c7c6f27b1d431941682401f0b3950c80edf7d8403"
score = 75
quality = 80
@@ -249855,8 +250028,8 @@ rule SEKOIA_Apt_Luckymouse_Sysupdate_Removing_Tool : FILE
date = "2022-08-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_luckymouse_sysupdate_removing_tool.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_luckymouse_sysupdate_removing_tool.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6a23fac99f26f4b0f9099e435ad53d9e83bf1322d190c565abf0c06dceeeaf34"
score = 75
quality = 80
@@ -249882,8 +250055,8 @@ rule SEKOIA_Apt_Aptk47_Maliciouslnk : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_aptk47_maliciouslnk.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_aptk47_maliciouslnk.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "6a405d4e88b4acb9706e19a83aad9cf6"
logic_hash = "865bb08f57affb3795853aa3c9f49577efb74df9b32e7760263b9fb08246a3ab"
score = 75
@@ -249909,8 +250082,8 @@ rule SEKOIA_Backdoor_Win_Warhawk
date = "2022-10-24"
modified = "2024-12-19"
reference = "https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_warhawk.yar#L1-L56"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_warhawk.yar#L1-L56"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "09cd60f91c54da6ca051550c89629d11a55a89d5b0d5f6d5696232b4edfdd491"
score = 75
quality = 58
@@ -249948,8 +250121,8 @@ rule SEKOIA_Infostealer_Win_Monster_Stub : FILE
date = "2024-08-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_monster_stub.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_monster_stub.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d6362c54b1f56ffa878423fbb1a3f57508d20e06b573c732f892494178a49200"
score = 75
quality = 80
@@ -249988,8 +250161,8 @@ rule SEKOIA_Apt_Rusticweb_Stealer : FILE
date = "2024-01-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_rusticweb_stealer.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_rusticweb_stealer.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "68f802ef442e68cbcca789eae2bb8a4395af86699320e5a8101c07469e7555fb"
score = 75
quality = 80
@@ -250017,8 +250190,8 @@ rule SEKOIA_Merlin_Win_Exe : FILE
date = "2022-01-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/merlin_win_exe.yar#L4-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/merlin_win_exe.yar#L4-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6a42e9ea9749dc894788d80cd4395da026ef3c49eab1de6802e09f8b1751f5bd"
score = 75
quality = 80
@@ -250044,8 +250217,8 @@ rule SEKOIA_Crypter_Win_Dotrunpex : FILE
date = "2023-06-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crypter_win_dotrunpex.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crypter_win_dotrunpex.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8a2b9e19b49ba17f976241bec5323121ba13d2ce39fdcf2777fd97a230211e75"
score = 75
quality = 80
@@ -250068,8 +250241,8 @@ rule SEKOIA_Apt_Nobelium_Acrobox_Downloader_Apr2022 : FILE
date = "2022-05-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_nobelium_acrobox_downloader_apr2022.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_nobelium_acrobox_downloader_apr2022.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ebcbdf13908971eea3e5b291719527e2e454a9ee3b98b5dc66149b2bb3b8fe67"
score = 75
quality = 80
@@ -250100,8 +250273,8 @@ rule SEKOIA_Loader_Win_Ninerat
date = "2023-12-12"
modified = "2024-12-19"
reference = "https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_ninerat.yar#L4-L37"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_ninerat.yar#L4-L37"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "eab81277a2ffe926c2d9f990ee2e36f0e5f27a14d3048c50d31952d90ce7ab0b"
score = 75
quality = 80
@@ -250127,8 +250300,8 @@ rule SEKOIA_Unknown_7777_Xlogin : FILE
date = "2024-07-18"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/unknown_7777_xlogin.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/unknown_7777_xlogin.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "4d9067e7cf517158337123a30a9bd0e3"
hash = "43ea387b8294cc4d0baaef6d26ff7c72"
hash = "777d6f907da38365924a0c2a12e973c5"
@@ -250156,8 +250329,8 @@ rule SEKOIA_Infostealer_Win_Ginzostealer_Str : FILE
date = "2022-04-21"
modified = "2024-12-19"
reference = "https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_ginzostealer_str.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_ginzostealer_str.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b1c811a13cf0f632ac839b6a6de050fc59ffe3ed0704545feff02e13521ea53f"
score = 75
quality = 80
@@ -250184,8 +250357,8 @@ rule SEKOIA_Infostealer_Win_Lumma_Strings_Aug23 : FILE
date = "2023-09-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_lumma_strings_aug23.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_lumma_strings_aug23.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "704a31b0f7c30602305768f13bf6108ebaf08c62451833731d2f2f020efce386"
score = 75
quality = 80
@@ -250216,8 +250389,8 @@ rule SEKOIA_Implant_Win_Pingpull : FILE
date = "2022-06-13"
modified = "2024-12-19"
reference = "https://unit42.paloaltonetworks.com/pingpull-gallium/#Protections-and-Mitigations"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_pingpull.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_pingpull.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "778d429e4c6d7575ddeea5144f9554f2b6ca46175d4202d338bef01dc9668b97"
score = 75
quality = 80
@@ -250240,8 +250413,8 @@ rule SEKOIA_Tool_Pivotnacci
date = "2024-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_pivotnacci.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_pivotnacci.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b0e4bc997775fb5ff258a23e07a58b4897a2ce9d3fffab86e93919857e566d18"
score = 75
quality = 80
@@ -250270,8 +250443,8 @@ rule SEKOIA_Infostealer_Win_Xenostealer_Strings : FILE
date = "2024-10-30"
modified = "2024-12-19"
reference = "https://github.com/moom825/XenoStealer/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_xenostealer_strings.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_xenostealer_strings.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "b74733d68e95220ab0630a68ddf973b0c959fd421628e639c1b91e465ba9299b"
logic_hash = "1c48b15b8e9648c1c4d2f9c0a9ee3f4c48605fa44772b87a03ad81923e5adf15"
score = 75
@@ -250313,8 +250486,8 @@ rule SEKOIA_Apt_Kimsuky_Klogexe : FILE
date = "2024-09-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_klogexe.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_klogexe.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "e1d683ee1746c08c5fff1c4c2b3b02f0"
hash = "90946c6358eacd119fe1eb36ec7a0a18"
hash = "9760f489a390665b5e7854429b550c83"
@@ -250349,8 +250522,8 @@ rule SEKOIA_Apt_Mustangpanda_Xoreddll : FILE
date = "2022-07-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_xoreddll.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_xoreddll.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "685be191cf187c0d5bfd00354400c47a961c9d047aa7e65e4cfc2201ec5eb1bc"
score = 75
quality = 80
@@ -250378,8 +250551,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_4 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_4.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_4.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ee67eb7b51ff6f3882c6b3ad86c3581396ba02f616c29a0190d0a2ad3d2ea614"
score = 75
quality = 80
@@ -250405,8 +250578,8 @@ rule SEKOIA_Loader_Win_Operationmagalenha_Vbs
date = "2023-05-31"
modified = "2024-12-19"
reference = "https://www.sentinelone.com/labs/operation-magalenha-long-running-campaign-pursues-portuguese-credentials-and-pii/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_operationmagalenha_vbs.yar#L1-L39"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_operationmagalenha_vbs.yar#L1-L39"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bb1c48ea6a4d9f0bc04df558837f2d448b38eac920cb4030e01b915a4e442708"
score = 75
quality = 78
@@ -250451,8 +250624,8 @@ rule SEKOIA_Hacktool_Fscan_Strings : FILE
date = "2023-12-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_fscan_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_fscan_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b1c88af2f90921fab4ac32ef65e226a652b8df2915abc62de0a28af9ad59811c"
score = 75
quality = 80
@@ -250482,8 +250655,8 @@ rule SEKOIA_Implant_Win_Sliver_Dll : FILE
date = "2021-11-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_sliver_dll.yar#L3-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_sliver_dll.yar#L3-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "251a123fe70338d18c9bc9fb9e0b0d542f2b94203bee8537244e62fa102f371b"
score = 75
quality = 80
@@ -250509,8 +250682,8 @@ rule SEKOIA_Implant_Win_Mysterysnail : FILE
date = "2021-10-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_mysterysnail.yar#L4-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_mysterysnail.yar#L4-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "37c02a5916ad7ce3190ce926d576365d1e17fee0f10e9b31619ea4b6fee29ae6"
score = 75
quality = 80
@@ -250530,8 +250703,8 @@ rule SEKOIA_Apt_Turla_Comlook : FILE
date = "2023-10-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_turla_comlook.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_turla_comlook.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "882a2efda4c3888c34a2802797c9eac4ab8b96774f2eea19e586ff9c8adb9292"
score = 75
quality = 80
@@ -250567,8 +250740,8 @@ rule SEKOIA_Infostealer_Win_Mars_Stealer_Variant_Llcppc1 : FILE
date = "2022-03-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_mars_stealer_variant_llcppc1.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_mars_stealer_variant_llcppc1.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f9d92338fa31c38648b72d7f9a953201c7e498237bc9d02d6247d1882d1e3432"
score = 75
quality = 80
@@ -250591,8 +250764,8 @@ rule SEKOIA_Luckymouse_Sysupdate_Payload : FILE
date = "2022-08-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/luckymouse_sysupdate_payload.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/luckymouse_sysupdate_payload.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e8501a50c65330153e613ae5bd6bbfbe4372d85175c3ed81d202ec5f177a94be"
score = 75
quality = 80
@@ -250616,8 +250789,8 @@ rule SEKOIA_Loader_Win_Stealthvector : FILE
date = "2021-08-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_stealthvector.yar#L4-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_stealthvector.yar#L4-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "71ea017462bbb1891ef306d1e56dece5864885f5c8db5c50431ab085d37bda03"
score = 75
quality = 80
@@ -250647,8 +250820,8 @@ rule SEKOIA_Infostealer_Win_Acrstealer_Str : FILE
date = "2024-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_acrstealer_str.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_acrstealer_str.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "53d313857577b39b51a3e396c078d39a8b8ab803295b689357c3e8ea94cac9f7"
score = 75
quality = 80
@@ -250685,8 +250858,8 @@ rule SEKOIA_Infostealer_Win_Banditstealer : FILE
date = "2023-07-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_banditstealer.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_banditstealer.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "64d4860dd8a783be10541dd5c939dcd2a2b08309a7cd17b9dbbda1ba8b26485d"
score = 75
quality = 80
@@ -250728,8 +250901,8 @@ rule SEKOIA_Apt_Polonium_Deepcreep_Strings : FILE
date = "2022-10-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_polonium_deepcreep_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_polonium_deepcreep_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "60724d2eb964e2c3681b72bdb732ca640b603af7dc94b4eb6608c77cddb94011"
score = 75
quality = 80
@@ -250755,8 +250928,8 @@ rule SEKOIA_Apt_Muddywater_Powgoop_Loader : FILE
date = "2022-01-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_powgoop_loader.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_powgoop_loader.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "70f20928d2bbe081f0595ecdbb6dbe58a2f0807032598d88d829513e6d75287f"
score = 75
quality = 80
@@ -250783,8 +250956,8 @@ rule SEKOIA_Infostealer_Win_Mars_Stealer : FILE
date = "2022-02-03"
modified = "2024-12-19"
reference = "https://3xp0rt.com/posts/mars-stealer"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_mars_stealer.yar#L3-L44"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_mars_stealer.yar#L3-L44"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b2b36a280c3c6cbbb8cbb9f1dd3eb48a4943ebbddb48eba2ac3d0db03924cafd"
score = 75
quality = 80
@@ -250825,8 +250998,8 @@ rule SEKOIA_Implant_Macos_Geacon : FILE
date = "2024-01-11"
modified = "2024-12-19"
reference = "https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_macos_geacon.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_macos_geacon.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "284574d185d3777a373f4a19e0870eec5245fb8ea5ebd6124bc281f8c74e0998"
score = 75
quality = 80
@@ -250866,8 +251039,8 @@ rule SEKOIA_Implant_Mul_Alchimist : FILE
date = "2022-10-18"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_mul_alchimist.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_mul_alchimist.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d4a5338c502b145a1d7ad9f35779e24d66ee2d11bf760d498aab39e2c62fbeb4"
score = 75
quality = 80
@@ -250896,8 +251069,8 @@ rule SEKOIA_Hacktool_Ipmipwner_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_ipmipwner_strings.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_ipmipwner_strings.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "122311e1791d018f08f3d5ecdf2e0efe3aa5bb913b2c1ce6a3797e8ceb2676eb"
score = 75
quality = 80
@@ -250921,8 +251094,8 @@ rule SEKOIA_Backdoor_Win_Feedload : FILE
date = "2023-10-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_feedload.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_feedload.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "f251144f7ad0be0045034a1fc33fb896e8c32874e0b05869ff5783e14c062486"
logic_hash = "18eb3fc9b11ed21a76a2921c3d9681b09cf2f306263c2ece76c1bf4a65467777"
score = 75
@@ -250946,8 +251119,8 @@ rule SEKOIA_Apt_Lazarus_Dll_C2_Comms : FILE
date = "2023-04-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_dll_c2_comms.yar#L1-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_dll_c2_comms.yar#L1-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b5ba5ae25822cf54d530d1a18c8196194d44e4fd76be1a0bf98c193772286282"
score = 75
quality = 80
@@ -250979,8 +251152,8 @@ rule SEKOIA_Rat_Win_Xworm_V2 : FILE
date = "2022-11-07"
modified = "2024-12-19"
reference = "https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_xworm_v2.yar#L1-L38"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_xworm_v2.yar#L1-L38"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "58a2dbfbd453855021942902a6d55d150eee3acba67a294da24448cfca4f811e"
score = 75
quality = 78
@@ -251025,8 +251198,8 @@ rule SEKOIA_Apt_Cottonsandstorm_Win_Implant : FILE
date = "2024-11-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cottonsandstorm_win_implant.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cottonsandstorm_win_implant.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "f797d71ed07d6e05556300e4ce0f2927"
logic_hash = "dcb25ee236ca52f23cc6bfdbcedcbc6d407e88f06341e684f202a59954733ade"
score = 75
@@ -251057,8 +251230,8 @@ rule SEKOIA_Crime_Sload_Vbs_Wsf_Downloader : FILE
date = "2022-08-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crime_sload_vbs_wsf_downloader.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crime_sload_vbs_wsf_downloader.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bd6a9112edb01544463aa7112432ad49360221e89a9ac15d5e8f6731b2b8780a"
score = 75
quality = 76
@@ -251084,8 +251257,8 @@ rule SEKOIA_Infostealer_Win_Stealc_Str_Oct24 : FILE
date = "2024-10-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_stealc_str_oct24.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_stealc_str_oct24.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4f7fece81c3fe1e56b57aed4030b48331b53443a200799046fe84c895b591a71"
score = 75
quality = 80
@@ -251120,8 +251293,8 @@ rule SEKOIA_Apt_Uac0099_Lonepage : FILE
date = "2024-01-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_uac0099_lonepage.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_uac0099_lonepage.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "479f438acb63c76e09722640b973e76d1f1924bf24db477ca6898d123091d5f8"
score = 75
quality = 76
@@ -251152,8 +251325,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_1 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_1.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_1.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "20e42042bd03bde3d0eec42f81d560896e8ec9e67ad64611dc4bc21152db3ff0"
score = 75
quality = 80
@@ -251179,8 +251352,8 @@ rule SEKOIA_Infostealer_Win_Stormkitty_Exfil_Urls : FILE
date = "2022-04-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_stormkitty_exfil_urls.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_stormkitty_exfil_urls.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ccf0efe9ccba8e37bc19fa241e2d7698b1a798a3e8026b1b6930452b8a8ba9b4"
score = 75
quality = 80
@@ -251205,8 +251378,8 @@ rule SEKOIA_Ransomware_Win_Dodo_2023 : FILE
date = "2023-02-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_dodo_2023.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_dodo_2023.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "01924360ef4bbecd220439290eba22838a3977793fdebd0ef0be74c342c0d152"
score = 75
quality = 80
@@ -251236,8 +251409,8 @@ rule SEKOIA_Apt_Gamaredon_Ddrdoh_Vbs_Downloader : FILE
date = "2023-01-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_ddrdoh_vbs_downloader.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "940635313b23e29ac98310fc0f20352405c96190d56cd36ef028bf4d6e77fa6b"
score = 75
quality = 80
@@ -251271,8 +251444,8 @@ rule SEKOIA_Ursnif : FILE
date = "2024-12-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ursnif.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ursnif.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fd3c3be5ede0a980b44560cfb9b8c4c1ee322091fa86bc9143f30dc900053c2b"
score = 75
quality = 80
@@ -251302,8 +251475,8 @@ rule SEKOIA_Apt_Mustangpanda_Downloader : FILE
date = "2022-03-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_downloader.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_downloader.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0bff0ee2960ecfa29939720e7efacaa35359f4fe555ae160c674efebf29bf61e"
score = 75
quality = 80
@@ -251329,8 +251502,8 @@ rule SEKOIA_Downloader_Kimsuky_Lnk
date = "2024-07-16"
modified = "2024-12-19"
reference = "https://blogs.jpcert.or.jp/en/2024/07/attack-activities-by-kimsuky-targeting-japanese-organizations.html"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_kimsuky_lnk.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_kimsuky_lnk.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3512c8c21203a015b316c2a993db1a8c10420df06ea97d84a6e350550a628230"
score = 75
quality = 80
@@ -251359,8 +251532,8 @@ rule SEKOIA_Hacktool_Dnscat2_Strings : FILE
date = "2022-02-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_dnscat2_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_dnscat2_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "40d906ca3a00f7d3e2f8d043dbbc77a2a57fd133f4812b863aec6d5a0f57a8c9"
score = 75
quality = 80
@@ -251389,8 +251562,8 @@ rule SEKOIA_Apt_Uac0154_Powershell_Infection_Chain_2 : FILE
date = "2023-10-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_uac0154_powershell_infection_chain_2.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_uac0154_powershell_infection_chain_2.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "029d88971030a377b3c93ba4c986668e53b01ee03ba94a0a4ceb54b20b72ff2d"
score = 75
quality = 80
@@ -251417,8 +251590,8 @@ rule SEKOIA_Tool_Runpeinmemory_Strings : FILE
date = "2024-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_runpeinmemory_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_runpeinmemory_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "154f3db98f8ee902ec7b58812525dbbef837ae30279c40b8d95ec93ae1260a69"
score = 75
quality = 80
@@ -251444,8 +251617,8 @@ rule SEKOIA_Loader_Win_Dodgebox
date = "2024-07-15"
modified = "2024-12-19"
reference = "https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_dodgebox.yar#L4-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_dodgebox.yar#L4-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e859da15a065454d273c4040b4e3409c3046cbcee135497bdcce6cff620c3cfb"
score = 75
quality = 80
@@ -251467,8 +251640,8 @@ rule SEKOIA_Apt_Sandworm_Olympicdestroyer : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sandworm_olympicdestroyer.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sandworm_olympicdestroyer.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a68a96ab036e69a32e173b2d2fa6a81ab872032f89bfdfc3cd4446305a33921b"
score = 75
quality = 80
@@ -251496,8 +251669,8 @@ rule SEKOIA_Apt_Apt31_Pakdoor : FILE
date = "2021-10-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt31_pakdoor.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt31_pakdoor.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "1d60edb577641ce47dc2a8299f8b7f878e37120b192655aaf80d1cde5ee482d2"
logic_hash = "ef001e31b34761688f32ec767082d9d7f9fc4e4368d567eb64b66583bcb7fc78"
score = 75
@@ -251526,8 +251699,8 @@ rule SEKOIA_Crime_Sload_Zip_Archives : FILE
date = "2022-08-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crime_sload_zip_archives.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crime_sload_zip_archives.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f2bc6464de008f2ce40acabd87ebbd91659d317f57e223118937ba51f70d0f7f"
score = 75
quality = 80
@@ -251552,8 +251725,8 @@ rule SEKOIA_Ransomware_Linux_Icefire_2023 : FILE
date = "2023-02-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_linux_icefire_2023.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_linux_icefire_2023.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "25033bd33311b070809d150f60803f32011d78a6a74d6b5f620a3216f0f95a6e"
score = 75
quality = 80
@@ -251585,8 +251758,8 @@ rule SEKOIA_Apt_Apt28_Document_Phishing_Webpage : FILE
date = "2024-04-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_document_phishing_webpage.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_document_phishing_webpage.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b64888c1d8568cf9d8f4dfcd2e18093db8635966d88abaa368dc46a1e4453782"
score = 75
quality = 80
@@ -251616,8 +251789,8 @@ rule SEKOIA_Apt_Apt35_Iisraid_Strings : FILE
date = "2023-05-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt35_iisraid_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt35_iisraid_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "de2ebef5ab46136aa54b146dbd4198f69801f3414d1d239fc7983c5b3c0115c4"
score = 75
quality = 80
@@ -251642,8 +251815,8 @@ rule SEKOIA_Apt_Gelsemium_Wolfsbane_Launcher : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gelsemium_wolfsbane_launcher.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gelsemium_wolfsbane_launcher.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "87e437cf74ce4b1330b8af9ff71edae2"
logic_hash = "9ecc3a8cb82f6183c263dde03a14f721d2e3aeb2338afc28e0368c323e5d51a9"
score = 75
@@ -251670,8 +251843,8 @@ rule SEKOIA_Apt_Tortoiseshell_Imaploader : FILE
date = "2023-11-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_tortoiseshell_imaploader.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_tortoiseshell_imaploader.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "93f57940ed69145064e5153cc9b099fb9456116cae808acfb4e6f7f14003dde7"
score = 75
quality = 80
@@ -251697,8 +251870,8 @@ rule SEKOIA_Apt_Buhtrap_Maldocx
date = "2022-02-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_buhtrap_maldocx.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_buhtrap_maldocx.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "69968fa6836a71cd835f40c5168d197d3b5fc13b62791279f48a6bdeb4709bd5"
score = 75
quality = 80
@@ -251732,8 +251905,8 @@ rule SEKOIA_Apt_Menupass_Maliciouslibvlc_Dll
date = "2022-04-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_menupass_maliciouslibvlc_dll.yar#L3-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_menupass_maliciouslibvlc_dll.yar#L3-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "de56e112a477d3a77146f1b84c8aa3e66a382a87f1492dd50aa1de9458b33717"
score = 75
quality = 80
@@ -251753,8 +251926,8 @@ rule SEKOIA_Apt_Muddywater_Powgoop_Decoded : FILE
date = "2022-01-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_powgoop_decoded.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_powgoop_decoded.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6654d8107bb2ad6344f1fa03c6525ed9a0b8e49627787355efe857e80a02eca4"
score = 75
quality = 80
@@ -251783,8 +251956,8 @@ rule SEKOIA_Tool_Edrsandblast_Cli_Strings : FILE
date = "2024-01-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_edrsandblast_cli_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_edrsandblast_cli_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dd6b3836b2f368c8d0ed06770f2469ef70d850ae1a9da26c7835f1877379efe9"
score = 75
quality = 80
@@ -251810,8 +251983,8 @@ rule SEKOIA_Apt_Unknown_Sessionmanageriis_Strings : FILE
date = "2022-07-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unknown_sessionmanageriis_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unknown_sessionmanageriis_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b1058b07c8e40431f8f3841b5ad49b4d6ead21a91d014f24c083f37eeacc5ac5"
score = 75
quality = 80
@@ -251840,8 +252013,8 @@ rule SEKOIA_Guloader_Vbscript : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/guloader_vbscript.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/guloader_vbscript.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d0398b19ec57cff8afd52b06dc9da18788b1eefdf6be70650138e9b342d91d24"
score = 75
quality = 80
@@ -251866,8 +252039,8 @@ rule SEKOIA_Apt_Kimsuky_Sharpext_Compromised_Securepreferences
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharpext_compromised_securepreferences.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharpext_compromised_securepreferences.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "662358fdb4c4cfa9984d06e391ade52e1c7a3d7b78724aea4fb0d6035fe2e7b2"
score = 75
quality = 80
@@ -251892,8 +252065,8 @@ rule SEKOIA_Apt_Sugardump_Credentials_Stealer_Http : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sugardump_credentials_stealer_http.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sugardump_credentials_stealer_http.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8d1725da41704fd534d3438021a98d0fb9b9b5bfdc63cc3144c4957954be1870"
score = 75
quality = 80
@@ -251928,8 +252101,8 @@ rule SEKOIA_Infostealer_Win_44Caliber : FILE
date = "2022-03-08"
modified = "2024-12-19"
reference = "https://github.com/razexgod/44CALIBER"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_44caliber.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_44caliber.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4b80d6b2116f53926897aa79a7c232413974caefaf524f50e6a7cede11f3aaa0"
score = 75
quality = 80
@@ -251962,8 +252135,8 @@ rule SEKOIA_Tool_Revsocks_Strings : FILE
date = "2024-03-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_revsocks_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_revsocks_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f1702aaaebc1ba720f688f0694a69fef55a2556b1f07dd4b846be1ae32ff5529"
score = 75
quality = 80
@@ -251990,8 +252163,8 @@ rule SEKOIA_Bot_Lin_Zerobot_Dec22 : FILE
date = "2022-08-05"
modified = "2024-12-19"
reference = "https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bot_lin_zerobot_dec22.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bot_lin_zerobot_dec22.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0f4faba9873fa360615b20bc637ecb40f56e6c7f65153f61a762e378320f94c1"
score = 75
quality = 80
@@ -252028,8 +252201,8 @@ rule SEKOIA_Apt_Lazarus_Vhd_Ransomware_Downloader : FILE
date = "2022-11-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_vhd_ransomware_downloader.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_vhd_ransomware_downloader.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "042ab0029d170937af9b9ee6a8e499843532c84cf99faed3d2d47cb18a1500ac"
score = 75
quality = 80
@@ -252056,8 +252229,8 @@ rule SEKOIA_Infostealer_Win_Cinoshistealer : FILE
date = "2023-06-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_cinoshistealer.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_cinoshistealer.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c4d8418a7bd1bf205295100d993562c89b17b80889cad5aac7a74f89e66543ce"
score = 75
quality = 80
@@ -252093,8 +252266,8 @@ rule SEKOIA_Tool_Rsockstun_Strings : FILE
date = "2023-12-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_rsockstun_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_rsockstun_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8faf1004ec56728f1e451734ed651e8f77a49faf7f232df82e0b4950a9f1d198"
score = 75
quality = 80
@@ -252120,8 +252293,8 @@ rule SEKOIA_Apt_Mustangpanda_Payload : FILE
date = "2022-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_payload.yar#L1-L42"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_payload.yar#L1-L42"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "734d42aed4574de620773f1f2d08c6b1fc206efd1b576f0f3679edcc0b2ce91d"
score = 75
quality = 80
@@ -252171,8 +252344,8 @@ rule SEKOIA_Infostealer_Win_Vulturi : FILE
date = "2022-03-14"
modified = "2024-12-19"
reference = "https://lamp-ret.club/t/vulturi-cracked-by-tr0uble-and-eshelon_mayskih.193/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_vulturi.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_vulturi.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2d442768499ea0d4b6f5ac0d85521d73bb8337a53f1641485b0ce0054e2dc91c"
score = 75
quality = 80
@@ -252213,8 +252386,8 @@ rule SEKOIA_In2Al5D_P3In4Er_Loader : FILE
date = "2023-04-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/in2al5d_p3in4er_loader.yar#L3-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/in2al5d_p3in4er_loader.yar#L3-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fb7dadcd1e87c15cacfc046e76648b1fa29f1bce44fa0314b84746ca57eebaed"
score = 75
quality = 80
@@ -252237,8 +252410,8 @@ rule SEKOIA_Tool_Juicypotato_Exploit_Strings : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_juicypotato_exploit_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_juicypotato_exploit_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ef23ea2931a1b6e094c0d7bb813305c09a2214ce36680ae057926dfdc1105c80"
score = 75
quality = 80
@@ -252269,8 +252442,8 @@ rule SEKOIA_Ransomware_Win_Scransom : FILE
date = "2023-08-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_scransom.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_scransom.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3b8034bc5e0919d6c05dd2f2079c40836f241f2db02c1baf70ecb530db90847f"
score = 75
quality = 80
@@ -252309,8 +252482,8 @@ rule SEKOIA_Apt_Susp_Lazarus_Dangerous_Password : FILE
date = "2023-09-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_susp_lazarus_dangerous_password.yar#L1-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_susp_lazarus_dangerous_password.yar#L1-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2b159266bd6bba20ffaa627dac840840eaaad98e7962f48bbae428e687155b3d"
score = 65
quality = 80
@@ -252334,8 +252507,8 @@ rule SEKOIA_Tool_Win_Lightrail : FILE
date = "2024-02-29"
modified = "2024-12-19"
reference = "https://www.mandiant.com/resources/blog/suspected-iranian-unc1549-targets-israel-middle-east"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_lightrail.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_lightrail.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "84491bf7e955930c04e96f63ffb8c8f35ad02d9a917eceb727bf87c9ed3d831e"
score = 75
quality = 80
@@ -252366,8 +252539,8 @@ rule SEKOIA_Apt_Gamaredon_Gamaredon_Lnk_Usb_Spreader
date = "2023-06-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_gamaredon_lnk_usb_spreader.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2aee8bb2a953124803bc42e5c42935c92f87030b65448624f51183bf00dd1581"
logic_hash = "3adb2433eda559d9b32316f4733741b0fc8c576937b1decede8bc7d23b203a0e"
score = 75
@@ -252398,8 +252571,8 @@ rule SEKOIA_Ransomware_Win_Shrinklocker
date = "2024-06-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_shrinklocker.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_shrinklocker.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7770b0946b9bb482f23c4ce0d753393e0d42a6fd8b31029847d74356296f0cf1"
score = 75
quality = 80
@@ -252432,8 +252605,8 @@ rule SEKOIA_Downloader_Win_Search : FILE
date = "2024-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_search.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_search.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "a29fa85ecfc0e5554c21f3b9db185de97b3504517403f4aa102adbd2c46dc1bf"
hash = "f83e2b3be2e6db20806a4b9b216edc7508fa81ce60bf59436d53d3ae435b6060"
logic_hash = "1b25f04d1d2c9b7bdc7e0bd17d2f2876c27f9c4acb3a2afca6a4df531e769740"
@@ -252458,8 +252631,8 @@ rule SEKOIA_Infostealer_Win_Doenerium_Str : FILE
date = "2022-09-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_doenerium_str.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_doenerium_str.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9bc28d89ad2654c33f2ecd9736f5fb3a10dfc68dfef44ece6e628f5bb8db0800"
score = 75
quality = 80
@@ -252496,8 +252669,8 @@ rule SEKOIA_Hacktool_Pplblade_Strings : FILE
date = "2023-11-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_pplblade_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_pplblade_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e853e109dbf5dfcba465f61cb689f261df5156e98297d3d00f700e20491de66e"
score = 75
quality = 80
@@ -252522,8 +252695,8 @@ rule SEKOIA_Rat_Win_Lilith
date = "2023-02-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_lilith.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_lilith.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ac2ad9e68616e6e7d07e105293545c96b72c956dbcf3c3bf317460cafc13be48"
score = 75
quality = 76
@@ -252547,8 +252720,8 @@ rule SEKOIA_Apt_Apt28_Htmlsmuggling_Disclosing_Ip : FILE
date = "2023-09-11"
modified = "2024-12-19"
reference = "https://www.zscaler.com/blogs/security-research/steal-it-campaign"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_htmlsmuggling_disclosing_ip.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "047d2d5f8d04576b6d57bc599f82406804845a3acb7628e7ad9b56e71e4dfe92"
score = 75
quality = 80
@@ -252573,8 +252746,8 @@ rule SEKOIA_Apt_Gamaredon_Lnks_Farl139_Hostname : FILE
date = "2023-01-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_lnks_farl139_hostname.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_lnks_farl139_hostname.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8be31a4fed363f0e2791efb96a229f6cdec5bfaeaf3e9cd880f8d25c9ae0435e"
score = 75
quality = 80
@@ -252597,8 +252770,8 @@ rule SEKOIA_Apt_Polonium_Megacreep_Strings : FILE
date = "2022-10-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_polonium_megacreep_strings.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_polonium_megacreep_strings.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f4881e15854b082d8e6b8a28a7eb1518c559577b1b3ce76e404d67b1fe723fde"
score = 75
quality = 80
@@ -252633,8 +252806,8 @@ rule SEKOIA_Apt_Luckymouse_Rshell_Strings_All_Platform : FILE
date = "2022-08-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_luckymouse_rshell_strings_all_platform.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_luckymouse_rshell_strings_all_platform.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ef923b6633a2b7dfa645a31c7c2d0e00872ebad6ec7748568c2b306c29b6b29b"
score = 75
quality = 80
@@ -252661,8 +252834,8 @@ rule SEKOIA_Tool_Dynamicwrapper_Strings : FILE
date = "2023-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_dynamicwrapper_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_dynamicwrapper_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fad5fec74dc3efdd7fc67ef1c6373957df4ee564f3fe6333b924b236ea7458d9"
score = 75
quality = 80
@@ -252687,8 +252860,8 @@ rule SEKOIA_Ransomware_Win_Raworld
date = "2024-07-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_raworld.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_raworld.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "583dd2ea8e20a87d0b67783d1dd59212eb133de1f945d5b4afad89e8a5017d35"
score = 75
quality = 80
@@ -252720,8 +252893,8 @@ rule SEKOIA_Implant_Win_Incontroller : FILE
date = "2022-04-14"
modified = "2024-12-19"
reference = "https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_incontroller.yar#L4-L49"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_incontroller.yar#L4-L49"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "69296ca3575d9bc04ce0250d734d1a83c1348f5b6da756944933af0578bd41d2"
logic_hash = "988e3004169817758a38dc7cd621ed351dac4de41e6dad03ab1cdfc07b8a6cac"
score = 75
@@ -252756,8 +252929,8 @@ rule SEKOIA_Apt_Emberbear_Credpump_Strings : FILE
date = "2023-02-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_emberbear_credpump_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_emberbear_credpump_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6f2c96fe3f314221626b4c053658af0e7231f151886f10eb1d69e07ea3e5c634"
score = 75
quality = 80
@@ -252783,8 +252956,8 @@ rule SEKOIA_Webshell_Icesword_Strings : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/webshell_icesword_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/webshell_icesword_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "0447352827e61696304a8e3d34e1d270"
hash = "f49cfcda0abdefa385eda7ec7e7a5411"
hash = "e1518388375ba772ed20503ec6dc6c8a"
@@ -252812,8 +252985,8 @@ rule SEKOIA_Apt_Coathanger_Files : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_coathanger_files.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_coathanger_files.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5406d8a99e16f08f1ffca548ea1dd1e27e7707506e796e0fc263bcdbb681632d"
score = 75
quality = 80
@@ -252844,8 +253017,8 @@ rule SEKOIA_Hacktool_Lazagne_Strings : FILE
date = "2022-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_lazagne_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_lazagne_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a6db351fee9a28b1a6d82c2ce063088a1050ee8379cc13ca3cf8cc2038043951"
score = 75
quality = 80
@@ -252874,8 +253047,8 @@ rule SEKOIA_Infostealer_Win_Nosu : FILE
date = "2022-12-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_nosu.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_nosu.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f18db2008aa9175fc423133fd6d5872c5750d011aad73c373505347443d5032c"
score = 75
quality = 80
@@ -252900,8 +253073,8 @@ rule SEKOIA_Apt_Malware_Pocoproxy : FILE
date = "2024-08-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_malware_pocoproxy.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_malware_pocoproxy.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2b89f15012512002c656ff821bbbeca0"
hash = "8d850fed6bb1f3b60365ed656c6791c5"
logic_hash = "217f4eabb5ff4534878b6dd192ae446e651d8510f03ceb501eb33e91199c15a8"
@@ -252933,8 +253106,8 @@ rule SEKOIA_Apt_Kimsuky_Malicious_Vba : FILE
date = "2022-08-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_malicious_vba.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_malicious_vba.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "68d7b757f660907fcea3ea03c4027b429f8acdef6569d63cdb744e9d77637080"
score = 75
quality = 80
@@ -252958,8 +253131,8 @@ rule SEKOIA_Apt_Granitetyphoon_Pingpulllinux_Strings : FILE
date = "2023-05-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_granitetyphoon_pingpulllinux_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_granitetyphoon_pingpulllinux_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "89c89bb24d1996c04fba0e6ebfd2aaf1544d8a9e6333b896c1855747fb979308"
score = 75
quality = 80
@@ -252991,8 +253164,8 @@ rule SEKOIA_Wiper_Win_Isaacwiper
date = "2022-03-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/wiper_win_isaacwiper.yar#L4-L45"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/wiper_win_isaacwiper.yar#L4-L45"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0338e11ece112b6f7d88db49cfc703a4431d7ee54f4b9ff0b9e2ea50d39cab4f"
score = 75
quality = 80
@@ -253027,8 +253200,8 @@ rule SEKOIA_Exploit_Win_Cloudatlas_Cve_2018_0798 : CVE_2018_0798 FILE
date = "2022-11-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_win_cloudatlas_cve_2018_0798.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1ed1009d77835f60834c20e61158b00ce7416ade8aa86c3314f4d8d1f6742fa0"
score = 75
quality = 80
@@ -253056,8 +253229,8 @@ rule SEKOIA_Apt_Ta410_Flowcloud_Loader : FILE
date = "2024-05-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_ta410_flowcloud_loader.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_ta410_flowcloud_loader.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "450cfdfbd9a42b623fc1acb55f3ea309ae54282b480edcb9495f4d45874d3922"
score = 75
quality = 80
@@ -253087,8 +253260,8 @@ rule SEKOIA_Apt_Apt28_Powershell_Ntlm_Stealer : FILE
date = "2023-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_powershell_ntlm_stealer.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_powershell_ntlm_stealer.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "29d039bf7d7018ebbae187ae0f057161c3f9256076324f06167872adc0accfa7"
score = 75
quality = 80
@@ -253115,8 +253288,8 @@ rule SEKOIA_Miner_Lin_Xmrig_Strings : FILE
date = "2022-09-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/miner_lin_xmrig_strings.yar#L1-L36"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/miner_lin_xmrig_strings.yar#L1-L36"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4946e5099d7d342c8cf6644146ffec8506e786a1d4de0b05ef039bcf2b0fdad2"
score = 75
quality = 80
@@ -253158,8 +253331,8 @@ rule SEKOIA_Apt_Cerana_Keeper_Yk0130 : FILE
date = "2024-10-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cerana_keeper_yk0130.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cerana_keeper_yk0130.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "2554e4864294dc96a5b4548dd42c7189"
logic_hash = "4462c6b7f46520207f49275292a3be873540becb593176d771d3489fba6f4cb0"
score = 75
@@ -253183,8 +253356,8 @@ rule SEKOIA_Tool_Gost_Tunnel_Strings : FILE
date = "2023-02-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_gost_tunnel_strings.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_gost_tunnel_strings.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "eba1557acc1d9f16817a4bcd24631334a12357e45ad23f1c333de686f20f9291"
score = 75
quality = 80
@@ -253222,8 +253395,8 @@ rule SEKOIA_Tool_Chisel_Strings : FILE
date = "2024-03-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_chisel_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_chisel_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fe389d9d0ae73c79f1040274e21135d4df645c5ac672fc824923f0a5a085be8a"
score = 75
quality = 80
@@ -253251,8 +253424,8 @@ rule SEKOIA_Apt_Kimsuky_Sharpext_Jsexfil_Strings : FILE
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharpext_jsexfil_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "37ea72b369baaced89f30f655901cc4a9d6a70d00cfca3b92a1015aca64d4e2c"
score = 75
quality = 80
@@ -253278,11 +253451,11 @@ rule SEKOIA_Loader_Win_Purecrypter : FILE
date = "2022-09-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_purecrypter.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_purecrypter.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5d0d733a4f8447d2d51656a20640fc9482581e19ba1d53fed7d98e85bb748763"
score = 75
- quality = 30
+ quality = 80
tags = "FILE"
version = "1.0"
classification = "TLP:CLEAR"
@@ -253303,8 +253476,8 @@ rule SEKOIA_Apt_Gamaredon_Flash_Infostealer : FILE
date = "2023-01-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_flash_infostealer.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_flash_infostealer.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5a3ee8c2c3c377bea7de1993e5ef744796130643575bcce1b6181d68190aafb7"
score = 75
quality = 80
@@ -253333,8 +253506,8 @@ rule SEKOIA_Infostealer_Win_Aurora_Str : FILE
date = "2022-07-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_aurora_str.yar#L3-L34"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_aurora_str.yar#L3-L34"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "745443bb58f00cb09a1f323f530219913eaaf0d0e71c9a25af2072006f8c5f92"
score = 75
quality = 80
@@ -253374,8 +253547,8 @@ rule SEKOIA_Backdoor_Powershellempire_Sharpire : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_powershellempire_sharpire.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_powershellempire_sharpire.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a4da54a16ee1ac3dea3b3b5a5983638ea28fd1e6d580cd48db595f15a92817a1"
score = 75
quality = 80
@@ -253402,8 +253575,8 @@ rule SEKOIA_Tool_Win_Gosecretsdump : FILE
date = "2024-06-10"
modified = "2024-12-19"
reference = "https://github.com/C-Sto/gosecretsdump/releases"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_gosecretsdump.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_gosecretsdump.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "957b0deae745e4fda5a790acc391cebf9d193efb2a19ad5eb18c54da8c17bcfa"
score = 75
quality = 80
@@ -253437,8 +253610,8 @@ rule SEKOIA_Bumblebee_Loader : FILE
date = "2022-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bumblebee_loader.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bumblebee_loader.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "73c0195c51b5f8c36ab6d7a0e783f1229709d51fc42e2486c02fa65bbbdf955b"
score = 75
quality = 80
@@ -253464,8 +253637,8 @@ rule SEKOIA_Apt_Kimsuky_Toddlershark_Strings : FILE
date = "2024-03-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_toddlershark_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_toddlershark_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dee9d03f498437dd6d8399975cd91ec44307067ac4642b9ff31df1a6d6b10468"
score = 75
quality = 80
@@ -253493,8 +253666,8 @@ rule SEKOIA_Rat_Win_Hiddenz : FILE
date = "2022-08-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_hiddenz.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_hiddenz.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "92f62c893d8a081cd52deaaac93d622fbb1c8e9c7df214e34c6b8066be72a424"
score = 75
quality = 80
@@ -253520,8 +253693,8 @@ rule SEKOIA_Launcher_Win_Bluehaze : FILE
date = "2022-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/launcher_win_bluehaze.yar#L4-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/launcher_win_bluehaze.yar#L4-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "56a9d6d713a5744e77c8d34ad28983bb3b2aded1abff47dbf2d887724bd3ed4e"
score = 75
quality = 80
@@ -253546,8 +253719,8 @@ rule SEKOIA_Tool_Exploit_Comahawk_Strings : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_exploit_comahawk_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_exploit_comahawk_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a80fed3fd64562dd3e2fa197ca3d2aaf8e33783729b725c71f7eb8931af70d82"
score = 75
quality = 80
@@ -253574,8 +253747,8 @@ rule SEKOIA_Apt_Tealkurma_Snappytcp_Reverse_Shell_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_tealkurma_snappytcp_reverse_shell_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_tealkurma_snappytcp_reverse_shell_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "feb24cafcf5b080c91dab42bf8d78fbdb0b7fae9395c7513f02aa90a25663d2c"
score = 75
quality = 80
@@ -253603,8 +253776,8 @@ rule SEKOIA_Apt_Mustang_Panda_Toneshell : FILE
date = "2022-11-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustang_panda_toneshell.yar#L4-L160"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustang_panda_toneshell.yar#L4-L160"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "192fb01817cc6361062999cf539c51616d1755a5cd8e9d6e37bee6f6d04b0721"
score = 75
quality = 80
@@ -253726,8 +253899,8 @@ rule SEKOIA_Apt_Gelsemium_Wolfsbane_Backdoor : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gelsemium_wolfsbane_backdoor.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gelsemium_wolfsbane_backdoor.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "1418fe9a743226b9661a2b6decb19db0"
logic_hash = "97d5076ca4c204a2e2276fd250d64bc140da1f2c8dec9996db7a622385f2c0ac"
score = 75
@@ -253756,8 +253929,8 @@ rule SEKOIA_Backdoor_Opensource_Northstar_Strings : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_opensource_northstar_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_opensource_northstar_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c4cf8935137c1420106807240de7583ca8f5c0b231f51bba279aedf672e25274"
score = 75
quality = 80
@@ -253785,8 +253958,8 @@ rule SEKOIA_Apt_Mustangpanda_Decrypt_Payload : FILE
date = "2022-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_decrypt_payload.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_decrypt_payload.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dcc32580e351e605d21dc29558764c6fd85f8a9506de8e78f301459a5a2610b7"
score = 75
quality = 80
@@ -253821,8 +253994,8 @@ rule SEKOIA_Tool_Win_Sharpshares : FILE
date = "2024-06-10"
modified = "2024-12-19"
reference = "https://github.com/mitchmoser/SharpShares/releases"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_win_sharpshares.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_win_sharpshares.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6aa96d7c24638451bde98497cc7c844c87612d81cc7826113729c80bd5180442"
score = 75
quality = 80
@@ -253855,8 +254028,8 @@ rule SEKOIA_Apt_Gamaredon_Doc_External_Template : FILE
date = "2023-01-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_doc_external_template.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_doc_external_template.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "51412081fa7e62fa342b0ed6da18009b39e3952286f2bd319fbe10e0b1761e02"
score = 75
quality = 80
@@ -253881,8 +254054,8 @@ rule SEKOIA_Apt_Sugardump_Credentials_Stealer_Smtp : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sugardump_credentials_stealer_smtp.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sugardump_credentials_stealer_smtp.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1f423f38ff323e67667e35af5603e608cba6eaf8d98633467b0292c5f81c8d1c"
score = 75
quality = 80
@@ -253908,8 +254081,8 @@ rule SEKOIA_Apt_Badmagic_Reco_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_reco_pshscript.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_reco_pshscript.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "86369267545241f33c6fc7dab11eb06f71641d8e9cd0365ddcc676d4f4c9739b"
score = 75
quality = 80
@@ -253935,8 +254108,8 @@ rule SEKOIA_Apt_Cloudatlas_Powertunnel : FILE
date = "2022-11-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_powertunnel.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_powertunnel.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "aadb2739957d17c7e82e3abf7a178ab7b6e4a598fbbdb1a06d0c0531656d4ef6"
score = 75
quality = 80
@@ -253963,8 +254136,8 @@ rule SEKOIA_Apt_Andariel_Keylogger_Strings : FILE
date = "2024-06-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_andariel_keylogger_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_andariel_keylogger_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "671698af4fbaed3d19f3d3498263183909db9422a5a0a8f12ba119409773c505"
score = 75
quality = 80
@@ -253989,8 +254162,8 @@ rule SEKOIA_Tool_Yasso_Strings : FILE
date = "2023-06-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_yasso_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_yasso_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1d715b0962ba9ecbe11649ea85870a8f884f6dd7eda27b1f8eff0d7f5de8c765"
score = 75
quality = 80
@@ -254017,8 +254190,8 @@ rule SEKOIA_Rat_Win_Xeno_Rat : FILE
date = "2024-02-09"
modified = "2024-12-19"
reference = "https://github.com/moom825/xeno-rat/tree/main/xeno%20rat%20client"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_xeno_rat.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_xeno_rat.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "252dd8b236ce3570b6df504d307d88ee7431c0eee361813f1d4f8a66ef1db703"
score = 75
quality = 80
@@ -254042,8 +254215,8 @@ rule SEKOIA_Apt_Kimsuky_Powershell_Dropper_Strings : FILE
date = "2024-06-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_powershell_dropper_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_powershell_dropper_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e98f23ddf02049126786e9300e7b6661b2a74817b36e2f3a661b07b24ef4402d"
score = 75
quality = 80
@@ -254069,8 +254242,8 @@ rule SEKOIA_Crime_Sload_Mainpowershellimplant : FILE
date = "2022-08-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crime_sload_mainpowershellimplant.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crime_sload_mainpowershellimplant.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "37ec263dddf7719d03a3d58b4b196597737a1e28f8072f3933cdf954f2b696cd"
score = 75
quality = 80
@@ -254107,8 +254280,8 @@ rule SEKOIA_Bot_Lin_Xorddos_Strings : FILE
date = "2023-11-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bot_lin_xorddos_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bot_lin_xorddos_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b91cfeeaddffe98ac1649c5d88a2091cf7ab8ff65b232f09c323d23684cb2a2d"
score = 75
quality = 80
@@ -254133,8 +254306,8 @@ rule SEKOIA_Tool_Efspotato : FILE
date = "2023-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_efspotato.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_efspotato.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cbfd72a16f02903b1ad6fdf3e25f6c5508145d6be4c1776bb77f1ccd6c1954b3"
score = 75
quality = 80
@@ -254159,8 +254332,8 @@ rule SEKOIA_Hacktool_Ligolo_Relay_Strings : FILE
date = "2022-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_ligolo_relay_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_ligolo_relay_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "57150b394cc7af9ae786b63d83acc29529fa037f0a52afde0e12a2eef93bf6c8"
score = 75
quality = 80
@@ -254186,8 +254359,8 @@ rule SEKOIA_Clipper_Win_Atlas_Strings
date = "2023-07-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/clipper_win_atlas_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/clipper_win_atlas_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c8ad062b69dfe996a488ee9c79f0e7e0016f57f5b54fc39aeb4e207d2a42aa75"
score = 75
quality = 80
@@ -254217,8 +254390,8 @@ rule SEKOIA_Apt_Tortoiseshell_Wateringhole_Script : FILE
date = "2023-05-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_tortoiseshell_wateringhole_script.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_tortoiseshell_wateringhole_script.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8ad886443b1bd17048054b57650d38cda1ffccc10fedfac86283a41daf956dc2"
score = 75
quality = 80
@@ -254248,8 +254421,8 @@ rule SEKOIA_Tool_Juicypotatong_Strings : FILE
date = "2023-06-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_juicypotatong_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_juicypotatong_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7014b206b293c8254304d97bec7b367c6039566f60511a51d4a41d3e1ed98612"
score = 75
quality = 80
@@ -254274,8 +254447,8 @@ rule SEKOIA_Apt_Turla_Kazuar_Variant_2023 : FILE
date = "2023-11-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_turla_kazuar_variant_2023.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_turla_kazuar_variant_2023.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "98207fef906c922ff09f72b0dea7103c0fb86c5ec4712a23ecba6840b79b0ad5"
score = 75
quality = 80
@@ -254300,8 +254473,8 @@ rule SEKOIA_Apt_Susp_Apt28_Uac0063_Malicious_Doc_Settings_Xml : FILE
date = "2024-07-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_susp_apt28_uac0063_malicious_doc_settings_xml.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "0272acc6ed17c72320e4e7b0f5d449841d0ccab4ea89f48fd69d0a292cc5d39a"
logic_hash = "29b40a83340e71bfc38dc7050b3a21e62e2d2e506dbd077c1c7e430c8ff56d32"
score = 65
@@ -254328,8 +254501,8 @@ rule SEKOIA_Infostealer_Win_Stealc : FILE
date = "2023-02-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_stealc.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_stealc.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "60140c5a97494e6648dfce719ebce5644a3e05d4559d28874eb759b7d0e6a90e"
score = 75
quality = 55
@@ -254359,8 +254532,8 @@ rule SEKOIA_Tool_Sharpnbtscan_Strings : FILE
date = "2024-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_sharpnbtscan_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_sharpnbtscan_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "adc19140e84c4aa3433b8ae4096355e384bbd106326ed56b54fb44a86fd9fbc6"
score = 75
quality = 80
@@ -254386,8 +254559,8 @@ rule SEKOIA_Infostealer_Win_Stormkitty : FILE
date = "2023-03-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_stormkitty.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_stormkitty.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "57a4603faf6af9742db79f9bc8751f3a5c091b6271998434f0a3b9f5c30cb1e8"
score = 75
quality = 80
@@ -254424,8 +254597,8 @@ rule SEKOIA_Xworm_Dotnet_Injector
date = "2022-12-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/xworm_dotnet_injector.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/xworm_dotnet_injector.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4777edacf4719e602ae1fb7204ea97cd594277faa1c2b7ad430066ad82b40768"
score = 75
quality = 80
@@ -254454,8 +254627,8 @@ rule SEKOIA_Apt_Cloudatlas_Powertunnel_Loader
date = "2022-11-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_powertunnel_loader.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_powertunnel_loader.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "742374ad22d9333ef071fe95058f28ae00325cca833b557481ef5d453b3a4977"
score = 75
quality = 55
@@ -254481,8 +254654,8 @@ rule SEKOIA_Ransomware_Win_Lorenz : FILE
date = "2022-02-10"
modified = "2024-12-19"
reference = "https://www.cybereason.com/blog/cybereason-vs.-lorenz-ransomware"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_lorenz.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_lorenz.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "355de0f172c9e877bbca7f75c0bfb07d83ae7f43e7674a7f84c4e4d519dfa7c0"
score = 75
quality = 80
@@ -254512,8 +254685,8 @@ rule SEKOIA_Unknown_Quad7_Wildcard_Login : FILE
date = "2024-07-18"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/unknown_quad7_wildcard_login.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/unknown_quad7_wildcard_login.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "4d9067e7cf517158337123a30a9bd0e3"
hash = "43ea387b8294cc4d0baaef6d26ff7c72"
hash = "777d6f907da38365924a0c2a12e973c5"
@@ -254542,8 +254715,8 @@ rule SEKOIA_Ransomware_Win_Honkai_Jan2023 : FILE
date = "2023-02-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_honkai_jan2023.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_honkai_jan2023.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "19f831f77e043f11b790b7f24e9f585e4986d9af6580bae7c344b7960f2f0965"
score = 75
quality = 80
@@ -254574,8 +254747,8 @@ rule SEKOIA_Infostealer_Win_Enigma_Loader_Module : FILE
date = "2023-01-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_enigma_loader_module.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_enigma_loader_module.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "f1623c2f7c00affa3985cf7b9cdf25e39320700fa9d69f9f9426f03054b4b712"
logic_hash = "f5485b14291acc299d66b72aefd2d5e558d82f6a90450d293eb147f05423f2d8"
score = 75
@@ -254608,8 +254781,8 @@ rule SEKOIA_Tool_Petitpotato : FILE
date = "2023-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_petitpotato.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_petitpotato.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "93a46c7765ad9f18c2176b98c91edf97827707ffdefcedc40078c87c30343508"
score = 75
quality = 80
@@ -254635,8 +254808,8 @@ rule SEKOIA_Malware_Tinyshell_Strings : FILE
date = "2024-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_tinyshell_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_tinyshell_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "fffc89ebbe6ea37072077996e27f86dd"
hash = "59a97d4fbd3a54e991dc7e1f0451acf5"
hash = "d7ee59eab7f703bfaf1002a39b05c7b9"
@@ -254668,8 +254841,8 @@ rule SEKOIA_Killfloor_Avkiller_Strings : FILE
date = "2024-10-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/killfloor_avkiller_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/killfloor_avkiller_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "9f16176ac20f7855fa960d321e156d69"
hash = "4b019e9ed2de734e242602abce06f7c1"
hash = "81ae32d9de8fd21acfc61d62f3292277"
@@ -254701,8 +254874,8 @@ rule SEKOIA_Hacktool_Win_Powertool : FILE
date = "2022-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_win_powertool.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_win_powertool.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "aeccba821e528ca03abc8b50362d450ba2c12ab443454faf5b2809aecd163648"
score = 75
quality = 80
@@ -254731,8 +254904,8 @@ rule SEKOIA_Tool_Edrsandblast_Api_Strings : FILE
date = "2024-01-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_edrsandblast_api_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_edrsandblast_api_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cd6afe68cf04e4949add323e0b5af5ea577b3dca07743e312e8236bf5c937672"
score = 75
quality = 80
@@ -254759,8 +254932,8 @@ rule SEKOIA_Botnet_Lin_Tsunami : FILE
date = "2024-09-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/botnet_lin_tsunami.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/botnet_lin_tsunami.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "536a28db011459d841652e25a852ccf2"
logic_hash = "8678ead4c863b2bc6bbb5e0023dee10f4e9f031bd0c8f515ad30d6145755ccaa"
score = 75
@@ -254789,8 +254962,8 @@ rule SEKOIA_Rat_Win_Reverserat
date = "2023-02-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_reverserat.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_reverserat.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "b277a824b2671f40298ce03586a2ccc0fca2a081a66230c57a3060c2028f13ee"
hash = "8b87459483248d7b95424cd52b7d4f3031e89c6644adc2e167556e071d9ec3aa"
logic_hash = "13a5a916e084996ce4d7840581250f7630652acdcad0f66e21763cb3a9cbccc3"
@@ -254817,8 +254990,8 @@ rule SEKOIA_Rat_Win_Millenium : FILE
date = "2023-11-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_millenium.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_millenium.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bcf4158b9bfee65cd9bd74163ac108ea1de8ec0e9ad066e77bec788ae6fb7283"
score = 75
quality = 80
@@ -254855,8 +255028,8 @@ rule SEKOIA_Tool_Bore_Rust_Any_Platform : FILE
date = "2023-07-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_bore_rust_any_platform.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_bore_rust_any_platform.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c51d75088897aaffef904d560f750d780a0c814b89bf433a05189fbf7bb3285c"
score = 75
quality = 80
@@ -254886,8 +255059,8 @@ rule SEKOIA_Tool_Inswor_Strings : FILE
date = "2024-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_inswor_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_inswor_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "c393128a143b2a3397100b4a30c75112"
logic_hash = "b25072e6a9fa5728c24c91056a221778f5fbc9d8ba7a78a6684cd6755761373e"
score = 75
@@ -254913,8 +255086,8 @@ rule SEKOIA_Apt_Badmagic_Commonmagic_Screenshot_Module : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_commonmagic_screenshot_module.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_commonmagic_screenshot_module.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "caab57534a00620974f7d49c7b38a3f191aca596b69b3e4c499e3099023c2f9c"
score = 75
quality = 80
@@ -254939,8 +255112,8 @@ rule SEKOIA_Truesightkiller_Avkiller_Strings : FILE
date = "2024-10-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/truesightkiller_avkiller_strings.yar#L1-L45"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/truesightkiller_avkiller_strings.yar#L1-L45"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "891202963430a4b1dea2dc5b9af01dc5"
hash = "367af202029bf51fc347a8f414fa2a5c"
hash = "64439836d69084b129c2dc4264176149"
@@ -254992,8 +255165,8 @@ rule SEKOIA_Exploit_Linux_Eop_Cve202121974_Exploit_Strings : CVE_2021_21974 FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_cve202121974_exploit_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_cve202121974_exploit_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a2e6e2660fcbf6ffa80809c02ca78fae85d27f6cd8d2c83bb2645a86124ca7f2"
score = 75
quality = 80
@@ -255019,8 +255192,8 @@ rule SEKOIA_Infostealer_Win_Ducklogs : FILE
date = "2022-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_ducklogs.yar#L1-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_ducklogs.yar#L1-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5db1a5595ec41488da620606bbcb36d0d686f9d6b7a0479439c53625df0886a0"
score = 75
quality = 80
@@ -255058,8 +255231,8 @@ rule SEKOIA_Plugx_Final_Payload : FILE
date = "2023-07-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/plugx_final_payload.yar#L3-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/plugx_final_payload.yar#L3-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bf5035eb7ed620edcf7a0e8e8be220451ce268fc49310f28059b60576d8c5182"
score = 75
quality = 80
@@ -255082,8 +255255,8 @@ rule SEKOIA_Apt_Susp_Apt28_Uac0063_Malicious_Doc_Vba : FILE
date = "2024-07-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_susp_apt28_uac0063_malicious_doc_vba.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_susp_apt28_uac0063_malicious_doc_vba.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "fceffb8ae94cef3af21b2943131e94db9e0e67073de48d9d32601a245448d067"
logic_hash = "c57676b765364c5c51d2bf231b5fe858129b45ba837ec6554b353177bb16bd8a"
score = 65
@@ -255108,8 +255281,8 @@ rule SEKOIA_Apt_Apt37_Chinotto_Powershell_Variant
date = "2023-03-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt37_chinotto_powershell_variant.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt37_chinotto_powershell_variant.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b4d17467f15d52bd615e335fa8bc31381ec273b67dabb74655f47179f04f631f"
score = 75
quality = 80
@@ -255137,8 +255310,8 @@ rule SEKOIA_Trojan_Android_Xenomorph : FILE
date = "2022-02-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_android_xenomorph.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_android_xenomorph.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d44e5742449cd9c19b50ab23f452378d5627e19140554d12086994d820df9c64"
score = 75
quality = 80
@@ -255163,8 +255336,8 @@ rule SEKOIA_Apt_Sidecopy_Actionrat_Packer_Strings : FILE
date = "2023-05-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_sidecopy_actionrat_packer_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_sidecopy_actionrat_packer_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1bb6896ac3efa0e43cc27f56d7324ab9bdd2c401941eeefc4e7be62b407657af"
score = 75
quality = 80
@@ -255189,8 +255362,8 @@ rule SEKOIA_Apt_Implant_Xdealer_Strings : FILE
date = "2024-03-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_implant_xdealer_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_implant_xdealer_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "13c0bbc933f68164b0fe1c2768148bb649b1755bed0cfbc6ed90188fab6876d5"
score = 75
quality = 80
@@ -255217,8 +255390,8 @@ rule SEKOIA_Trojan_And_Keepspy : FILE
date = "2023-06-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_and_keepspy.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_and_keepspy.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "03a954a5585a9a80fdc5a0cd2644a819c540d43b260e040b627530ca88ee08fa"
score = 75
quality = 80
@@ -255247,8 +255420,8 @@ rule SEKOIA_Tool_Quarkspwdump : FILE
date = "2023-06-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_quarkspwdump.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_quarkspwdump.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4799e1d1c749a536d7920e3c333d69f7130376c6a0f0e0ca8f0b61e438266adb"
score = 75
quality = 80
@@ -255273,8 +255446,8 @@ rule SEKOIA_Apt_Kimsuky_Sharptongue_C2_Source
date = "2022-07-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_sharptongue_c2_source.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_sharptongue_c2_source.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c301a99876cfe2863546c990654aa922f9327e0eb010968eaea43f1d8ced76da"
score = 75
quality = 80
@@ -255300,8 +255473,8 @@ rule SEKOIA_Exploit_Ez_Pwnkit_Strings : FILE
date = "2024-01-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_ez_pwnkit_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_ez_pwnkit_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "36ec579f6c2dfeaf4ae6f6559d565d418a1f31199102eaa390ca36493f5b18cd"
score = 75
quality = 80
@@ -255326,8 +255499,8 @@ rule SEKOIA_Apt_Apt31_Rekoobe : FILE
date = "2023-07-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt31_rekoobe.yar#L3-L15"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt31_rekoobe.yar#L3-L15"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "88a1a10f26ca355c4be3fd3aa914b1b1ea743018ce44c68a2f4d9e5a337d5c01"
score = 40
quality = 80
@@ -255348,8 +255521,8 @@ rule SEKOIA_Apt_Apt28_Susp_Graphite_Downloader : FILE
date = "2022-01-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_susp_graphite_downloader.yar#L3-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_susp_graphite_downloader.yar#L3-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ca5aa7ea995aca9003fd98da2fba7bbec1e049d979a6b05e07b80876bab5a1c9"
score = 65
quality = 80
@@ -255381,8 +255554,8 @@ rule SEKOIA_Infostealer_Win_Nemesis_In_Memory : FILE
date = "2023-03-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_nemesis_in_memory.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_nemesis_in_memory.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "65d2dd9a10238e6d65d8992aa9cc145f73bcba9be49ed552f8b0c44723ec4c87"
score = 75
quality = 80
@@ -255417,8 +255590,8 @@ rule SEKOIA_Apt_Dark_Pink_Pdb_Path : FILE
date = "2023-01-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_dark_pink_pdb_path.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_dark_pink_pdb_path.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f67e0d50975697424313acc77a9c86e1c2b41fde1663e4f5d8f4765acb997775"
score = 75
quality = 76
@@ -255442,8 +255615,8 @@ rule SEKOIA_Implant_Win_Quantum_Builder_Lnk
date = "2022-06-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_quantum_builder_lnk.yar#L1-L44"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_quantum_builder_lnk.yar#L1-L44"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dd090af0e062b633173ac8483d8659e1fd8aa7898c641714fbe4b30bdd276b3d"
score = 75
quality = 30
@@ -255476,8 +255649,8 @@ rule SEKOIA_Rat_Win_Ratel_Strings : FILE
date = "2023-04-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_ratel_strings.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_ratel_strings.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ff5640b03ec3e535cdb86c2a0feb52d0c472928ff88a36ec9f66ac8aa07c9f69"
score = 75
quality = 80
@@ -255511,8 +255684,8 @@ rule SEKOIA_Rat_Win_Remcos : FILE
date = "2023-01-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_remcos.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_remcos.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "259f31d745449dc81cde698bb0ae4a20b4bbf050a1c818fbb5a891f26ca2e856"
score = 75
quality = 80
@@ -255546,8 +255719,8 @@ rule SEKOIA_Backdoor_Win_Nukesped_Andariel
date = "2023-11-27"
modified = "2024-12-19"
reference = "https://asec.ahnlab.com/en/59073/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_nukesped_andariel.yar#L4-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_nukesped_andariel.yar#L4-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d6421f3d0a3059e4104cfdceebb237269592f8ace7cc8d5bd613d239e4c010f4"
score = 75
quality = 80
@@ -255567,8 +255740,8 @@ rule SEKOIA_Apt_Implant_Xdealer_Stealer_Strings : FILE
date = "2024-03-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_implant_xdealer_stealer_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_implant_xdealer_stealer_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "79ba2fd14cd2eb73848026f79ce6115df813e0fda3a071ab26659874e04e2201"
score = 75
quality = 80
@@ -255595,8 +255768,8 @@ rule SEKOIA_Backdoor_Win_Ketrum2
date = "2022-10-19"
modified = "2024-12-19"
reference = "https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_ketrum2.yar#L4-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_ketrum2.yar#L4-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5317b133337ad333c97bbfa6c9d62aea5fd81f3b570f1d6b1ac93ea82062ef61"
score = 75
quality = 80
@@ -255631,8 +255804,8 @@ rule SEKOIA_Wiper_Win_Dnwipe : FILE
date = "2022-11-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/wiper_win_dnwipe.yar#L4-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/wiper_win_dnwipe.yar#L4-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "634ca80a168c9d98ce87a3a1a451769bddb7ae27e28b3682693b34ccce2c7ad4"
score = 75
quality = 80
@@ -255657,8 +255830,8 @@ rule SEKOIA_Malware_Venom_Admin_Strings : FILE
date = "2022-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_venom_admin_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_venom_admin_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "205f16b07f58290b2898de7a7dd1e20f3d7651d738f0b15bf810f9be66eedf3d"
score = 75
quality = 80
@@ -255688,8 +255861,8 @@ rule SEKOIA_Backdoor_Blueshell : FILE
date = "2023-09-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_blueshell.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_blueshell.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "348ae383f2aaef544951641dd7e2879afa23e37bdf429c6255254115bd3e10d5"
score = 75
quality = 80
@@ -255720,8 +255893,8 @@ rule SEKOIA_Malicious_Lnk_Exploiting_Webdav_Share_Generic : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malicious_lnk_exploiting_webdav_share_generic.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malicious_lnk_exploiting_webdav_share_generic.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "cffb40e13e3aa6761330090b42314c36"
logic_hash = "8179ef8ac43cb67a1b70baf7824452834f498d988df84e138c857ac0ef164b4b"
score = 75
@@ -255748,8 +255921,8 @@ rule SEKOIA_Ransomware_Win_Redeemer : FILE
date = "2022-12-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_redeemer.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_redeemer.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c1798a18e763277d19a3b698459244a2bc2eeebbbf239db7540d1493955ce5f0"
score = 75
quality = 80
@@ -255781,8 +255954,8 @@ rule SEKOIA_Loader_Win_Piccassoloader : CVE_2023_38831
date = "2023-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_piccassoloader.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_piccassoloader.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "93e598f6c70dcb1ddf20ea926af72241e135bdf910f3721a7a0c3036f6a3d1b9"
score = 75
quality = 76
@@ -255807,8 +255980,8 @@ rule SEKOIA_Apt_Spikedwine_Wineloader : FILE
date = "2024-02-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_spikedwine_wineloader.yar#L3-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_spikedwine_wineloader.yar#L3-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c71d7ef8cb89d8fcd42e3178a729d912d5fe8e9eb396e46d7a0f5176a9398d75"
score = 75
quality = 80
@@ -255836,8 +256009,8 @@ rule SEKOIA_Apt_Backdoordiplomaty_Phantomnet : FILE
date = "2024-06-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_backdoordiplomaty_phantomnet.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_backdoordiplomaty_phantomnet.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e4be9b9e092dcaa368650b7f696ca532f89752bdbe6b5fd09b4285a643c20b86"
score = 75
quality = 80
@@ -255862,8 +256035,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_12 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_12.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_12.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5c9692337c0dd533c7e49bd3850feedad93b256bc2fba45af6121f50ad83f4cc"
score = 75
quality = 80
@@ -255890,8 +256063,8 @@ rule SEKOIA_Apt_Muddywater_Moriagent : FILE
date = "2022-01-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_moriagent.yar#L3-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_moriagent.yar#L3-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "21389d4e71e9a19a9d263b8ced740c337ea88ed4ac97199897b0aa3f5914594a"
score = 75
quality = 80
@@ -255920,8 +256093,8 @@ rule SEKOIA_Rat_Lin_Gobrat_2023 : FILE
date = "2023-06-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_lin_gobrat_2023.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_lin_gobrat_2023.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b9831cefded9e48ef169aa56c18628a9871760ae613f75b232019b4798944e16"
score = 75
quality = 80
@@ -255947,8 +256120,8 @@ rule SEKOIA_Apt_Toneshell_Shellcode : FILE
date = "2024-10-02"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_toneshell_shellcode.yar#L1-L34"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_toneshell_shellcode.yar#L1-L34"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0e164677681dce2aa75d3621d9f3df1449c3e67a3551817693856d80ccc48eca"
score = 75
quality = 80
@@ -255990,8 +256163,8 @@ rule SEKOIA_Apt_Queueseed : FILE
date = "2024-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_queueseed.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_queueseed.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "80d1135d63a351cabf45d2266c0ffc770e11669103107cd40caf00eb62c836ed"
score = 75
quality = 80
@@ -256024,8 +256197,8 @@ rule SEKOIA_Apt_Darkpink_Sample : FILE
date = "2023-06-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_darkpink_sample.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_darkpink_sample.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "8dc3f6179120f03fd6cb2299dbc94425451d84d6852b801a313a39e9df5d9b1a"
logic_hash = "c9d3952036bffe2d924ea553fd53f8b6f0b3f16f1060fbde69496c800d4d5ad9"
score = 75
@@ -256051,8 +256224,8 @@ rule SEKOIA_Apt_Windows_Wip19_Screencap : FILE
date = "2022-10-18"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_windows_wip19_screencap.yar#L4-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_windows_wip19_screencap.yar#L4-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "02479f0c8199b31f089608da0f44f1487b75790cb31c77bb65ca1fb0fd57ac0d"
score = 75
quality = 80
@@ -256072,8 +256245,8 @@ rule SEKOIA_Bot_Lin_Enemybot_April22 : FILE
date = "2022-04-14"
modified = "2024-12-19"
reference = "https://twitter.com/3xp0rtblog/status/137520616938452173://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/bot_lin_enemybot_april22.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/bot_lin_enemybot_april22.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "18ea06e60259f8d7d639b0e4659f0f5e166e9589d617f5766c06968af5e56aa6"
score = 75
quality = 80
@@ -256104,8 +256277,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_8 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_8.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_8.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "71e4eb41968818e1dd484a259af9eec30a517423b00da75ce21773bf695cbc7d"
score = 75
quality = 80
@@ -256131,8 +256304,8 @@ rule SEKOIA_Exploit_Linux_Eop_Rationallove_Strings : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/exploit_linux_eop_rationallove_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/exploit_linux_eop_rationallove_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "84a53a1d4f08e178a5cf1c968b3b98ae8624c3d052760517ec88bddd25833108"
score = 75
quality = 80
@@ -256157,8 +256330,8 @@ rule SEKOIA_Ransomware_Mallox : FILE
date = "2023-02-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_mallox.yar#L1-L38"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_mallox.yar#L1-L38"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c9300de42ee9eb3e820f49aa979234ff61c33dc6bf5d65bcb26e45b7126aafec"
score = 75
quality = 54
@@ -256204,8 +256377,8 @@ rule SEKOIA_Implant_Win_Havoc_Default_Strings : FILE
date = "2022-10-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_havoc_default_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_havoc_default_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "dbf17e579071f265961657d73c6a2e51630b23e80376491df2e631cee5ffb1b4"
score = 75
quality = 80
@@ -256236,8 +256409,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_7 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_7.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_7.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "27b5f3d24f7269e80b628be044d828d365fdba25891a5a1ecc973c419cf1dc6c"
score = 75
quality = 80
@@ -256263,8 +256436,8 @@ rule SEKOIA_Ransomware_Win_Chaos : FILE
date = "2022-01-18"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_chaos.yar#L1-L46"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_chaos.yar#L1-L46"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1947e6de8f74fe7bc52107d4a57e19eacf022121f5decee54a8c90797be844c6"
score = 75
quality = 78
@@ -256314,8 +256487,8 @@ rule SEKOIA_Backdoor_Powershellempire_Batlauchers : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_powershellempire_batlauchers.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_powershellempire_batlauchers.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0453c739ad936b0cc5ed2e36ba4a011a90600b74ca23c08165c23a3e63fe60e9"
score = 75
quality = 74
@@ -256340,8 +256513,8 @@ rule SEKOIA_Apt_Badmagic_Malicious_Lnk : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_malicious_lnk.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_malicious_lnk.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b83749c71cefb485f8bbea1d465fc477de159e086efa04ebce4d0778a203ed89"
score = 75
quality = 80
@@ -256366,8 +256539,8 @@ rule SEKOIA_Infostealer_Win_Grmsk_Strings : FILE
date = "2023-11-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_grmsk_strings.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_grmsk_strings.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a2f638556edf5b2cabcd67e7d29a9e3f554b707af688f79b89f2f67d493093b3"
score = 75
quality = 55
@@ -256402,8 +256575,8 @@ rule SEKOIA_Guloader_Lnk_File : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/guloader_lnk_file.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/guloader_lnk_file.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d69038a8b26c7fc7ba7b0968c7c91b589b25512dcf7e3ad5ee56453a4654a1ab"
score = 75
quality = 80
@@ -256430,8 +256603,8 @@ rule SEKOIA_Backdoor_Win_Blackrat : FILE
date = "2023-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_blackrat.yar#L4-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_blackrat.yar#L4-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4edf1335e357ebc02e4abb51cd8d808ae39e649cf19cdb3ec667c9cf313181a9"
score = 75
quality = 80
@@ -256458,8 +256631,8 @@ rule SEKOIA_Tool_Tokenplayer_Strings : FILE
date = "2024-11-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_tokenplayer_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_tokenplayer_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "f01eae4ee3cc03d621be7b0af7d60411"
logic_hash = "e419fa8c690816cd0e449f0a1d66d170e8806b38a99758631719b239363e330e"
score = 75
@@ -256490,8 +256663,8 @@ rule SEKOIA_Apt_Apt28_Htmlsmuggling
date = "2023-09-11"
modified = "2024-12-19"
reference = "https://www.zscaler.com/blogs/security-research/steal-it-campaign"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt28_htmlsmuggling.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt28_htmlsmuggling.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "47cca1d0a0843c8df43661ee8188dae86cce06e1f3982973871863728d328e89"
score = 75
quality = 80
@@ -256515,8 +256688,8 @@ rule SEKOIA_Infostealer_Win_Meduzastealer : FILE
date = "2023-06-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_meduzastealer.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_meduzastealer.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e81a5a9611662422eb7a87c0c1a370cee6f138fd6169225d969b669337d91a06"
score = 75
quality = 80
@@ -256549,8 +256722,8 @@ rule SEKOIA_Malware_Httpshell_Strings : FILE
date = "2024-01-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_httpshell_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_httpshell_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8f6f6ad459cc6edd80432528a507ca2cb84e6859be94f2e1caaea801bf809375"
score = 75
quality = 80
@@ -256578,8 +256751,8 @@ rule SEKOIA_Apt_Lazarus_Dangerouspassword_Lnk : FILE
date = "2022-07-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_dangerouspassword_lnk.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_dangerouspassword_lnk.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "79731450c4623f614c55d8c08d879579e21fd38c85d2a288724b6e9470de6e29"
score = 75
quality = 80
@@ -256606,8 +256779,8 @@ rule SEKOIA_Apt_Spikedwine_Malicious_Hta
date = "2024-02-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_spikedwine_malicious_hta.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_spikedwine_malicious_hta.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "305896cde5d95c29de511541a961063730709d40d67a8788f084c17f181e3baf"
score = 75
quality = 80
@@ -256632,8 +256805,8 @@ rule SEKOIA_Implant_Win_Quasarrat
date = "2023-03-17"
modified = "2024-12-19"
reference = "https://blog.alyac.co.kr/5103"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_quasarrat.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_quasarrat.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d3c1d65a23aaea5423025cb2f755d0f2298cbf02b2a4e34430eae8c3e1263185"
score = 75
quality = 80
@@ -256661,8 +256834,8 @@ rule SEKOIA_Infostealer_Win_Lumma_Strings_Sept23 : FILE
date = "2023-09-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_lumma_strings_sept23.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_lumma_strings_sept23.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "099dd81a72f8c9dac38fd0f9ab4e99b60f0e7742d6a64313e2989aa8955c01ec"
score = 75
quality = 55
@@ -256693,8 +256866,8 @@ rule SEKOIA_Reverseshell_Win_1St_Troy : FILE
date = "2023-09-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/reverseshell_win_1st_troy.yar#L4-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/reverseshell_win_1st_troy.yar#L4-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a85a6ef0fe3b3fde3cb833579f4fd69cd159737888ae41e69e40a6bdc1172d1f"
score = 75
quality = 80
@@ -256719,8 +256892,8 @@ rule SEKOIA_Rat_Win_Arrow_Str : FILE
date = "2022-08-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_arrow_str.yar#L1-L27"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_arrow_str.yar#L1-L27"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "faf66a14e563066bb86ceadc787c092a5a13a43f936f0d9d19fbe7d4352ea5d8"
score = 75
quality = 80
@@ -256754,8 +256927,8 @@ rule SEKOIA_Apt_Apt29_Wineloader_Malicious_Pdf : FILE
date = "2024-03-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt29_wineloader_malicious_pdf.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt29_wineloader_malicious_pdf.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "9712217ff3597468b48cdf45da588005de3a725ba554789bb7e5ae1b0f7c02a7"
hash = "3739b2eae11c8367b576869b68d502b97676fb68d18cc0045f661fbe354afcb9"
logic_hash = "784f5ab2602e2185e8253b5b8d9a084ede0604457b0a0674fceffbcb226e3ba1"
@@ -256783,8 +256956,8 @@ rule SEKOIA_Backdoor_Oyster
date = "2024-08-29"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_oyster.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_oyster.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ffd84d0c7064bcd69121aa606bc642ff2b5c9927ba622260a02a9689c7ab8878"
score = 75
quality = 80
@@ -256808,8 +256981,8 @@ rule SEKOIA_Hacktool_Rubeus_Strings : FILE
date = "2022-02-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_rubeus_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_rubeus_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "606c1b3c29dd4b609eba64bc5d02a81859bb574ee10bce8b0f355ac01d99689f"
score = 75
quality = 80
@@ -256836,8 +257009,8 @@ rule SEKOIA_Apt_Unk_Hrserv_Memory_Commands_Strings
date = "2023-11-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unk_hrserv_memory_commands_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unk_hrserv_memory_commands_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a87c35658ded301c098f9ee8ee5886a54e89537eabd145cf82b0286c703a77d2"
score = 75
quality = 80
@@ -256864,11 +257037,11 @@ rule SEKOIA_Implant_Win_Flagpro : FILE
date = "2022-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_flagpro.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_flagpro.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "eb1aba9924af474d6d890572a9bf72e0d1aa5dc31dd4cc34648195b0207ab4d6"
score = 75
- quality = 55
+ quality = 80
tags = "FILE"
version = "1.0"
classification = "TLP:CLEAR"
@@ -256897,8 +257070,8 @@ rule SEKOIA_Recotool_Adfind_Strings : FILE
date = "2022-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/recotool_adfind_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/recotool_adfind_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "cc1e1dceff28136082f19cebc7584ba08c9006b964e37fc3fda91bc0b41906dc"
score = 75
quality = 80
@@ -256925,8 +257098,8 @@ rule SEKOIA_Apt_Gamaredon_Powerrevshell : FILE
date = "2023-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_powerrevshell.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_powerrevshell.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fc5abcdf47641c1e7978cf076550f38987305bb2171b3e65f7865102a065af43"
score = 75
quality = 80
@@ -256953,8 +257126,8 @@ rule SEKOIA_Apt_Badmagic_Ld_Dll_Loader_Pshscript : FILE
date = "2023-05-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_badmagic_ld_dll_loader_pshscript.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8482521fe1f90c008948e551df35448b870145cf8b58f3c5019cafb66bb0ae36"
score = 75
quality = 80
@@ -256980,8 +257153,8 @@ rule SEKOIA_Apt_Redhotel_Maliciouslnk_Strings : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_redhotel_maliciouslnk_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_redhotel_maliciouslnk_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "8e2c17040ec78cbcdc07bb2cf9dd7e01"
hash = "dc613a519e515ca817fdfb88f81fc9d7"
hash = "6f7d85c196c277a6a619f6d94b8f69b9"
@@ -257014,8 +257187,8 @@ rule SEKOIA_Tool_Edrsandblast_Kernelcallbacks : FILE
date = "2024-11-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_edrsandblast_kernelcallbacks.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_edrsandblast_kernelcallbacks.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ffb1185dca42c5b2b273c3a48f3ba86204a3474a9a045f72dbdb0ba7c9e89c7d"
score = 75
quality = 80
@@ -257040,8 +257213,8 @@ rule SEKOIA_Apt_Implant_Xdealer_Linux_Variant_Strings : FILE
date = "2024-03-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_implant_xdealer_linux_variant_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_implant_xdealer_linux_variant_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "400beb53d0f7b7727962175c7c4f8dfccdfed56bb3978d3e847147e8ad7644fb"
score = 75
quality = 80
@@ -257070,8 +257243,8 @@ rule SEKOIA_Apt_Cloudatlas_Rtf_Shellcode_Cve_2018_0798 : FILE
date = "2022-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_rtf_shellcode_cve_2018_0798.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a8c320ca81ef196b84a8fb08d9e02ef8cfb338024fa7e6776ff6c8c049b8e63c"
score = 75
quality = 80
@@ -257095,8 +257268,8 @@ rule SEKOIA_Tool_Pchunter_And_Related_Certificate : FILE
date = "2022-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_pchunter_and_related_certificate.yar#L3-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_pchunter_and_related_certificate.yar#L3-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "924a85b2eaec73b628e705b3bb2e464582a71c19317d2023b1422b1b8ad97a51"
score = 75
quality = 80
@@ -257116,8 +257289,8 @@ rule SEKOIA_Generic_Perl_Reverse_Shell : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_perl_reverse_shell.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_perl_reverse_shell.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d0a23db712746bac4684d6b4508dd891caf06d72af153b1a0ab489a93edbfaf4"
score = 75
quality = 80
@@ -257142,8 +257315,8 @@ rule SEKOIA_Dropper_Win_Konni_Cab : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/dropper_win_konni_cab.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/dropper_win_konni_cab.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b49bb875d5ddd4b815da5bd184ec7f1d23cfb7ad316760c9a9876607245d0a95"
score = 75
quality = 80
@@ -257169,8 +257342,8 @@ rule SEKOIA_Apt_Muddywater_Rotrot_Strings : FILE
date = "2024-06-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_muddywater_rotrot_strings.yar#L1-L36"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_muddywater_rotrot_strings.yar#L1-L36"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "425168003d0f14d791e7f46bf47c18652a1f6b66b9329155d2bca72cf0d8126b"
score = 75
quality = 80
@@ -257210,8 +257383,8 @@ rule SEKOIA_Tool_Koblas_Server_Strings : FILE
date = "2024-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_koblas_server_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_koblas_server_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "590f3f71564c347be7b3b2a583606c3854744d0023cde464374cd7b61ec5a2d7"
score = 75
quality = 80
@@ -257237,8 +257410,8 @@ rule SEKOIA_Ursnif_Ldr4
date = "2024-12-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ursnif_ldr4.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ursnif_ldr4.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6fe237c6370a1b99bddb7bee4170d29cbb780dc445f5d5039201ddbaf05c63db"
score = 75
quality = 80
@@ -257273,8 +257446,8 @@ rule SEKOIA_Backdoor_Win_Winordll64
date = "2023-02-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_winordll64.yar#L4-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_winordll64.yar#L4-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "30e6f01f30d6ef11c75e133d309cebc87b69ede8eb38aa14d237760e99b52c54"
score = 75
quality = 80
@@ -257295,8 +257468,8 @@ rule SEKOIA_Dotnet_Injector_New_Payload : FILE
date = "2022-12-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/dotnet_injector_new_payload.yar#L3-L30"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/dotnet_injector_new_payload.yar#L3-L30"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8b5e2f6e7947471e10e0ec85eef1cebe1904c2e77b7cfe92e578ebe306041842"
score = 75
quality = 80
@@ -257328,8 +257501,8 @@ rule SEKOIA_Win_Malware_Agnianestealer : FILE
date = "2023-08-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/win_malware_agnianestealer.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/win_malware_agnianestealer.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0aa40fcb713ab40711108290e8274d783c1336a2c4c03eba2fcc4a44f2ebe39f"
score = 75
quality = 80
@@ -257354,8 +257527,8 @@ rule SEKOIA_Launcher_Win_Mistcloak : FILE
date = "2022-12-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/launcher_win_mistcloak.yar#L4-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/launcher_win_mistcloak.yar#L4-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "fc2731ec4e2917be1ad169908ed324931a93f6998aee606319750b5cc02715e2"
score = 75
quality = 80
@@ -257382,8 +257555,8 @@ rule SEKOIA_Loader_Latrodectus_Dll : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://twitter.com/Myrtus0x0/status/1732997981866209550"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_latrodectus_dll.yar#L1-L35"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_latrodectus_dll.yar#L1-L35"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "57aae1944eded14537cdc1c17b21cfc503687a416551b782fc76f8c7858e936e"
score = 75
quality = 80
@@ -257425,8 +257598,8 @@ rule SEKOIA_Trojan_Android_Cerberus : FILE
date = "2022-01-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_android_cerberus.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_android_cerberus.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "18109733d15c994015646e786a7c6177a1209200fd4c80042db3d48c97c02030"
score = 75
quality = 80
@@ -257456,8 +257629,8 @@ rule SEKOIA_Merlin_Crossplatform : FILE
date = "2022-01-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/merlin_crossplatform.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/merlin_crossplatform.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "975cc4fe0d89383188f9fd3c516d1e853dd6070d7703c0b5b5874dc1e7e6f32a"
score = 75
quality = 80
@@ -257485,8 +257658,8 @@ rule SEKOIA_Apt_Apt29_Malicious_Rdp_File : FILE
date = "2024-10-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt29_malicious_rdp_file.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt29_malicious_rdp_file.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "db326d934e386059cc56c4e61695128e"
hash = "b38e7e8bba44bc5619b2689024ad9fca"
hash = "f58cf55b944f5942f1d120d95140b800"
@@ -257519,8 +257692,8 @@ rule SEKOIA_Loader_Fakebat_Initial_Powershell_May24 : FILE
date = "2024-05-28"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_fakebat_initial_powershell_may24.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_fakebat_initial_powershell_may24.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "6a699df361b0cb2baf1d0b128f795aa9918ebe11daaeb1fa49aebf9320add762"
score = 75
quality = 80
@@ -257547,8 +257720,8 @@ rule SEKOIA_Apt_Susp_Apt28_Uac0063_Hta_Loader
date = "2024-07-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_susp_apt28_uac0063_hta_loader.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_susp_apt28_uac0063_hta_loader.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "332d9db35daa83c5ad226b9bf50e992713bc6a69c9ecd52a1223b81e992bc725"
logic_hash = "494331a8088d350e4e49e67fe64041d451886e501775413f908bd9b3faa98aeb"
score = 65
@@ -257574,8 +257747,8 @@ rule SEKOIA_Apt_Gelsemium_Wolfsbane_Rootkit : FILE
date = "2024-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gelsemium_wolfsbane_rootkit.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gelsemium_wolfsbane_rootkit.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "ba08e63ad65a9bdcdb1655f25d32c808"
logic_hash = "a7440e1b4c0bbff0d80d7152e3bfb0867abe9b0151b45f88aa656f3c9a55b303"
score = 75
@@ -257606,8 +257779,8 @@ rule SEKOIA_Dropper_Win_Ninerat
date = "2023-12-12"
modified = "2024-12-19"
reference = "https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/dropper_win_ninerat.yar#L4-L41"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/dropper_win_ninerat.yar#L4-L41"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "00f69545c7351fba8b45e2b4d21855ba8ae94f2d10df199732665e8f3f00c1b4"
score = 75
quality = 80
@@ -257634,8 +257807,8 @@ rule SEKOIA_Downloader_Win_Fake_Tor_Browser
date = "2022-10-05"
modified = "2024-12-19"
reference = "https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_fake_tor_browser.yar#L4-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_fake_tor_browser.yar#L4-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5fe60673e54a6904f4fd068b04b950b895b18e7766d2e7343eae2b1bba9591f9"
score = 75
quality = 80
@@ -257655,8 +257828,8 @@ rule SEKOIA_Webshell_Wso_Webshell_Strings
date = "2022-04-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/webshell_wso_webshell_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/webshell_wso_webshell_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4d6966a34dc8e7390913857144da106affea14668d1c2c11a05be62a6e625c8f"
score = 75
quality = 80
@@ -257684,8 +257857,8 @@ rule SEKOIA_Apt_Cloudatlas_Powershower_Clean : FILE
date = "2022-12-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_cloudatlas_powershower_clean.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_cloudatlas_powershower_clean.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "24ea6ec0cd8dbcebdf7e42dbd48319562d8682fefd5d0d464a3a5c4b90be40f3"
score = 75
quality = 80
@@ -257712,8 +257885,8 @@ rule SEKOIA_Apt_Gamaredon_Lnk : FILE
date = "2024-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_lnk.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_lnk.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "be73ffca4b88f11e33532cf9a179743508bfa7a60c6f4de98c245b350b5fb910"
score = 75
quality = 80
@@ -257738,8 +257911,8 @@ rule SEKOIA_Apt_Lazarus_Gopuram_Backdoor : FILE
date = "2023-04-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_lazarus_gopuram_backdoor.yar#L3-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_lazarus_gopuram_backdoor.yar#L3-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c019b65d28a7b0edf408a1a159a7535e7e14593bbd42c8df3201108ed02f96c0"
score = 75
quality = 80
@@ -257767,8 +257940,8 @@ rule SEKOIA_Tool_Printnotifypotato : FILE
date = "2023-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_printnotifypotato.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_printnotifypotato.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5d4b7d1582c2b3f53ca5e1ff6e7ff97a677fe8870e94415f7328ea0a0387049c"
score = 75
quality = 80
@@ -257796,8 +257969,8 @@ rule SEKOIA_Unk_Quad7_Updtae_Reverse_Shell_Strings : FILE
date = "2024-08-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/unk_quad7_updtae_reverse_shell_strings.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/unk_quad7_updtae_reverse_shell_strings.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "40b5ac87ff87634c48fdd2cf64ccb66b"
hash = "4b8e97260d9ef6ca774675be682d9c8c"
logic_hash = "0e816716d4d7fd35617b1ac96ae99d68d5b96f64f8bef83d0f6aba2a3fbd9326"
@@ -257828,8 +258001,8 @@ rule SEKOIA_Apt_Apt41_Keyplug_Dropper : FILE
date = "2024-06-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt41_keyplug_dropper.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt41_keyplug_dropper.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a61f57302d8fe58ed8b77542c94159acbc36a3bd52c204171e76e668d10a74e7"
score = 75
quality = 80
@@ -257855,8 +258028,8 @@ rule SEKOIA_Generic_Tor_Hidden_Service_Leading_To_Winports : FILE
date = "2023-09-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_tor_hidden_service_leading_to_winports.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_tor_hidden_service_leading_to_winports.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "39db199ba7fede8df4bdb505b071240dda96b74f66f818f90047dad338dc4a72"
score = 75
quality = 80
@@ -257883,8 +258056,8 @@ rule SEKOIA_Infostealer_Win_Fwit_Strings : FILE
date = "2023-06-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_fwit_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_fwit_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4e28b6d67e2087b2f28817b19812b8bd56227175cd3d9c7037290127d4ec05a5"
score = 75
quality = 80
@@ -257909,8 +258082,8 @@ rule SEKOIA_Hacktool_Mimilite : FILE
date = "2023-12-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_mimilite.yar#L1-L37"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_mimilite.yar#L1-L37"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "504bc58e1c4143cc2322d564b637b0e014a4ead44f56a75fe1202b0d0a2e8bbc"
score = 75
quality = 80
@@ -257953,8 +258126,8 @@ rule SEKOIA_Ransomware_Win_Agenda : FILE
date = "2022-12-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_agenda.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_agenda.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7e315f639c4d785639bf7ed3bd805551366b4da10a664a42bf801c54c6f7bd2d"
score = 75
quality = 80
@@ -257988,8 +258161,8 @@ rule SEKOIA_Tool_Scanline_Strings : FILE
date = "2024-09-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_scanline_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_scanline_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e02ae30451aa5eaffb588e92ecc221bf6ed07097bc493c6a55cf688da8b76151"
score = 75
quality = 80
@@ -258015,8 +258188,8 @@ rule SEKOIA_Infostealer_Win_Whitesnake_Xor_Rc4_July12 : FILE
date = "2023-07-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_whitesnake_xor_rc4_july12.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_whitesnake_xor_rc4_july12.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f14b95e5cb6ffaab14d0890847fe6e9dcfc3ee0b884c34d24d786420e2411a80"
score = 75
quality = 76
@@ -258045,8 +258218,8 @@ rule SEKOIA_Backdoor_Win_Headertip : FILE
date = "2022-03-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_headertip.yar#L4-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_headertip.yar#L4-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "289764df590cd2719d4d4e0dd66f7d8ebb4714d42eea4bb76c47a2b867a113de"
score = 75
quality = 80
@@ -258073,8 +258246,8 @@ rule SEKOIA_Apt_Apt33_Falsefont : FILE
date = "2024-03-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt33_falsefont.yar#L1-L38"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt33_falsefont.yar#L1-L38"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "2eafe15d8e0df1b63b32463c4b44a9dc1d4251d01c15be20e4285c31e75b8348"
score = 75
quality = 53
@@ -258120,8 +258293,8 @@ rule SEKOIA_Apt_Kimsuky_Toddlershark_Obfuscated : FILE
date = "2024-03-06"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_kimsuky_toddlershark_obfuscated.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_kimsuky_toddlershark_obfuscated.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5f067ce32e7fee5cf481d82bb98f4ae10bd7187078bc111b08fc58d043954152"
score = 75
quality = 80
@@ -258147,8 +258320,8 @@ rule SEKOIA_Apt_Apt_K_47_Orpcbackdoor : FILE
date = "2024-02-14"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt_k_47_orpcbackdoor.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt_k_47_orpcbackdoor.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4a05e68eca0954e3bca5ebec6c63bf0535051f8d99f65940b7ed00f49e659f2d"
score = 75
quality = 55
@@ -258176,8 +258349,8 @@ rule SEKOIA_Hacktool_Win_Cookiekatz : FILE
date = "2024-10-30"
modified = "2024-12-19"
reference = "https://github.com/Meckazin/ChromeKatz"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_win_cookiekatz.yar#L1-L36"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_win_cookiekatz.yar#L1-L36"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "fef9fc33a788489af44b2f732c450d4ef018fbaced7f5471230b282dfd6f1169"
logic_hash = "a030f551d0f3dedf0f19e22b415aa87dd1c43ab2242db8b5cad14ae6b7695b3a"
score = 75
@@ -258220,8 +258393,8 @@ rule SEKOIA_Apt_Gamaredon_Lnk_Spreader : FILE
date = "2023-06-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_lnk_spreader.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_lnk_spreader.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "7d6264ce74e298c6d58803f9ebdb4a40b4ce909d02fd62f54a1f8d682d73519a"
logic_hash = "e8a82fd4cdce7bc888184ccf8d182ab5bb53e30de04b02b7c63379bae5d21b1f"
score = 75
@@ -258246,8 +258419,8 @@ rule SEKOIA_Hacktool_Mimikat_Ssp_Strings : FILE
date = "2023-11-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_mimikat_ssp_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_mimikat_ssp_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "06325bf495963db90b14fb16a5f3eafda9e4554f753d04405af51c6041a9b166"
score = 75
quality = 80
@@ -258273,8 +258446,8 @@ rule SEKOIA_Backdoor_Powershellempire_Gen : FILE
date = "2022-04-15"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_powershellempire_gen.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_powershellempire_gen.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "21f255bcfb6da2aa996ed61ff5fb29a9355de6169095f7c3141a1b7f3cea5c2d"
score = 75
quality = 76
@@ -258298,8 +258471,8 @@ rule SEKOIA_Rat_Win_Asyncrat : FILE
date = "2023-01-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rat_win_asyncrat.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rat_win_asyncrat.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5e35b034ba1761fae780429be377b70ae8ce62273670042ff067c38ed8bb5a9e"
score = 75
quality = 80
@@ -258333,8 +258506,8 @@ rule SEKOIA_Infostealer_Win_Enigma_Stealer_Module : FILE
date = "2023-01-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_enigma_stealer_module.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_enigma_stealer_module.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "4d2fb518c9e23c5c70e70095ba3b63580cafc4b03f7e6dce2931c54895f13b2c"
logic_hash = "0a6615d65867a160e1c87fbcfe30090d44d7f5c25b3a904f8719be7b385b14bb"
score = 75
@@ -258369,8 +258542,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_3 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_3.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_3.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ef62075c804080c0450f856b768da84a32f20e2f1ce5714e477b3e6f01d60503"
score = 75
quality = 80
@@ -258396,8 +258569,8 @@ rule SEKOIA_Trojan_Win_Bbtok_Lnk_Sep23 : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://research.checkpoint.com/2023/behind-the-scenes-of-bbtok-analyzing-a-bankers-server-side-components/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_win_bbtok_lnk_sep23.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_win_bbtok_lnk_sep23.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "32bf07e3740399105359b62d8a612dfa731b024e06c9104b71b496919b5efe9e"
logic_hash = "5783487585dde1314c485bdcf3942b7e8b572c0689522ea136240833d2a64f5b"
score = 75
@@ -258425,8 +258598,8 @@ rule SEKOIA_Ransomware_Lin_Avoslocker_Sections : FILE
date = "2022-02-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_lin_avoslocker_sections.yar#L4-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_lin_avoslocker_sections.yar#L4-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "67becae97ccfaf2e62c0329e23a91b1134c265bc83b1fc9091b170a1e04f34d4"
score = 40
quality = 80
@@ -258449,8 +258622,8 @@ rule SEKOIA_Gen_Empire_Onedrive_Stager
date = "2022-01-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/gen_empire_onedrive_stager.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/gen_empire_onedrive_stager.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "90b3548cd3f4f7f936da70ec95dbe0ff3c1421d40a6e8557952d28d358b7c1f1"
score = 75
quality = 76
@@ -258475,8 +258648,8 @@ rule SEKOIA_Implant_Win_Graphiron_Downloader : FILE
date = "2023-02-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/implant_win_graphiron_downloader.yar#L4-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/implant_win_graphiron_downloader.yar#L4-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "f0aa0541cbf3f93ee136cf3235a4935f1c0588b5cdb21203abee9f61baf3f4f2"
score = 75
quality = 80
@@ -258498,8 +258671,8 @@ rule SEKOIA_Rootkit_Diamorphine_Strings : FILE
date = "2024-10-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/rootkit_diamorphine_strings.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/rootkit_diamorphine_strings.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "622675e83bab630adc0f1c6c46c4d6d1"
hash = "013b23213975d2646e2435f058afcacf"
hash = "f068e83721f10ad74bb6f386a4375a91"
@@ -258538,8 +258711,8 @@ rule SEKOIA_Storm_1811_Screenconnect_Update
date = "2024-06-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/storm_1811_screenconnect_update.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/storm_1811_screenconnect_update.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ad61e28566375fd3c029df79e1b608aac921ab8121a43bd01314c9112197c32e"
score = 75
quality = 55
@@ -258570,8 +258743,8 @@ rule SEKOIA_Backoor_Win_Tinyturla_Ng : FILE
date = "2024-03-04"
modified = "2024-12-19"
reference = "https://blog.talosintelligence.com/tinyturla-next-generation/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backoor_win_tinyturla_ng.yar#L3-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backoor_win_tinyturla_ng.yar#L3-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a2fe2187e0cdd02fa31cbbecd600d044d4d12788ea6f76086aef7e77cbf232a0"
score = 75
quality = 80
@@ -258600,8 +258773,8 @@ rule SEKOIA_Ransomware_Win_Voidcrypt : FILE
date = "2021-10-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_voidcrypt.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_voidcrypt.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7e28bae5830df779bf2367482fb966f5cab691a6c8c474950f7442d8fec054a0"
score = 75
quality = 80
@@ -258626,8 +258799,8 @@ rule SEKOIA_Trojan_Win_Grandoreiro : FILE
date = "2022-08-24"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_win_grandoreiro.yar#L1-L26"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_win_grandoreiro.yar#L1-L26"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "7424478b0cdfe922c2f98bf42e505f22fb0700cfeb54912630ce404c59b05c5e"
score = 75
quality = 80
@@ -258659,8 +258832,8 @@ rule SEKOIA_Hacktool_Iox_Tunneling : FILE
date = "2022-10-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_iox_tunneling.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_iox_tunneling.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e15df032864799e282ee89402d22b82e5d4b8f469ec292575a1bcb78d24db012"
score = 75
quality = 80
@@ -258688,8 +258861,8 @@ rule SEKOIA_Apt_Icepeony_Icecache : FILE
date = "2024-10-21"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_icepeony_icecache.yar#L1-L46"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_icepeony_icecache.yar#L1-L46"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "38708c33dafb5625ddde1030a7efa7db"
hash = "1e102c8909b2bf71c626b81f7526ee01"
hash = "34bc3c586a48f836b00aff59fe891b30"
@@ -258742,8 +258915,8 @@ rule SEKOIA_Apt_Unc4990_Emptyspace_Pyc : FILE
date = "2024-02-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unc4990_emptyspace_pyc.yar#L1-L43"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unc4990_emptyspace_pyc.yar#L1-L43"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "98e9c848f6b6276815b040681d7f36548b367257bb75d133309e89e8572a50b7"
score = 75
quality = 78
@@ -258795,8 +258968,8 @@ rule SEKOIA_Crybercrime_Prophetspider_Proxy : FILE
date = "2022-02-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/crybercrime_prophetspider_proxy.yar#L3-L41"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/crybercrime_prophetspider_proxy.yar#L3-L41"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "711ef3fc6ac488200415b7178c7f639ad9f6c72077bbebac2e6d5e0bed7120dd"
score = 75
quality = 80
@@ -258843,8 +259016,8 @@ rule SEKOIA_Backdoor_Win_Kimsuky : FILE
date = "2024-06-04"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_kimsuky.yar#L4-L38"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_kimsuky.yar#L4-L38"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ba40427f7e305a6e6cec6bb0165b49e6ce215ecf66fc2e05954c10e4d9acf9b0"
score = 75
quality = 80
@@ -258866,8 +259039,8 @@ rule SEKOIA_Darkriver_Encodedurl : FILE
date = "2023-10-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/darkriver_encodedurl.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/darkriver_encodedurl.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9477ec39cc1d4cfad676d071748e7e1918a3996b342663cb0a01658846bbf9f5"
score = 75
quality = 80
@@ -258895,8 +259068,8 @@ rule SEKOIA_Infostealer_Win_Solarmarker_Dll : FILE
date = "2022-12-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_solarmarker_dll.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_solarmarker_dll.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5be0a95adb7e486cdec5f0e8433afed41516fc1a990e1d1ba00db7e8fb32dbbb"
score = 75
quality = 80
@@ -258929,8 +259102,8 @@ rule SEKOIA_Guloader_Unpacker_Decoded : FILE
date = "2024-02-07"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/guloader_unpacker_decoded.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/guloader_unpacker_decoded.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5de4a147b2dea8a144905b7f1786199bfeef3006ac58179409cfd3dcaa116725"
score = 75
quality = 80
@@ -258956,8 +259129,8 @@ rule SEKOIA_Stealer_Win_Demotryspy : FILE
date = "2024-02-09"
modified = "2024-12-19"
reference = "https://paper.seebug.org/3115/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/stealer_win_demotryspy.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/stealer_win_demotryspy.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "b7a910e4d394d2122e6b4fe76daa6691a642396e27f7a47d09232f4b7eb424ee"
score = 75
quality = 80
@@ -258986,8 +259159,8 @@ rule SEKOIA_Storm_1811_Files_Dat
date = "2024-06-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/storm_1811_files_dat.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/storm_1811_files_dat.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d1d5b76671cefe8b876ca8df50205a04ebbcd973f115919b901f6a7946492904"
score = 75
quality = 80
@@ -259019,8 +259192,8 @@ rule SEKOIA_Tool_Generic_Python_Reverse_Shell_Strings : FILE
date = "2024-04-16"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_generic_python_reverse_shell_strings.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_generic_python_reverse_shell_strings.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "bb4fcef595f4be035815f536786987ac1343727f16c0560a1cb593e854ba8f17"
score = 75
quality = 80
@@ -259044,8 +259217,8 @@ rule SEKOIA_Infostealer_Win_Vidar_Strings_Nov23 : FILE
date = "2023-11-10"
modified = "2024-12-19"
reference = "https://twitter.com/crep1x/status/1722652451319202242"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_vidar_strings_nov23.yar#L1-L33"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_vidar_strings_nov23.yar#L1-L33"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "1a2fc421fb4058b78de28d97d69b126e685f7677b7998f5b6ae3cbcee0ef3f00"
score = 75
quality = 80
@@ -259085,8 +259258,8 @@ rule SEKOIA_Tool_Sharpefspotato_Strings : FILE
date = "2023-06-20"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_sharpefspotato_strings.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_sharpefspotato_strings.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "4987b0d728472186a255adc1fba2d72288dd1f2b368212afd08ea8d7ff18e992"
score = 75
quality = 80
@@ -259113,8 +259286,8 @@ rule SEKOIA_Infostealer_Win_Eternity : FILE
date = "2022-03-23"
modified = "2024-12-19"
reference = "hxxp://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.]onion/threads/62331/"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_eternity.yar#L3-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_eternity.yar#L3-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "06f0f7f51100278160f5bc4f588bb6a9d749be308f879bd5704666bf90764bf9"
score = 75
quality = 80
@@ -259147,8 +259320,8 @@ rule SEKOIA_Apt_Shadowpad_First_Called_Function : FILE
date = "2023-01-30"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_shadowpad_first_called_function.yar#L1-L36"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_shadowpad_first_called_function.yar#L1-L36"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a40db3fad01f4177973fd50bd489e5c4ff6d3592dfff063c2c31694007c31e0b"
score = 75
quality = 80
@@ -259191,8 +259364,8 @@ rule SEKOIA_Apt_Susp_Apt28_Uac0063_Malicious_Doc : FILE
date = "2024-07-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_susp_apt28_uac0063_malicious_doc.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "93322be0785556e627d2b09832c18e39c115e6a6fbff64b1e590e1ddcf8f6a43"
logic_hash = "27aeadbb76dd4e670a85e8fcd1e885b69845537dd937aacc1808902e75008848"
score = 65
@@ -259218,8 +259391,8 @@ rule SEKOIA_Apt_Apt29_Wineloader_Malicious_Hta
date = "2024-03-25"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_apt29_wineloader_malicious_hta.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_apt29_wineloader_malicious_hta.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "efafcd00b9157b4146506bd381326f39"
logic_hash = "0cc4692e5ff3f258c287f28030147f725d6a534c4f2f7a2a4ff49a305b7fd13d"
score = 75
@@ -259245,8 +259418,8 @@ rule SEKOIA_Apt_Implant_Xdealer_Vbs_Launcher_Strings : FILE
date = "2024-03-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_implant_xdealer_vbs_launcher_strings.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_implant_xdealer_vbs_launcher_strings.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e206189fd21ed7b3bf48a51d955df9055b7f7aa502b7fac52b274cc414adea0d"
score = 75
quality = 80
@@ -259271,8 +259444,8 @@ rule SEKOIA_Apt_Unc4990_Explorer_Ps1
date = "2024-02-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_unc4990_explorer_ps1.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_unc4990_explorer_ps1.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "5085f738e23b801c7e36408d189755086d91c0bb266af6738c80510eb85e598f"
score = 75
quality = 80
@@ -259299,8 +259472,8 @@ rule SEKOIA_Infostealer_Win_Xehook_Str : FILE
date = "2024-06-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/infostealer_win_xehook_str.yar#L1-L32"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/infostealer_win_xehook_str.yar#L1-L32"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "543ec3b523e5f00d3c285e453c8d11f3d5c7778b2986b7fe03f2d62ff18c2778"
score = 75
quality = 80
@@ -259339,8 +259512,8 @@ rule SEKOIA_Apt_Mustangpanda_Windows_Shellcode_Decryptionalgorithm : FILE
date = "2022-12-05"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_mustangpanda_windows_shellcode_decryptionalgorithm.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "a2ad3bd4dcbee3e23762b674ee8b6717e7ece712b0128145518bfa5d2e4bd66a"
score = 75
quality = 80
@@ -259375,8 +259548,8 @@ rule SEKOIA_Apt_Toddycat_Tomberbil_Strings : FILE
date = "2024-04-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_toddycat_tomberbil_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_toddycat_tomberbil_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "92da6ba86cffec75a9af90a513840672b023c81baa9aedb2b706534cc39ecc09"
score = 75
quality = 80
@@ -259404,8 +259577,8 @@ rule SEKOIA_Loader_Win_Konni_Bat : FILE
date = "2023-09-26"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_konni_bat.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_konni_bat.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "3476e41461692c3ccfc0ef47a4d5b8822c4940987755763d2a5913e27d9350d4"
score = 75
quality = 80
@@ -259435,8 +259608,8 @@ rule SEKOIA_Backdoor_Sandman_Strings : FILE
date = "2022-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_sandman_strings.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_sandman_strings.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "74ee1b73532d9050d5ed7ea0bed158322288a2f5b65255804ebf10dc1a4ea55b"
score = 75
quality = 80
@@ -259466,8 +259639,8 @@ rule SEKOIA_Tool_Nping_Strings : FILE
date = "2022-08-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_nping_strings.yar#L1-L20"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_nping_strings.yar#L1-L20"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0c7216438e9c974d889e4ccc8cdb99ab18d1dc403820d60914b80ff9bc4528fa"
score = 75
quality = 80
@@ -259494,8 +259667,8 @@ rule SEKOIA_Backdoor_Win_Rokrat : FILE
date = "2023-07-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/backdoor_win_rokrat.yar#L1-L31"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/backdoor_win_rokrat.yar#L1-L31"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "42e0b8583570d32a5d6a5bed175a53951e7d68d8471a283ef245686621dc01c4"
score = 75
quality = 80
@@ -259528,8 +259701,8 @@ rule SEKOIA_Apt_Qnapworm_Loader_May2022 : FILE
date = "2022-05-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_qnapworm_loader_may2022.yar#L1-L28"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_qnapworm_loader_may2022.yar#L1-L28"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "d31fdaaacd417a4191e79e3a287e84c55109158eaacc789b2129e2ba94e443f6"
score = 75
quality = 80
@@ -259564,8 +259737,8 @@ rule SEKOIA_Apt_Gamaredon_Vbs_Downloader : FILE
date = "2023-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_vbs_downloader.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_vbs_downloader.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "e3ae516ea18f2912b7f0fb7864542ae609167fb29751b87cbf6f9cd34ec858ba"
score = 75
quality = 68
@@ -259593,8 +259766,8 @@ rule SEKOIA_Malware_Valleyrat_1Ststage_Strings : FILE
date = "2024-06-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/malware_valleyrat_1ststage_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/malware_valleyrat_1ststage_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "78c45b8bd9241646512483d179d48b0e42e97fa1c18d6afd1af4423f7b7ce3c6"
score = 75
quality = 80
@@ -259621,8 +259794,8 @@ rule SEKOIA_Hacktool_Defendercontrol_Strings : FILE
date = "2022-03-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_defendercontrol_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_defendercontrol_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "8372ab6f922471c28b528d908527f52d393cf6e6308d6acad882d6d5862df43c"
score = 75
quality = 80
@@ -259647,8 +259820,8 @@ rule SEKOIA_Downloader_Win_Cobianrat : FILE
date = "2024-08-23"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/downloader_win_cobianrat.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/downloader_win_cobianrat.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "7a70779d9d7de5e370fac0fa2d4ccd13"
hash = "2ce40599a4990680db3af5defcd5381a"
hash = "56515c48f82475e7bb6a26b027a459d7"
@@ -259679,8 +259852,8 @@ rule SEKOIA_Tool_Soaphound_Strings : FILE
date = "2024-11-12"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_soaphound_strings.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_soaphound_strings.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "b2a953590d75213388473fb51e6b5f2f"
logic_hash = "14ff92230d0999a39a6e1042f5c42b5ae275d90ece3d74727e5da44c569a93eb"
score = 75
@@ -259707,8 +259880,8 @@ rule SEKOIA_Observerstealer : FILE
date = "2024-02-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/observerstealer.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/observerstealer.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "690bd5a16e780884641a66f06256a4147c092788f155644a8589d38b70dc4acc"
score = 75
quality = 55
@@ -259736,8 +259909,8 @@ rule SEKOIA_Trojan_Android_Brata : FILE
date = "2022-01-27"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/trojan_android_brata.yar#L1-L29"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/trojan_android_brata.yar#L1-L29"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0c94e5e0c01d4fa9bf28603787029938a3159f468dd3876e7d25646e93dd68b8"
score = 75
quality = 80
@@ -259770,8 +259943,8 @@ rule SEKOIA_Tool_Rubeus_Strings : FILE
date = "2024-03-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_rubeus_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_rubeus_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "adc6a5207bb15c8020ca170564ea9066b2c0b0e09839d6838744c623f59153cf"
score = 75
quality = 80
@@ -259801,8 +259974,8 @@ rule SEKOIA_Apt_Gamaredon_Htmlsmuggling_2024 : FILE
date = "2024-09-09"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_htmlsmuggling_2024.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_htmlsmuggling_2024.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "ab2807824e68d5efb4c896e1af82e693"
hash = "926b7e65d0d61cd6ba9e085193ae8b1d"
logic_hash = "9cd82f497fd7b82f02fec4ce1d131cd2685861c7c02aaae992e07a7d8bd30595"
@@ -259833,8 +260006,8 @@ rule SEKOIA_Loader_Win_Goshellcode : FILE
date = "2023-11-15"
modified = "2024-12-19"
reference = "https://github.com/yoda66/GoShellcode/blob/main/gosc.go"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/loader_win_goshellcode.yar#L1-L23"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/loader_win_goshellcode.yar#L1-L23"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "48ec87f284fbd14cbdb6b6b0f2e0fa6eb5ea19f112648660e0b8e525c562e3fc"
score = 75
quality = 80
@@ -259864,8 +260037,8 @@ rule SEKOIA_Dropper_Mac_Lazarus_Manuscrypt : FILE
date = "2022-04-19"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/dropper_mac_lazarus_manuscrypt.yar#L1-L21"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/dropper_mac_lazarus_manuscrypt.yar#L1-L21"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156"
hash = "9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa"
logic_hash = "dbe75a34f91906fc275c04af0fc068923993bab37a7574b3fe38733d87f31835"
@@ -259893,8 +260066,8 @@ rule SEKOIA_Apt_Gobrat_2 : FILE
date = "2024-09-10"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gobrat_2.yar#L1-L16"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gobrat_2.yar#L1-L16"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9f2fdbe2cc39c91b2ac8904fb29a0142bf770859d17590017920203641860a13"
score = 75
quality = 80
@@ -259918,8 +260091,8 @@ rule SEKOIA_Hacktool_Earthworm_Strings : FILE
date = "2022-02-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_earthworm_strings.yar#L1-L22"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_earthworm_strings.yar#L1-L22"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "0460c62fefc3d594ca758a37fbe1716182ffdca2920fedd32a707f7117702176"
score = 75
quality = 80
@@ -259945,8 +260118,8 @@ rule SEKOIA_Ransomware_Win_Masons_Jan2023 : FILE
date = "2023-02-13"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/ransomware_win_masons_jan2023.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/ransomware_win_masons_jan2023.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "05badf0364c6f61cd081a3ae64bc92b48e6f59c026a5d6b5b68acd5a8987cf91"
score = 75
quality = 80
@@ -259972,8 +260145,8 @@ rule SEKOIA_Apt_Gamaredon_Gammaload_Maliciouslnk : FILE
date = "2022-08-01"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_gamaredon_gammaload_maliciouslnk.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "94ba156cd6697a9999b6a4f78c4356ea3382b7b3e7a1af79d488aa34df2c3b40"
score = 75
quality = 80
@@ -259997,8 +260170,8 @@ rule SEKOIA_Tool_Realblindingedr_Strings : FILE
date = "2024-09-11"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/tool_realblindingedr_strings.yar#L1-L24"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/tool_realblindingedr_strings.yar#L1-L24"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
hash = "cb6219e2b6577b8d4a18114d595e10d7"
hash = "d0a251709c24a8f4c26d456dea22d90f"
logic_hash = "7b6a54c935bb40bd1be1d25be452d7185fd6f9dacbd7cbcde7cb37dfea09775e"
@@ -260030,8 +260203,8 @@ rule SEKOIA_Merlin_Win_Dll : FILE
date = "2022-01-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/merlin_win_dll.yar#L4-L42"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/merlin_win_dll.yar#L4-L42"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "eefaed10bd3accc884673437a1cc6b8c503db4ef797e58bd95daec36a297c4be"
score = 75
quality = 80
@@ -260058,8 +260231,8 @@ rule SEKOIA_Hacktool_Mimikatz_Obfuscated : FILE
date = "2022-07-22"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/hacktool_mimikatz_obfuscated.yar#L1-L25"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/hacktool_mimikatz_obfuscated.yar#L1-L25"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "9f75e10122df0f57382e939d82b0ab4047d3d42f198c59faa22177d6d5d9afd7"
score = 75
quality = 80
@@ -260091,8 +260264,8 @@ rule SEKOIA_Generic_Sharpshooter_Payload_2 : FILE
date = "2023-02-03"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_sharpshooter_payload_2.yar#L1-L17"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_sharpshooter_payload_2.yar#L1-L17"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "c26779cd35d6430da3629df8b310356d663c05e82db0aca0fc974bc3a298c92e"
score = 75
quality = 80
@@ -260117,8 +260290,8 @@ rule SEKOIA_Apt_Andariel_Dorarat_Strings : FILE
date = "2024-06-17"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/apt_andariel_dorarat_strings.yar#L1-L19"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/apt_andariel_dorarat_strings.yar#L1-L19"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "21e1c77d486cbf6ddaa2eca673275c7c21cc59fa9551c2eb02c526518ed5b217"
score = 75
quality = 80
@@ -260144,8 +260317,8 @@ rule SEKOIA_Generic_Python_Reverse_Shell : FILE
date = "2023-12-08"
modified = "2024-12-19"
reference = "https://github.com/SEKOIA-IO/Community"
- source_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/yara_rules/generic_python_reverse_shell.yar#L1-L18"
- license_url = "https://github.com/SEKOIA-IO/Community/blob/80f51fd7496e3df4d2e166a34f8235e76f4aa1bf/LICENSE.md"
+ source_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/yara_rules/generic_python_reverse_shell.yar#L1-L18"
+ license_url = "https://github.com/SEKOIA-IO/Community/blob/eb4a01ac59073178c241b45b6def27c8873569e3/LICENSE.md"
logic_hash = "ced9923ef8018796545d93d9ac8ba3138dd7d4e79db742eb3babcd94c8d3c304"
score = 75
quality = 80
@@ -260166,7 +260339,7 @@ rule SEKOIA_Generic_Python_Reverse_Shell : FILE
* YARA Rule Set
* Repository Name: Synacktiv
* Repository: https://github.com/synacktiv/synacktiv-rules
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: d234cc4da0783db7dca56ae8dd5252afdc248df8
* Number of Rules: 8
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -260523,7 +260696,7 @@ rule SYNACKTIV_MAL_Linkpro_Arpdiag_ELF_KO_Oct25 : FILE
* YARA Rule Set
* Repository Name: ArtifactDrop
* Repository: https://github.com/matthieugras/artifact-drop/
- * Retrieval Date: 2026-02-01
+ * Retrieval Date: 2026-02-08
* Git Commit: d2bcbe820bc134a4ed672ef6013498f856561af4
* Number of Rules: 1
* Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -260582,10 +260755,10 @@ rule ARTIFACTDROP_Go_Reflectiveloader_Decryption_Loop : FILE
* YARA Rule Set
* Repository Name: Signature Base
* Repository: https://github.com/Neo23x0/signature-base
- * Retrieval Date: 2026-02-01
- * Git Commit: 6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6
- * Number of Rules: 4405
- * Skipped: 0 (age), 8 (quality), 4 (score), 0 (importance)
+ * Retrieval Date: 2026-02-08
+ * Git Commit: 63ed72f6a9032086f706578a6688d3072787612c
+ * Number of Rules: 4415
+ * Skipped: 0 (age), 7 (quality), 4 (score), 0 (importance)
*
*
* LICENSE
@@ -260639,8 +260812,8 @@ private rule SIGNATURE_BASE_Hatman_Mftmsr_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L65-L73"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L65-L73"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a03a3f5c583843acb216a8edefceaa1e89248fe72db49bcd906d2183998b1674"
score = 75
quality = 85
@@ -260664,8 +260837,8 @@ private rule SIGNATURE_BASE_Hatman_Origcode_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L58-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L58-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f6286e084bdbf3e2730a1aa3b7e302c1611c987447e083780e2d03000d1d226e"
score = 75
quality = 85
@@ -260687,8 +260860,8 @@ private rule SIGNATURE_BASE_Hatman_Loadoff_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L74-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L74-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "70d33c40b919d1852eded8c4afa96978c8b4503f95fb4a48e1d8b89864b77d38"
score = 75
quality = 85
@@ -260712,8 +260885,8 @@ private rule SIGNATURE_BASE_Hatman_Origaddr_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L51-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L51-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9f775326dc0496662fbec98438e0273c51a88a434542dfcabd6e8b11131ab3e"
score = 75
quality = 85
@@ -260735,8 +260908,8 @@ private rule SIGNATURE_BASE_Hatman_Memcpy_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L29-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L29-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e1566cc09e1ddd70cdb3b199f6972931f84a29ae2ef4815a5ecf1fe42afe42b"
score = 75
quality = 85
@@ -260760,8 +260933,8 @@ private rule SIGNATURE_BASE_Hatman_Nullsub_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L45-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L45-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e7a7494e68450a03aeddfaa1fd0a3fb3cff06684d5bb0c4615571e698293fe3"
score = 75
quality = 85
@@ -260782,8 +260955,8 @@ private rule SIGNATURE_BASE_Hatman_Dividers_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L38-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L38-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "92ec47ea81b78ec9b05f5c17164daaef7112c8590b4443f70cf3bf2efd108e1f"
score = 75
quality = 85
@@ -260805,8 +260978,8 @@ private rule SIGNATURE_BASE_Hatman_Setstatus_PRIVATE : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L21-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L21-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "264292bbc479413bf70f05b96bcea3c856906eb8c711720831bea9b887a7ffb0"
score = 75
quality = 85
@@ -260829,8 +261002,8 @@ rule SIGNATURE_BASE_Apt_CN_Tetris_JS_Advanced_1 : FILE
date = "2020-09-06"
modified = "2023-12-05"
reference = "https://imp0rtp3.wordpress.com/2021/08/12/tetris"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tetris.yar#L2-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tetris.yar#L2-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec4ba53fea05c5331ed900b8c7da4cddd4ab64e87dfc165ac18d72d22f754d87"
score = 75
quality = 85
@@ -260857,8 +261030,8 @@ rule SIGNATURE_BASE_Apt_CN_Tetrisplugins_JS : FILE
date = "2020-09-06"
modified = "2023-12-05"
reference = "https://imp0rtp3.wordpress.com/2021/08/12/tetris"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tetris.yar#L34-L114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tetris.yar#L34-L114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa77d622584e79c86139b9c0f0b8ff46fc10461d0776e46c93490b6bb667afcf"
score = 75
quality = 60
@@ -260919,8 +261092,8 @@ rule SIGNATURE_BASE_APT28_CHOPSTICK : FILE
date = "2015-06-02"
modified = "2023-12-05"
reference = "https://goo.gl/v3ebal"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28.yar#L10-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28.yar#L10-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f4db2e0881f83f6a2387ecf446fcb4a4c9f99808"
logic_hash = "750b2d5157856e0ffd840406eec601ded51ced7ccb20b577f336bbaf32681835"
score = 60
@@ -260951,8 +261124,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware1 : FILE
date = "2015-06-01"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28.yar#L34-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28.yar#L34-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ec1e5db74b5abe1da0d454b5e901bd808a0be318235f25d713cfdc4aea8d6d7"
score = 60
quality = 85
@@ -260977,8 +261150,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware2 : FILE
date = "2015-06-01"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28.yar#L52-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28.yar#L52-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed0424e61ca3243241e32d4f744398d263d7e35de15d94e9c6f816dc7349c267"
score = 60
quality = 85
@@ -261007,8 +261180,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware3 : FILE
date = "2015-06-01"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28.yar#L74-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28.yar#L74-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "894fc2913cf1fa8aecb3052e762d4403124fcbdb2148edb23a9117c2f2b8eddc"
score = 60
quality = 85
@@ -261041,8 +261214,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Dropper_1 : RUSSIA FILE
date = "2021-05-24"
modified = "2023-12-05"
reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28.yar#L103-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28.yar#L103-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9e29ed985fac8701f72f0860fe101272c3c3342ef6857e30d32f5fea14822945"
score = 75
quality = 85
@@ -261066,8 +261239,8 @@ rule SIGNATURE_BASE_MAL_ELF_Reverseshell_Sslshell_Jun23_1 : CVE_2023_2868 FILE
date = "2023-06-07"
modified = "2023-12-05"
reference = "https://www.barracuda.com/company/legal/esg-vulnerability"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_barracuda_cve_2023_2868.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_barracuda_cve_2023_2868.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57e9afb2f6928656242b8257cc3b98ae3b03e38c75ad40b544e3fc6afaea794d"
score = 75
quality = 85
@@ -261090,8 +261263,8 @@ rule SIGNATURE_BASE_MAL_ELF_SALTWATER_Jun23_1 : CVE_2023_2868 FILE
date = "2023-06-07"
modified = "2023-12-05"
reference = "https://www.barracuda.com/company/legal/esg-vulnerability"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_barracuda_cve_2023_2868.yar#L21-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_barracuda_cve_2023_2868.yar#L21-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb35898c0ee726170da93b4364920ac065f083f9f02db8eb5d293b1ce127cb78"
score = 80
quality = 85
@@ -261120,8 +261293,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Ragna_Locker_Apr20_1 : FILE
date = "2020-04-27"
modified = "2023-12-05"
reference = "https://otx.alienvault.com/indicator/file/c2bd70495630ed8279de0713a010e5e55f3da29323b59ef71401b12942ba52f6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_ragna_locker.yar#L3-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_ragna_locker.yar#L3-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05a18818f22c836c3e1f1fa9682d787bbe86e6d3bb026a80a7d4c33ad95c2cd3"
score = 75
quality = 85
@@ -261160,8 +261333,8 @@ rule SIGNATURE_BASE_MAL_Ransom_Ragnarlocker_July_2020_1 : FILE
date = "2020-07-30"
modified = "2023-12-05"
reference = "https://twitter.com/JAMESWT_MHT/status/1288797666688851969"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_ragna_locker.yar#L38-L70"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_ragna_locker.yar#L38-L70"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dc44da2f9023e0702afa8081e85ba817ebfde15f449261fae9de729d51262b04"
score = 75
quality = 83
@@ -261203,8 +261376,8 @@ rule SIGNATURE_BASE_MAL_Kwampirs_Apr18 : KWAMPIRS
date = "2018-04-23"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kwampirs.yar#L1-L70"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kwampirs.yar#L1-L70"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9387c46b9e3fff90415c46af270d143bdeb6292f2521d889b8d6ae726a4cf3b"
score = 75
quality = 85
@@ -261280,8 +261453,8 @@ rule SIGNATURE_BASE_APT_SH_Codecov_Hack_Apr21_1 : FILE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://about.codecov.io/security-update/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_codecov_hack.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_codecov_hack.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1aa7723982a1b675ba6694f1af0eb28e5926b974874580bd727cf33a3f8d893a"
score = 75
quality = 85
@@ -261303,8 +261476,8 @@ rule SIGNATURE_BASE_Merlinagent
date = "2017-12-26"
modified = "2023-12-05"
reference = "https://github.com/Ne0nd0g/merlin"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_merlin_agent.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_merlin_agent.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21743230556cc11a78942de30be476ad8e73731bbda9a4feb83bd8140a703d01"
score = 75
quality = 85
@@ -261338,8 +261511,8 @@ rule SIGNATURE_BASE_Indetectables_RAT : FILE
date = "2015-10-01"
modified = "2023-12-05"
reference = "http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_indetectables_rat.yar#L8-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_indetectables_rat.yar#L8-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "840a0c92ac731d9e88d0bdccb39598e4ff476e8630ec08f6c4024a31e258ebd0"
score = 75
quality = 85
@@ -261374,8 +261547,8 @@ rule SIGNATURE_BASE_Bergsilva_Malware : FILE
date = "2015-10-01"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_indetectables_rat.yar#L35-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_indetectables_rat.yar#L35-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "03b823040a057ffbef9bcb3094a672fd75e141f3e82c77548adbe1c465d329fb"
score = 75
quality = 85
@@ -261406,8 +261579,8 @@ rule SIGNATURE_BASE_APT_KE3CHANG_TMPFILE : APT KE3CHANG TMPFILE FILE
date = "2020-06-18"
modified = "2023-12-05"
reference = "https://app.any.run/tasks/a96f4f9d-c27d-490b-b5d3-e3be0a1c93e9/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ke3chang.yar#L1-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ke3chang.yar#L1-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "75c97fe2eeb82e09f52e98d76bd529824f171da4c802b5febc1036314d8145f0"
score = 75
quality = 85
@@ -261435,8 +261608,8 @@ rule SIGNATURE_BASE_APT_MAL_Ke3Chang_Ketrican_Jun20_1 : FILE
date = "2020-06-18"
modified = "2023-12-05"
reference = "BfV Cyber-Brief Nr. 01/2020"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ke3chang.yar#L23-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ke3chang.yar#L23-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2806de18432dbab24f08c7c2863fd694c91192cf7df4388dfeb87b237f22257"
score = 75
quality = 85
@@ -261462,8 +261635,8 @@ rule SIGNATURE_BASE_Exploit_MS15_077_078 : FILE
date = "2015-07-21"
modified = "2023-12-05"
reference = "https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2015_2426.yar#L10-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2015_2426.yar#L10-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "354219a1ed88c891c64513a057266199919406309460d92792a4be509f9580a1"
score = 75
quality = 85
@@ -261498,8 +261671,8 @@ rule SIGNATURE_BASE_Exploit_MS15_077_078_Hackingteam : FILE
date = "2015-07-21"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2015_2426.yar#L38-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2015_2426.yar#L38-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c94582629e555c9fd0b29302720078a7eb47d3013d0c1b5edd4e060c2062fa92"
score = 75
quality = 85
@@ -261529,8 +261702,8 @@ rule SIGNATURE_BASE_Apt28_Win_Zebrocy_Golang_Loader_Modified : FILE
date = "2018-12-25"
modified = "2023-12-05"
reference = "https://www.vkremez.com/2018/12/lets-learn-progression-of-apt28sofacy.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_zebrocy.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_zebrocy.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "799f4457eb2bdeeb7c9383e2b4e9572a41d9adbfe4a1a9c3b0fa1c9fc6077e40"
score = 75
quality = 79
@@ -261560,8 +261733,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_1 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L10-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L10-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e024767797fb146b92d6e8c549597c0cda7c2f8fb961299a3808b9b2e924666"
score = 75
quality = 85
@@ -261587,8 +261760,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_2 : FILE
date = "2017-04-03"
modified = "2023-01-06"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L28-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L28-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dff8623c35c83c20fb525209ec9aa5d77b51fa494eb557845a8320c77746c02f"
score = 90
quality = 85
@@ -261623,8 +261796,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_3 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L59-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L59-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d15b4c277e2c4dfe300f242e4cc9b217981166191a47939ca437c55391874b5d"
score = 75
quality = 85
@@ -261653,8 +261826,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Dropper_1 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L81-L94"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L81-L94"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee0caf8a08db9a2a83f10178e2ee890b6b0bc6e699ebb3d01fa94fa48c6dfdee"
score = 75
quality = 85
@@ -261677,8 +261850,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_4 : FILE
date = "2017-04-03"
modified = "2023-01-06"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L96-L112"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L96-L112"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b39531e4af93ab026381a1114efe00fa01fb45860ddb512dbfa436471644e20"
score = 75
quality = 85
@@ -261703,8 +261876,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_5 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L114-L134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L114-L134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b91ac8f450843c7c85e8d056218aff671bb0f345d16a7ba3f4180ac008bf318"
score = 75
quality = 85
@@ -261732,8 +261905,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_6 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L136-L152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L136-L152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f165912001c5e2eb48cef46df12220f7f7a53e908a6af571bb4932c50e355388"
score = 75
quality = 85
@@ -261759,8 +261932,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_7 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L154-L168"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L154-L168"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01993e785fb7d5de9ea629d31725e86fa169b70dcde9716a5da0b646ac88864a"
score = 75
quality = 85
@@ -261784,8 +261957,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_8 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L170-L189"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L170-L189"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a27b041a1ff0fae3d06d8050fe3207435cb84f421099dc1cad8f8a503e976860"
score = 75
quality = 85
@@ -261814,8 +261987,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_9 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L191-L205"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L191-L205"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f45159a508ce8ccb5ab57c7347916642f58ab1b6e0a8886ba53e4810ed65c5c1"
score = 75
quality = 85
@@ -261839,8 +262012,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_10 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L207-L222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L207-L222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "538754e6daadd3efa3e77723dce7143fecad28cf94caa1b29a2d45df44b14ee4"
score = 75
quality = 85
@@ -261865,8 +262038,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_11 : FILE
date = "2017-04-03"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L224-L240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L224-L240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7935d3aeef0d4c94a00dd44942a1ba97d0c9fce848914ebc9c59d9f8e9f51599"
score = 75
quality = 85
@@ -261891,8 +262064,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Lockdown : FILE
date = "2017-04-07"
modified = "2023-12-05"
reference = "https://github.com/maaaaz/impacket-examples-windows"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L251-L265"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L251-L265"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3f24c08817bc94bb4b7d09d51bed62f43952f2c66338f29c4bc8e9000b3ff78a"
score = 75
quality = 85
@@ -261916,8 +262089,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Windowxarbot : FILE
date = "2017-04-07"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L267-L279"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L267-L279"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d8a9c25032c5371e843f8e80884e43a64c73b1644605b39b2dff11104c3bbcd"
score = 75
quality = 85
@@ -261939,8 +262112,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Wmidll_Inmemory
date = "2017-04-07"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L281-L293"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L281-L293"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6dddda4e519eeaa67eb4c21151cab10553420a23a077751e0fc45fcae0bf6e69"
score = 75
quality = 85
@@ -261962,8 +262135,8 @@ rule SIGNATURE_BASE_VBS_Wmiexec_Tool_Apr17_1 : FILE
date = "2017-04-07"
modified = "2023-12-05"
reference = "https://github.com/maaaaz/impacket-examples-windows"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_cloudhopper.yar#L295-L318"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_cloudhopper.yar#L295-L318"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b0aad1c8dfc07ae3df835ae113bd02abfd706a0646ffcac5dd5691822016d31a"
score = 75
quality = 85
@@ -261995,8 +262168,8 @@ rule SIGNATURE_BASE_RAT_AAR
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/AAR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a206b3f5cf6cc870135bc267b5baab8333422dc917efce6c66ee907690592d09"
score = 75
quality = 85
@@ -262024,8 +262197,8 @@ rule SIGNATURE_BASE_RAT_Adzok
date = "2015-01-05"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Adzok"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L24-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L24-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee3291a4396ba6cb3c5e22229de4f5e45714b29bfeac1c56bde6d038a9d25458"
score = 75
quality = 85
@@ -262056,8 +262229,8 @@ rule SIGNATURE_BASE_RAT_Ap0Calypse
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Ap0calypse"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L50-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L50-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1ce90a5b1b3f643d4e530d6e00741f5d5918d3199cfbc4126cf8421a9e42023e"
score = 75
quality = 85
@@ -262085,8 +262258,8 @@ rule SIGNATURE_BASE_RAT_Arcom
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Arcom"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L72-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L72-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dbccd9885ba0ec5741e3c74908d2e76b15836bc75373c100f344abf9bdf3a0b4"
score = 75
quality = 85
@@ -262114,8 +262287,8 @@ rule SIGNATURE_BASE_RAT_Bandook
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/bandook"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L95-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L95-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fe658e0990f0d456b1a8f5acea62a3b80bdd4a9bc0eedfe2e1092ea60b4fca2e"
score = 75
quality = 85
@@ -262147,8 +262320,8 @@ rule SIGNATURE_BASE_RAT_Blacknix
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/BlackNix"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L122-L142"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L122-L142"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "de8787fd35e6313c061b8759361698b1acd54b215d226839a8702b1a5d189ccb"
score = 75
quality = 85
@@ -262175,8 +262348,8 @@ rule SIGNATURE_BASE_RAT_Blackshades : BLACKSHADES
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L144-L161"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L144-L161"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "23f8d52cf92b594f9302d549cf54f37dc0a01b5686da74b72120a8072435abfe"
score = 75
quality = 85
@@ -262200,8 +262373,8 @@ rule SIGNATURE_BASE_RAT_Bluebanana
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/BlueBanana"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L163-L184"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L163-L184"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d84bb63d56d876c8b2e7c8c8afeaba839fee41d2d38f16ac9a13e802008179e"
score = 75
quality = 85
@@ -262229,8 +262402,8 @@ rule SIGNATURE_BASE_RAT_Bozok
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Bozok"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L186-L206"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L186-L206"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a2fcd11573654f0c91c0c0dec8938ca8319a23953a5043135cb0032562f9f53"
score = 75
quality = 75
@@ -262257,8 +262430,8 @@ rule SIGNATURE_BASE_RAT_Clientmesh : TORCT
date = "2014-01-06"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/ClientMesh"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L208-L228"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L208-L228"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "671da9586110726b1646d4365ccaa87982ec7c86b7d4d80b99dbb444496b936c"
score = 75
quality = 85
@@ -262285,8 +262458,8 @@ rule SIGNATURE_BASE_RAT_Cybergate
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/CyberGate"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L230-L254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L230-L254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b3861ae5e6bd6478e9d8024b0e67a3ac1dbf31083b77477364c55b51d0ed9b5"
score = 75
quality = 85
@@ -262316,8 +262489,8 @@ rule SIGNATURE_BASE_RAT_Darkcomet
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/DarkComet"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L256-L282"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L256-L282"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db139f754f89affc706e090a41bfcd30cf49f9d4e16ade89993ee170f92cf68b"
score = 75
quality = 85
@@ -262348,8 +262521,8 @@ rule SIGNATURE_BASE_RAT_Darkrat
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/DarkRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L284-L306"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L284-L306"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dccb473a3cf4478dd1dbf8b35ad564f59740676ecde90266a0dc15cbad89bfe7"
score = 75
quality = 85
@@ -262378,8 +262551,8 @@ rule SIGNATURE_BASE_RAT_Greame
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Greame"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L308-L331"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L308-L331"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4a1ce5f5847bdc01d286c1d9cd1e16ba2fd6b5bc56e6094cb1492882708e8e59"
score = 75
quality = 85
@@ -262409,8 +262582,8 @@ rule SIGNATURE_BASE_RAT_Hawkeye
date = "2015-01-06"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/HawkEye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L333-L357"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L333-L357"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db3a0fe5774f0d137e092a4eb9672a4518d0ef943a1a4619cb646a9ac9f74ee0"
score = 75
quality = 85
@@ -262441,8 +262614,8 @@ rule SIGNATURE_BASE_RAT_Imminent
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Imminent"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L359-L389"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L359-L389"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aebae753c119950b0b3f315c7279866caf15f4d482c0a47912c90885adcf6db2"
score = 75
quality = 85
@@ -262478,8 +262651,8 @@ rule SIGNATURE_BASE_RAT_Infinity
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Infinity"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L391-L414"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L391-L414"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c1f5381755af6cfbb10a4769757cdeffb9651bddc76bc4c8e9765ed44bf37fe6"
score = 75
quality = 85
@@ -262509,8 +262682,8 @@ rule SIGNATURE_BASE_RAT_Lostdoor
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/LostDoor"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L440-L465"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L440-L465"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ffa6f5cbeacca5a1e750e35d8296658d4e280078a61f94fd5f2d4b7c800bb44"
score = 75
quality = 85
@@ -262542,8 +262715,8 @@ rule SIGNATURE_BASE_RAT_Luminositylink
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/LuminosityLink"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L467-L493"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L467-L493"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e70e3e0885d098f1ac2bcc324cd8ad2682fbfc395f189cabc4a4f97a0109682"
score = 75
quality = 60
@@ -262576,8 +262749,8 @@ rule SIGNATURE_BASE_RAT_Luxnet
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/LuxNet"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L495-L516"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L495-L516"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "55d872e2e30f6d55a6f91750bbb52675042e4673d712a4f2417af43b0f2c4fb9"
score = 75
quality = 85
@@ -262605,8 +262778,8 @@ rule SIGNATURE_BASE_RAT_Netwire
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/NetWire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L547-L569"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L547-L569"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6a4e757262c02dfe46ac28940b53a5695df2d242ccd4c16b42fbfdcf96072e91"
score = 75
quality = 60
@@ -262635,8 +262808,8 @@ rule SIGNATURE_BASE_RAT_Pandora
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Pandora"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L571-L599"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L571-L599"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d33598d0699bfb7e996047318099302c2c326e45d993a259c2bc145acf8cf54b"
score = 75
quality = 85
@@ -262671,8 +262844,8 @@ rule SIGNATURE_BASE_RAT_Paradox
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Paradox"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L601-L623"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L601-L623"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fef41262b78a497c65c7548c58d78ba8912725b28606fd9e99d1dbc19bdf7393"
score = 75
quality = 85
@@ -262701,8 +262874,8 @@ rule SIGNATURE_BASE_RAT_Plasma
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Plasma"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L625-L649"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L625-L649"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e73348d379c483a7917cf765a457739aed6940f180272fa8d0c0dd1eb8e5f562"
score = 75
quality = 85
@@ -262733,8 +262906,8 @@ rule SIGNATURE_BASE_RAT_Poisonivy
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/PoisonIvy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L651-L672"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L651-L672"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "874e0dfb22a03abc0f7fdc7209ff13b55dfa5dcc17db944903ca37a549eb331d"
score = 75
quality = 85
@@ -262762,8 +262935,8 @@ rule SIGNATURE_BASE_RAT_Predatorpain
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/PredatorPain"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L674-L702"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L674-L702"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "917234f83f891ad00bd83908c244818f517ea89cf7d8c81cfc3618b8386c1804"
score = 75
quality = 85
@@ -262798,8 +262971,8 @@ rule SIGNATURE_BASE_RAT_Punisher
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Punisher"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L704-L726"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L704-L726"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9347b8053393c3537693273c44a2a2f095928b8bc0cdcf9365a6f060d66efeb5"
score = 75
quality = 60
@@ -262828,8 +263001,8 @@ rule SIGNATURE_BASE_RAT_Pythorat
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/PythoRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L728-L751"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L728-L751"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8edcfb8f234ff225537d19343c75788ec2a25940e80042751eea3280a967e166"
score = 75
quality = 85
@@ -262859,8 +263032,8 @@ rule SIGNATURE_BASE_RAT_Qrat
date = "2015-01-08"
modified = "2023-12-05"
reference = "http://malwareconfig.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L753-L773"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L753-L773"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d404153ca64b547885e4e4581205f5fc20faf86e8ab18002c5deedca2487225"
score = 75
quality = 85
@@ -262887,8 +263060,8 @@ rule SIGNATURE_BASE_RAT_Sakula : FILE
date = "2015-10-13"
modified = "2023-12-05"
reference = "http://blog.airbuscybersecurity.com/public/YFR/sakula_v1x.yara"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L775-L817"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L775-L817"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec4e16deb6f4a671ee665c81568e87dc9a1023328e1be242eae015c1e04cfcef"
score = 75
quality = 85
@@ -262929,8 +263102,8 @@ rule SIGNATURE_BASE_RAT_Shadowtech : FILE
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/ShadowTech"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L819-L839"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L819-L839"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8ab024ae5ca62de30daf4392db5241220fcdb9b419bad555a996729aed9fa45d"
score = 75
quality = 83
@@ -262959,8 +263132,8 @@ rule SIGNATURE_BASE_RAT_Smallnet
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/SmallNet"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L841-L861"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L841-L861"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "17a6be371ce0c616cfea0b42a30e6d9118376912002d59790b133c73fd5436a3"
score = 75
quality = 85
@@ -262987,8 +263160,8 @@ rule SIGNATURE_BASE_RAT_Spygate
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/SpyGate"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L863-L890"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L863-L890"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b891212f3a669c6066cfddef418faafd75c92bb2f1e8e1f48403422a73bc9fa"
score = 75
quality = 83
@@ -263022,8 +263195,8 @@ rule SIGNATURE_BASE_RAT_Sub7Nation
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Sub7Nation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L892-L913"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L892-L913"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bd6c423cd5cb5a86b20e5e65ab460904548b8814c92ac65e497757bb79a27681"
score = 75
quality = 85
@@ -263051,8 +263224,8 @@ rule SIGNATURE_BASE_RAT_Vertex
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Vertex"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L915-L938"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L915-L938"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c9fb0dedd97240ad29924865118ba34f5d79dbefbb13729d96d41336ec4de39e"
score = 75
quality = 85
@@ -263082,8 +263255,8 @@ rule SIGNATURE_BASE_RAT_Virusrat
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/VirusRat"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L940-L967"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L940-L967"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8540296fe1341a793377494cec9ba6ee0313203bee9997f0da0b692959727c59"
score = 75
quality = 85
@@ -263117,8 +263290,8 @@ rule SIGNATURE_BASE_RAT_Xtreme
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/Xtreme"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L969-L990"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L969-L990"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4dec8de6609f8229444291a78e920ac48b9b5751dd0cad7c95bc6529d6f8c16c"
score = 75
quality = 85
@@ -263146,8 +263319,8 @@ rule SIGNATURE_BASE_RAT_Adwind
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/adWind"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L992-L1011"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L992-L1011"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "11167b927fa06324950753c6ec8f28058f2aa66fb4ecdf66a21de11a8db190b8"
score = 75
quality = 85
@@ -263173,8 +263346,8 @@ rule SIGNATURE_BASE_RAT_Njrat
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/njRat"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L1013-L1036"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L1013-L1036"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "47e8cc71caaefd70a170eb8fc845cb7ddb8df04b90163fe35f1ccb9a3f614c57"
score = 75
quality = 85
@@ -263203,8 +263376,8 @@ rule SIGNATURE_BASE_RAT_Unrecom
date = "2014-01-04"
modified = "2023-12-05"
reference = "http://malwareconfig.com/stats/unrecom"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L1038-L1058"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L1038-L1058"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "15ab9ee2f3fd825e91813a185bc5c7d7e790de39cd3e88c375b801d1412a08f4"
score = 75
quality = 85
@@ -263231,8 +263404,8 @@ rule SIGNATURE_BASE_MAL_JRAT_Oct18_1 : FILE
date = "2018-10-11"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rats_malwareconfig.yar#L1060-L1072"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rats_malwareconfig.yar#L1060-L1072"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7c652f3943ae7639633b82663f639adb7dea1bae9e617a14710fb6e448cfdbee"
score = 75
quality = 85
@@ -263254,8 +263427,8 @@ rule SIGNATURE_BASE_Getuserspns_VBS
date = "2016-05-21"
modified = "2023-12-05"
reference = "https://github.com/skelsec/PyKerberoast"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_kerberoast.yar#L8-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_kerberoast.yar#L8-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ece81cd717fed6ca1f9053384911fd59462b6f3b01210ceeb037ba3da2f7a318"
score = 75
quality = 60
@@ -263280,8 +263453,8 @@ rule SIGNATURE_BASE_Getuserspns_PS1
date = "2016-05-21"
modified = "2023-12-05"
reference = "https://github.com/skelsec/PyKerberoast"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_kerberoast.yar#L25-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_kerberoast.yar#L25-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "204b009677a02bf8725f928c2bfff321b4543a883760e312a0c92f187684c8e9"
score = 75
quality = 85
@@ -263307,8 +263480,8 @@ rule SIGNATURE_BASE_Kerberoast_PY
date = "2016-05-21"
modified = "2023-12-05"
reference = "https://github.com/skelsec/PyKerberoast"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_kerberoast.yar#L43-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_kerberoast.yar#L43-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b285cc55733bd4c499ffb4821a92675806bf66faf3b3565ffb6de867bed538d"
score = 75
quality = 85
@@ -263334,8 +263507,8 @@ rule SIGNATURE_BASE_SUSP_SFX_Runprogram_Wscript : FILE
date = "2018-09-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_sfx.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_sfx.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d00d83d4b25d80d0ca44fe1c3f3cd33ae5539d2d79c84bfdfcc470669d4f78c"
score = 75
quality = 85
@@ -263362,8 +263535,8 @@ rule SIGNATURE_BASE_RUAG_Tavdig_Malformed_Executable : FILE
date = "2016-05-24"
modified = "2023-12-05"
reference = "https://goo.gl/N5MEj0"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ruag.yar#L9-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ruag.yar#L9-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2a6eb90cc77f4556da0b5b0211bf0c4759dae0d78e9c6b765eff0e9a34f52e0f"
score = 60
quality = 85
@@ -263381,8 +263554,8 @@ rule SIGNATURE_BASE_RUAG_Bot_Config_File : FILE
date = "2016-05-24"
modified = "2023-12-05"
reference = "https://goo.gl/N5MEj0"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ruag.yar#L21-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ruag.yar#L21-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "256808511233da446ec69db4f5a5e23a237296c100e79e78bbe5e4964fa5dde6"
score = 60
quality = 85
@@ -263405,8 +263578,8 @@ rule SIGNATURE_BASE_RUAG_Cobra_Malware : FILE
date = "2016-05-24"
modified = "2023-12-05"
reference = "https://goo.gl/N5MEj0"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ruag.yar#L36-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ruag.yar#L36-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5576e8e465eb289e8da44009cb2237080c5b5c3eb6d7a337634d91c5d68ecd80"
score = 60
quality = 85
@@ -263427,8 +263600,8 @@ rule SIGNATURE_BASE_RUAG_Cobra_Config_File : FILE
date = "2016-05-24"
modified = "2023-12-05"
reference = "https://goo.gl/N5MEj0"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ruag.yar#L49-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ruag.yar#L49-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "703a89562f3a2e5692883892f468288276459ad528cd371b1ac226e1d1c4be02"
score = 60
quality = 85
@@ -263459,8 +263632,8 @@ rule SIGNATURE_BASE_RUAG_Exfil_Config_File : FILE
date = "2016-05-24"
modified = "2023-12-05"
reference = "https://goo.gl/N5MEj0"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ruag.yar#L73-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ruag.yar#L73-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "379e8762932ca565f3bd35ec241aef2d0445fbe6182a041e4d4e16a1170202ef"
score = 60
quality = 85
@@ -263486,8 +263659,8 @@ rule SIGNATURE_BASE_MAL_PHISH_Shellcode_Enc_Payload_Feb25 : FILE
date = "2025-02-14"
modified = "2025-03-20"
reference = "https://x.com/dtcert/status/1890384162818802135"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_phish_feb25.yar#L1-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_phish_feb25.yar#L1-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "247e6a648bb22d35095ba02ef4af8cfe0a4cdfa25271117414ff2e3a21021886"
logic_hash = "144323294a8353956adf7a9b2a316e1e7606e882f85b8187c016d5acdcc254cc"
score = 80
@@ -263509,8 +263682,8 @@ rule SIGNATURE_BASE_MAL_PHISH_Final_Payload_Feb25
date = "2025-02-14"
modified = "2025-03-20"
reference = "https://x.com/dtcert/status/1890384162818802135"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_phish_feb25.yar#L16-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_phish_feb25.yar#L16-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "de384aba6b0c6800095eb530954aa718d4ed96cccfc0b1e5e4d01404f3518a77"
logic_hash = "3251d68a019d873987966d46c9e474e5a1ebbca4a33a8bf1e3c3ce119db8ab8c"
score = 80
@@ -263538,8 +263711,8 @@ rule SIGNATURE_BASE_SUSP_Sysinternals_Desktops_Anomaly_Feb25 : FILE
date = "2025-02-14"
modified = "2025-03-20"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_phish_feb25.yar#L37-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_phish_feb25.yar#L37-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b8f64e090c7c9012e656c222682dfae7910669c7b7afaca35829cd1cc2eac17"
hash = "d0f7f3f58e0dfcfd81235379bb5a236f40be490207d3bf45f190a264879090db"
hash = "a83dc4d69a3de72aed4d1933db2ca120657f06adc6683346afbd267b8b7d27d0"
@@ -263569,8 +263742,8 @@ rule SIGNATURE_BASE_SUSP_PE_Compromised_Certificate_Feb25 : FILE
date = "2025-02-14"
modified = "2025-03-20"
reference = "https://x.com/DTCERT/status/1890384162818802135"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_phish_feb25.yar#L62-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_phish_feb25.yar#L62-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b8f64e090c7c9012e656c222682dfae7910669c7b7afaca35829cd1cc2eac17"
hash = "d0f7f3f58e0dfcfd81235379bb5a236f40be490207d3bf45f190a264879090db"
hash = "a83dc4d69a3de72aed4d1933db2ca120657f06adc6683346afbd267b8b7d27d0"
@@ -263600,11 +263773,11 @@ rule SIGNATURE_BASE_SUSP_Autocad_Lsp_Malware : FILE
date = "2019-02-04"
modified = "2023-12-05"
reference = "http://cadablog.blogspot.com/2012/06/acadmedrea-malware-autocad-based-virus.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_autocad_lsp_malware.yar#L1-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_autocad_lsp_malware.yar#L1-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4a5fe7016e27431407435541ab71ab00e6fd53418e2ebc19f8764c98728b89a6"
score = 65
- quality = 27
+ quality = 52
tags = "FILE"
hash1 = "1313398e2f39fcf17225c7e915b92bd74292d427163112d70b82f271359b84d5"
hash2 = "2382e6908e6b44c0676c537cb8caa239c8938cb01e62a45c7247d40ab7dbf0ad"
@@ -263651,8 +263824,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Feb22_1 : FILE
date = "2022-02-24"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_hermetic_wiper.yar#L2-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_hermetic_wiper.yar#L2-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1cf124f7533a060da8aff1a18f64a94b183502e58ffdfca012d72d99d30225ba"
score = 75
quality = 85
@@ -263694,8 +263867,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Artefacts_Feb22_1
date = "2022-02-25"
modified = "2023-12-05"
reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_hermetic_wiper.yar#L40-L70"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_hermetic_wiper.yar#L40-L70"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e917618a5172c68b4b32ba9e63402c2a98ccb027276b317ec169a4fef219de1"
score = 75
quality = 85
@@ -263728,8 +263901,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Scheduled_Task_Feb22_1
date = "2022-02-25"
modified = "2023-12-05"
reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_hermetic_wiper.yar#L72-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_hermetic_wiper.yar#L72-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "56368ba1c97fe3455312b6ee86dcd1a21677f7dfa3836e76ada4b236a5b2c171"
score = 85
quality = 85
@@ -263754,8 +263927,8 @@ rule SIGNATURE_BASE_Oilrig_Rgdoor_Gen1 : FILE
date = "2018-01-27"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_rgdoor.yar#L13-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_rgdoor.yar#L13-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "896900f788337327d444495ba0cd4c7c327bb4f9166bc2a981a348cf2c34cbdb"
score = 80
quality = 85
@@ -263785,8 +263958,8 @@ rule SIGNATURE_BASE_MSIL_SUSP_OBFUSC_Xorstringsnet : FILE
date = "2023-03-26"
modified = "2023-12-05"
reference = "https://github.com/dr4k0nia/yara-rules"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_net_xorstrings.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_net_xorstrings.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d023a80bd8f5709721c3ace8a7230b847ca4bd2a1aff502a25333ffc8bf75ca"
score = 75
quality = 85
@@ -263815,8 +263988,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Script_CVE_2024_3094_Mar24_1 : CVE_2024_3094
date = "2024-03-30"
modified = "2024-04-24"
reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/bkdr_xz_util_cve_2024_3094.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/bkdr_xz_util_cve_2024_3094.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3"
logic_hash = "8d3f5f078a5c827208e04acb7ac1496f473e1236f92561f94d2a3c8156c68ea6"
score = 80
@@ -263840,8 +264013,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Binary_CVE_2024_3094_Mar24_1 : CVE_2024_3094 FIL
date = "2024-03-30"
modified = "2024-04-24"
reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/bkdr_xz_util_cve_2024_3094.yar#L19-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/bkdr_xz_util_cve_2024_3094.yar#L19-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed364484ff598b0818f9b3249673e684b52394c25b14e47fbca25a5f96ecc970"
score = 75
quality = 85
@@ -263871,8 +264044,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Killswitch_CVE_2024_3094_Mar24_1 : CVE_2024_3094
date = "2024-03-30"
modified = "2024-04-24"
reference = "https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01?permalink_comment_id=5006558#gistcomment-5006558"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/bkdr_xz_util_cve_2024_3094.yar#L48-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/bkdr_xz_util_cve_2024_3094.yar#L48-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2024d4b8346c4f74524bb7f3c6b2850684c19471a00e6fa60fff1c41e4a86b6"
score = 85
quality = 85
@@ -263893,8 +264066,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_SH_Indicators_Mar24_1 : FILE
date = "2024-04-06"
modified = "2024-04-24"
reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4/1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/bkdr_xz_util_cve_2024_3094.yar#L62-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/bkdr_xz_util_cve_2024_3094.yar#L62-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5abf8184e0b1b18ccc513e00e9db241b4983923ae97f495396d73f0fb162192"
score = 60
quality = 85
@@ -263915,8 +264088,8 @@ rule SIGNATURE_BASE_SUSP_Office_Dropper_Strings : FILE
date = "2018-09-13"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3a66a86eb99a3e7cd02e3444714c6c88b423cd0ea1e6210bf91da01cf804105f"
score = 65
quality = 85
@@ -263941,8 +264114,8 @@ rule SIGNATURE_BASE_SUSP_Enablecontent_String_Gen : FILE
date = "2019-02-12"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L19-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L19-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cde995ab0486fdafdc98e36c28a1f786ee7485387158f7337acd5f7dd0e3fed1"
score = 65
quality = 85
@@ -263967,8 +264140,8 @@ rule SIGNATURE_BASE_SUSP_Worddoc_VBA_Macro_Strings : FILE
date = "2019-02-12"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L42-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L42-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "441e4a8e90d6045d0ad6a959ce56e834960c48083343add8e4f519f4b83bc82d"
score = 60
quality = 85
@@ -263997,8 +264170,8 @@ rule SIGNATURE_BASE_SUSP_Officedoc_VBA_Base64Decode : FILE
date = "2019-06-21"
modified = "2023-12-05"
reference = "https://github.com/cpaton/Scripting/blob/master/VBA/Base64.bas"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L65-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L65-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fb094c9991f93e9d1003832dc11a58efa8281e9fe844e61e27dfd077f55ad39"
score = 70
quality = 85
@@ -264022,8 +264195,8 @@ rule SIGNATURE_BASE_SUSP_VBA_Filesystem_Access : FILE
date = "2019-06-21"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L82-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L82-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "13d7e0708968a7700308e6216ea5d0a396f9335137ae1e33c3b34a2f54012ec6"
score = 60
quality = 85
@@ -264049,8 +264222,8 @@ rule SIGNATURE_BASE_SUSP_Excel_IQY_Remoteuri_Syntax : FILE
date = "2018-08-17"
modified = "2023-11-25"
reference = "https://twitter.com/ItsReallyNick/status/1030330473954897920"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L102-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L102-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7033b0a4226dd289ecc670a0807e4159dd4486f52bc80a6b5ddd34d6961ab163"
score = 55
quality = 85
@@ -264072,8 +264245,8 @@ rule SIGNATURE_BASE_SUSP_Macro_Sheet_Obfuscated_Char : FILE
date = "2020-04-07"
modified = "2023-12-05"
reference = "https://twitter.com/DissectMalware/status/1247595433305800706"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_office_dropper.yar#L122-L139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_office_dropper.yar#L122-L139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0953d1f916df570cb3d053bf4fdac196bdbd806df4b6c0a982ed9949a3676e6c"
score = 65
quality = 85
@@ -264099,8 +264272,8 @@ rule SIGNATURE_BASE_MAL_G_APT_Backdoor_BRICKSTORM_3 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "931eacd7e5250d29903924c31f41b7e5"
logic_hash = "168bc2bdfff6a135f4ec89f8cf79051e6dcd242b314e3238553d67929995a9ea"
score = 75
@@ -264126,8 +264299,8 @@ rule SIGNATURE_BASE_MAL_G_Backdoor_BRICKSTORM_2 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L19-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L19-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "afea32d3c817473ec0dbc20177daa4070f847c23295318fa093fc3a96a15e764"
score = 75
quality = 85
@@ -264160,8 +264333,8 @@ rule SIGNATURE_BASE_MAL_G_APT_Backdoor_BRICKSTORM_1 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L53-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L53-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4645f2f6800bc654d5fa812237896b00"
logic_hash = "ffaeca48c96445044844779f28c46a5c6029ba96191d3faafbc8f3864c29e21b"
score = 75
@@ -264196,8 +264369,8 @@ rule SIGNATURE_BASE_MAL_G_APT_Backdoor_BRICKSTORM_2 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L80-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L80-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db989caa2a80481e58e6d65068e1814cf7366e3bdfc347e9019fb2bc980c74fa"
score = 75
quality = 85
@@ -264219,8 +264392,8 @@ rule SIGNATURE_BASE_WEBSHELL_G_APT_Backdoorwebshell_SLAYSTYLE_1 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L94-L112"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L94-L112"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a56238218e60a69049f5d9c756df4fb6f0de772fbc437a14c5db7192f971be6"
score = 75
quality = 83
@@ -264246,8 +264419,8 @@ rule SIGNATURE_BASE_WEBSHELL_G_APT_Backdoorwebshell_SLAYSTYLE_2 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L114-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L114-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d2d1003f77a2066b48df1c27feab79c0a1951ebb62c3198de8366bcfee42e30a"
score = 75
quality = 85
@@ -264272,8 +264445,8 @@ rule SIGNATURE_BASE_MAL_G_Backdoor_BRICKSTEAL_1 : FILE
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L131-L146"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L131-L146"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27413b63eae84d95cf0ca920e9ac1daba200281ecc32cc9922c0e7850c7f0571"
score = 75
quality = 85
@@ -264298,8 +264471,8 @@ rule SIGNATURE_BASE_MAL_G_Dropper_BRICKSTEAL_1
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L148-L165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L148-L165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5ed68f17ba8ac0c7ba02f9111f083244181332c71ed43b4cd5582baee493c98d"
score = 75
quality = 85
@@ -264326,8 +264499,8 @@ rule SIGNATURE_BASE_MAL_G_Dropper_BRICKSTEAL_2
date = "2025-09-25"
modified = "2025-10-07"
reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_brickstorm_sep25.yar#L167-L184"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_brickstorm_sep25.yar#L167-L184"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e1bdcc59259b2bf476b873a9f94b9296efc7720d83fba04f6569217019ae3af8"
score = 75
quality = 85
@@ -264353,8 +264526,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Inital_Shellcode
date = "2022-04-21"
modified = "2023-12-05"
reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_goldbackdoor.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_goldbackdoor.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4df97181037a580098dbe34d3b6ceab5c7b83932f1831c36ee99876a8f1524f9"
score = 80
quality = 85
@@ -264380,8 +264553,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Injected_Shellcode
date = "2022-04-21"
modified = "2023-12-05"
reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_goldbackdoor.yar#L22-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_goldbackdoor.yar#L22-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b45f408c0f342591e66ef0dfcfc1c09f8558c5e8f4bd7f824b30f00d531c7511"
score = 80
quality = 85
@@ -264410,8 +264583,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Generic_Shellcode
date = "2022-04-21"
modified = "2023-12-05"
reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_goldbackdoor.yar#L44-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_goldbackdoor.yar#L44-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e046a70b1dee020ba73d960a9d91daaccd0b5c262965c8647f608c5c83a28257"
score = 75
quality = 85
@@ -264434,8 +264607,8 @@ rule SIGNATURE_BASE_VUL_Exchange_CVE_2020_0688 : FILE
date = "2020-02-26"
modified = "2023-12-05"
reference = "https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_cve_2020_0688.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_cve_2020_0688.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "035971028d36c8bbcc6a274817187adfbfefe530ff6808af5a7c0b4667c1bd8b"
score = 60
quality = 85
@@ -264458,8 +264631,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Venus_Nov22_1 : FILE
date = "2022-11-16"
modified = "2023-12-05"
reference = "https://twitter.com/dyngnosis/status/1592588860168421376"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_venus.yar#L3-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_venus.yar#L3-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c94d59015897f180ef55608a2761b37c7b52193e28895ea6a4c0548acf3ad34"
score = 85
quality = 85
@@ -264494,8 +264667,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_DLL_Nov23_1 : CVE_2023_4966 FILE
date = "2023-11-23"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6788d37301bb82bd4d9584e192e2fb14d4f6c77801b70299097d8ba139219394"
score = 80
quality = 85
@@ -264523,8 +264696,8 @@ rule SIGNATURE_BASE_MAL_Trojan_DLL_Nov23 : CVE_2023_4966 FILE
date = "2023-11-23"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L24-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L24-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9be42742711b4d0440244b507945e074b61c456588580b3263f899a7eb84d8aa"
score = 80
quality = 85
@@ -264548,8 +264721,8 @@ rule SIGNATURE_BASE_MAL_DLL_Stealer_Nov23 : CVE_2023_4966 FILE
date = "2023-11-23"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L41-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L41-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d0c46d855973cb2c0636aed9c67cfbe47ca260ab1bc842fef1d532725c26910"
score = 80
quality = 85
@@ -264571,8 +264744,8 @@ rule SIGNATURE_BASE_MAL_Python_Backdoor_Script_Nov23 : CVE_2023_4966 FILE
date = "2023-11-23"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L56-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L56-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b336f6438a420af49b1b0144039f1051f12c0c54f77a94e2f947f71d1f6230b3"
score = 80
quality = 85
@@ -264596,8 +264769,8 @@ rule SIGNATURE_BASE_APT_RANSOM_Lockbit_Forensicartifacts_Nov23
date = "2023-11-22"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L73-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L73-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ba1d47e2cac72143c4612c420777024f114afc007c7b15251a58819654aeff1"
score = 75
quality = 85
@@ -264619,8 +264792,8 @@ rule SIGNATURE_BASE_SUSP_NET_Msil_Suspicious_Use_Strreverse : FILE
date = "2023-01-31"
modified = "2023-02-22"
reference = "https://github.com/dr4k0nia/yara-rules"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_net_msil.yar#L2-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_net_msil.yar#L2-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "02ce0980427dea835fc9d9eed025dd26672bf2c15f0b10486ff8107ce3950701"
logic_hash = "a7440600ee4826568d465d204e0a602f61752e4ffcfa3b4f29e5bc81c4d67b46"
score = 70
@@ -264647,8 +264820,8 @@ rule SIGNATURE_BASE_Win7Elevatev2 : FILE
date = "2015-05-14"
modified = "2023-12-05"
reference = "http://www.pretentiousname.com/misc/W7E_Source/Win7Elevate_Inject.cpp.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_uac_elevators.yar#L2-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_uac_elevators.yar#L2-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2f5859388c6074f1a75f0c40387f30ffa50d6b87f20f518fd1af7398c95cd650"
score = 60
quality = 85
@@ -264687,8 +264860,8 @@ rule SIGNATURE_BASE_UACME_Akagi
date = "2015-05-14"
modified = "2023-12-05"
reference = "https://github.com/hfiref0x/UACME"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_uac_elevators.yar#L35-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_uac_elevators.yar#L35-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e10f39837a53dcc6d301d21a69fca965aeca0a07cfc832a9a0142b08d280f955"
score = 60
quality = 85
@@ -264724,8 +264897,8 @@ rule SIGNATURE_BASE_Uacelevator : FILE
date = "2015-05-14"
modified = "2023-12-05"
reference = "https://github.com/MalwareTech/UACElevator"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_uac_elevators.yar#L66-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_uac_elevators.yar#L66-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fd29d5a72d7a85b7e9565ed92b4d7a3884defba6"
logic_hash = "8215746b2c84a5500221580969fb2eac8ee11cbb5af4ba5bf2dbd1def65b8745"
score = 75
@@ -264757,8 +264930,8 @@ rule SIGNATURE_BASE_S4U : FILE
date = "2015-06-05"
modified = "2023-12-05"
reference = "https://github.com/aurel26/s-4-u-for-windows"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_uac_elevators.yar#L92-L139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_uac_elevators.yar#L92-L139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cfc18f3d5306df208461459a8e667d89ce44ed77"
logic_hash = "b1882710f2514fb44ff01631636c0a66beef620c8bea644ebe05cd5385a9e494"
score = 50
@@ -264808,8 +264981,8 @@ rule SIGNATURE_BASE_UACME_Akagi_2 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://github.com/hfiref0x/UACME"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_uac_elevators.yar#L151-L174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_uac_elevators.yar#L151-L174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f79a82d466f51c86a0e6fb89688708c35dbcc7ba8f4543e5fb7565d41dd3faab"
score = 80
quality = 85
@@ -264840,8 +265013,8 @@ rule SIGNATURE_BASE_ACE_Containing_EXE
date = "2015-09-09"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_ace_with_exe.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_ace_with_exe.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27fba0db7a98fbaf4b3710a9e411ed74860099c133a2e83ddf368ae2fef3c288"
score = 50
quality = 83
@@ -264866,8 +265039,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Packed_Feb24 : FILE
date = "2024-02-16"
modified = "2025-03-20"
reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lockbit4_packed_win_feb24.yar#L1-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lockbit4_packed_win_feb24.yar#L1-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "15796971d60f9d71ad162060f0f76a02"
logic_hash = "07281fd86efbb7167ba1cc0c6f6897418751df1a3697869e51f806c26641e365"
score = 100
@@ -264897,8 +265070,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample1 : FILE
date = "2018-05-30"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta18_149A.yar#L13-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta18_149A.yar#L13-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "746c74713ac52f62d5a5c41d2c9321e00481a45aa2c23f1695fab0f5b6d5dfb4"
score = 75
quality = 85
@@ -264926,8 +265099,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample2 : FILE
date = "2018-05-30"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta18_149A.yar#L36-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta18_149A.yar#L36-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "046135e4a1161841835cd9d10e13224b440e914ce3f409bad84a1df2638a7d5f"
score = 75
quality = 85
@@ -264954,8 +265127,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample3 : FILE
date = "2018-05-30"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta18_149A.yar#L57-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta18_149A.yar#L57-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a3da6c70d2ab94820324a55f1bcdcf5507a8ddf26efc80904daf0d9b27ac9312"
score = 75
quality = 85
@@ -264983,8 +265156,8 @@ rule SIGNATURE_BASE_HKTL_Nim_Nimpackt : EXE FILE HKTL
date = "2022-01-26"
modified = "2023-12-05"
reference = "https://github.com/chvancooten/NimPackt-v1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_nimpackt.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_nimpackt.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2bda7acb440d1c72efeaddcb18b736343d658d59feccf6c9339b313cd35f32eb"
score = 80
quality = 79
@@ -265010,8 +265183,8 @@ rule SIGNATURE_BASE_Blackenergy_BE_2 : FILE
date = "2015-02-19"
modified = "2023-12-05"
reference = "http://goo.gl/DThzLz"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L8-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L8-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "983cfcf3aaaeff1ad82eb70f77088ad6ccedee77"
logic_hash = "77ecab353063bf8be5ec70294f8497234af8ddd944e0b207d8d633f59f76dbb6"
score = 75
@@ -265038,8 +265211,8 @@ rule SIGNATURE_BASE_Blackenergy_VBS_Agent : FILE
date = "2016-01-03"
modified = "2023-12-05"
reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L34-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L34-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f"
logic_hash = "2a0037a76f1031117fe41b2e41691511eb626ffc0c738547eda24f771505bc67"
score = 75
@@ -265064,8 +265237,8 @@ rule SIGNATURE_BASE_Dropbear_SSH_Server : FILE
date = "2016-01-03"
modified = "2023-12-05"
reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L51-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L51-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd"
logic_hash = "6b8acaaa64329d09d3d22d74f4f40288fba3f5faaff63e1ee6b2e6153f14d730"
score = 50
@@ -265092,8 +265265,8 @@ rule SIGNATURE_BASE_Blackenergy_Backdoorpass_Dropbear_SSH : FILE
date = "2016-01-03"
modified = "2023-12-05"
reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L71-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L71-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd"
logic_hash = "3af58d155691d9323458280ad1b933e8e784acafb0974f5f267b93d9b02e825e"
score = 75
@@ -265116,8 +265289,8 @@ rule SIGNATURE_BASE_Blackenergy_Killdisk_1 : FILE
date = "2016-01-03"
modified = "2023-12-05"
reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L88-L115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L88-L115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa64434422a16166938b9eede9c50b79bae90632f1500e6529dcf26dbebe50f1"
score = 80
quality = 85
@@ -265153,8 +265326,8 @@ rule SIGNATURE_BASE_Blackenergy_Killdisk_2 : FILE
date = "2016-01-03"
modified = "2023-01-06"
reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L117-L138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L117-L138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "38ce9ab347690914f27e7ae89cc6fb2af02ee223e21822eb3b75fde772d3eaff"
score = 80
quality = 85
@@ -265183,8 +265356,8 @@ rule SIGNATURE_BASE_Blackenergy_Driver_USBMDM : FILE
date = "2016-01-04"
modified = "2023-12-05"
reference = "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L140-L163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L140-L163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "273a00de7af1b7490bff2eae545b358a5483bae0d55a560bef7bd9fa24b0f1d9"
score = 75
quality = 85
@@ -265217,8 +265390,8 @@ rule SIGNATURE_BASE_Blackenergy_Driver_AMDIDE : FILE
date = "2016-01-04"
modified = "2023-12-05"
reference = "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_blackenergy.yar#L165-L188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_blackenergy.yar#L165-L188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb6017327be464bcc2d9efca676c58a9ede45d122460bc167f87e78880c4ace5"
score = 75
quality = 85
@@ -265251,8 +265424,8 @@ rule SIGNATURE_BASE_SUSP_Bad_PDF : FILE
date = "2018-05-03"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_bad_pdf.yar#L1-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_bad_pdf.yar#L1-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "59b159aaccf5c3b64fee17831c1e3a1ca99b60dbb725ad25a4ddad47cdc442d7"
score = 65
quality = 85
@@ -265276,8 +265449,8 @@ rule SIGNATURE_BASE_Credentialstealer_Generic_Backdoor : FILE
date = "2017-06-07"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_credstealer_generic.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_credstealer_generic.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa06291a91ac84f80cd2cbe5a01c2cbcc14cf6914da9d1234af9b3d833990551"
score = 75
quality = 85
@@ -265309,8 +265482,8 @@ rule SIGNATURE_BASE_Mimikatz_Memory_Rule_1 : APT
date = "2014-12-22"
modified = "2023-07-04"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L5-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L5-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "22064af570b8e0a93ca0d45484848eda3fbecfd27c88247ef0897fe53be4b7fc"
score = 70
quality = 85
@@ -265339,8 +265512,8 @@ rule SIGNATURE_BASE_Mimikatz : FILE
date = "2022-11-16"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L48-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L48-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf972a2c0465c3bbdde6f03d91c6f479d0f66c6d3e9512355de5a973164b56a5"
score = 75
quality = 85
@@ -265367,8 +265540,8 @@ rule SIGNATURE_BASE_Wce
date = "2020-08-10"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L76-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L76-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a16db99dcaaf1b6c33a738aab4f4d3812366258bc2f6dd32250ee1b1a0616f1c"
score = 75
quality = 85
@@ -265392,8 +265565,8 @@ rule SIGNATURE_BASE_Power_Pe_Injection
date = "2020-08-10"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L91-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L91-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64a7033d51e8933912f37ce68bffc216073a88cae1ea7492e71a812411ae6a9d"
score = 75
quality = 85
@@ -265414,8 +265587,8 @@ rule SIGNATURE_BASE_Mimikatz_Logfile
date = "2015-03-31"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L103-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L103-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4591cda5bd5a555292087da26193accc4f00d7c0611be8d5ab6dd4dabb14a0ef"
score = 80
quality = 85
@@ -265441,8 +265614,8 @@ rule SIGNATURE_BASE_Mimikatz_Strings : FILE
date = "2016-06-08"
modified = "2023-12-05"
reference = "not set"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L121-L154"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L121-L154"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "baba1e159c0fb23f68b80459291a2d2c52e84f742f51ca30b894f7fc6282ad7a"
score = 65
quality = 85
@@ -265479,8 +265652,8 @@ rule SIGNATURE_BASE_Appinithook : FILE
date = "2015-07-15"
modified = "2023-12-05"
reference = "https://goo.gl/Z292v6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L156-L176"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L156-L176"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e7563e4f2a7e5f04a3486db4cefffba173349911a3c6abd7ae616d3bf08cfd45"
logic_hash = "a4de3a062e309715c339a45a16a7ff8f9a55851cb41097a6925fd11f649547d2"
score = 70
@@ -265509,8 +265682,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Skeletonkey_In_Memory_Aug20_1
date = "2020-08-09"
modified = "2023-12-05"
reference = "https://twitter.com/sbousseaden/status/1292143504131600384?s=12"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L178-L190"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L178-L190"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0cc9a4d3b63e07a695df342bd2c96a55570502d6fd0ab9a1b61d63e28e1c3e05"
score = 75
quality = 85
@@ -265532,8 +265705,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Memssp_Hookfn
date = "2020-08-26"
modified = "2023-12-05"
reference = "https://github.com/sbousseaden/YaraHunts/blob/master/mimikatz_memssp_hookfn.yara"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L192-L216"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L192-L216"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27cf87f801111f17af76ab4c4f8329b73165f24f755d33edbb22d845bba6d3ff"
score = 70
quality = 85
@@ -265565,8 +265738,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Icon : FILE
date = "2023-02-18"
modified = "2023-12-05"
reference = "https://blog.gentilkiwi.com/mimikatz"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikatz.yar#L218-L238"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikatz.yar#L218-L238"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a07d477d1645e6df4f0706e44df11ea006c89e4d3218ed18a8a97b60853ff4ff"
score = 60
quality = 85
@@ -265594,11 +265767,11 @@ rule SIGNATURE_BASE_MAL_PE_Type_Babyshark_Loader : FILE
date = "2019-02-24"
modified = "2023-12-05"
reference = "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_babyshark.yar#L4-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_babyshark.yar#L4-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0ab9a30cb731922d965a9cf58094fea36d5c74b9989324efee603808591ea6a5"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
hash1 = "6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c"
@@ -265620,8 +265793,8 @@ rule SIGNATURE_BASE_APT_NK_Babyshark_Kimjoingrat_Apr19_1 : FILE
date = "2019-04-27"
modified = "2023-12-05"
reference = "https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_babyshark.yar#L29-L53"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_babyshark.yar#L29-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3fec0f21e299e09ae9734f256edbbca81a53f860b42e99a78b07d344552f1062"
score = 75
quality = 85
@@ -265650,8 +265823,8 @@ rule SIGNATURE_BASE_MAL_Netfilter_Dropper_Jun_2021_1_1 : FILE
date = "2020-06-18"
modified = "2023-12-05"
reference = "https://twitter.com/struppigel/status/1405483373280235520"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_netfilter.yar#L4-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_netfilter.yar#L4-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b70eb5d2d234d0f523c41fa146f315cf7239bbe7a988b393e75ea6cf6aa438d3"
score = 75
quality = 85
@@ -265681,8 +265854,8 @@ rule SIGNATURE_BASE_MAL_Netfilter_May_2021_1_1 : FILE
date = "2020-06-18"
modified = "2023-12-05"
reference = "https://twitter.com/struppigel/status/1405483373280235520"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_netfilter.yar#L28-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_netfilter.yar#L28-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ba72bbc38c27d0c8d6eea7d513c3ca40276edd929c93abae4098639f7d7649a5"
score = 75
quality = 83
@@ -265714,8 +265887,8 @@ rule SIGNATURE_BASE_Mal_Babbleloader_Win_Jan24 : FILE
date = "2025-01-27"
modified = "2025-03-20"
reference = "https://0x0d4y.blog/babbleloader-technical-malware-analysis/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_babbleloader_win_jan24.yar#L1-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_babbleloader_win_jan24.yar#L1-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fa3d03c319a7597712eeff1338dabf92"
logic_hash = "d4f7915146b1f3fe50febc231247e14323e9d68a94b2b9c8149a5727c06162ca"
score = 100
@@ -265744,8 +265917,8 @@ rule SIGNATURE_BASE_SUSP_Deviceguard_WDS_Evasion : FILE
date = "2015-01-01"
modified = "2023-01-06"
reference = "http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_deviceguard_evasion.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_deviceguard_evasion.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4be9d7c34f7bafeb53db4fc1262a3692493b2253b0de7dc97480b01b62a9f12c"
score = 70
quality = 85
@@ -265768,8 +265941,8 @@ rule SIGNATURE_BASE_Tidepool_Malware : FILE
date = "2016-05-24"
modified = "2023-12-05"
reference = "http://goo.gl/m2CXWR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tidepool.yar#L8-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tidepool.yar#L8-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "759920ed7c9320e8412ed0644b28922a545b04f7549f0da6d6c67d6af8a7af3e"
score = 75
quality = 85
@@ -265802,8 +265975,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_1 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L13-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L13-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6e94111abe83aa500bfa35a3a7c2d43c3ed4011bc540401f047e84cfc27204ca"
score = 75
quality = 85
@@ -265829,8 +266002,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_2 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L31-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L31-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ddd3dee11e25ea40fa3cc578c6a836ea850359a5914d5eb5d16ea4340827b91b"
score = 75
quality = 85
@@ -265855,8 +266028,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_3 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L48-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L48-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f1617829ccf7da6ee2e9f692fbf1f61d3f1c6a17103db85190d6a8b4fca69328"
score = 75
quality = 85
@@ -265880,8 +266053,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_4 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L64-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L64-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f258070054a29cbec0876536d295b85c7bd9f23988d1e0fc2ba58660b0796716"
score = 75
quality = 85
@@ -265912,8 +266085,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_5 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L87-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L87-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f2d4cfd55017ebb34fb6e8ad1b0b46b184926c69d4bacee88dc639771f96792"
score = 75
quality = 85
@@ -265937,8 +266110,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_6 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L103-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L103-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f6cc84ebed26a0dbecfcb3ffb3a11c111ae3d5b40497d59ada518d33bee57fdd"
score = 75
quality = 85
@@ -265961,8 +266134,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_7 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L118-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L118-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "198f8869e56d5549d9195524a86f6557162c5d25b4915bec0bf513797d880ea1"
score = 75
quality = 85
@@ -265985,8 +266158,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_8 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L133-L148"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L133-L148"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6c8ddc7fb5f3256e57e66f502f6e3c582d82540f773bf4113cac4a685d45f81b"
score = 75
quality = 85
@@ -266012,8 +266185,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_9 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L150-L170"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L150-L170"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0500481ae4bb7d4a223a106d2887b994e5000815704e678b2f3ff127a86c22a2"
score = 75
quality = 85
@@ -266036,8 +266209,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_10 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L172-L189"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L172-L189"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79a8dfd63e96ccc9259272476e364e53b841b42255a2a5f3b9f93e91caa5d1c2"
score = 75
quality = 85
@@ -266064,8 +266237,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_11 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L191-L210"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L191-L210"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "066fc3622a0db5cc511e85f6efc08191c2c9268524c8761dc17a05e6d133c263"
score = 75
quality = 85
@@ -266093,8 +266266,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_12 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L212-L234"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L212-L234"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49357a34f3b1d0bb86d1c6ddfa6a6c3b92bfafaebd050d835c0a902199a2121b"
score = 75
quality = 85
@@ -266127,8 +266300,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_13 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L236-L254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L236-L254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c319a3ca78687cd2af77d97b4b4a8e72dadd812bf3da2145a23df278c3aa9a2"
score = 75
quality = 85
@@ -266156,8 +266329,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_14 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L256-L276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L256-L276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c96a40495bc2a17a6215c877ad054bd2e1e10c524c2d54da1955d370b9ccdcd7"
score = 75
quality = 85
@@ -266185,8 +266358,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_15 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L278-L299"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L278-L299"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "22769d215e52965f48eb3455b39fbd8f8ce950a67f8132612d42b78fde9822a5"
score = 75
quality = 85
@@ -266217,8 +266390,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_16 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L301-L317"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L301-L317"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "950ece29e8fd056e3506684bce9b16eb185d63c1b020e4911972f5fcbdadbe30"
score = 75
quality = 85
@@ -266243,8 +266416,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_17 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L319-L343"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L319-L343"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0724e07614e704d9ac8a1ae4aecfcf3d9800dde6f83eeecc8427ab6205e321a6"
score = 75
quality = 85
@@ -266277,8 +266450,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_18 : FILE
date = "2018-06-21"
modified = "2023-12-05"
reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_thrip.yar#L345-L367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_thrip.yar#L345-L367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5cac313bd77900e67f0528d660671394915dff7159ca6fa067fd9c392d7c269a"
score = 75
quality = 85
@@ -266310,8 +266483,8 @@ rule SIGNATURE_BASE_Seaduke_Sample : FILE
date = "2015-07-14"
modified = "2023-12-05"
reference = "http://goo.gl/MJ0c2M"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_seaduke_unit42.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_seaduke_unit42.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d2e570129a12a47231a1ecb8176fa88a1bf415c51dabd885c513d98b15f75d4e"
logic_hash = "3bec2bedaafddd17ee65747f8be773287eda784bdfa8fc11e8378737139ef94e"
score = 70
@@ -266338,8 +266511,8 @@ rule SIGNATURE_BASE_Mywscript_Compiledscript : FILE
date = "2017-07-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_mywscript_dropper.yar#L10-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_mywscript_dropper.yar#L10-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5619de9589e3d34026bf4ec223f2c6b94fcb7362c8f3c26f7582030cfc4385cf"
score = 65
quality = 85
@@ -266364,8 +266537,8 @@ rule SIGNATURE_BASE_Flash_CVE_2015_5119_APT3_Leg : CVE_2015_5119 FILE
date = "2015-08-01"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2015_5119.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2015_5119.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99af6b9ecc18b87b14968eb8fffefac7be10dd727d8af2d0488fae4a96196e85"
score = 70
quality = 85
@@ -266394,14 +266567,14 @@ rule SIGNATURE_BASE_MAL_ZIP_Socgholish_Mar21_1 : ZIP JS SOCGHOLISH FILE
date = "2021-03-29"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_socgholish.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_socgholish.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4f6566c145be5046b6be6a43c64d0acae38cada5eb49b2f73135b3ac3d6ba770"
hash = "54f756fbf8c20c76af7c9f538ff861690800c622d1c9db26eb3afedc50835b09"
hash = "dfdbec1846b74238ba3cfb8c7580c64a0fa8b14b6ed2b0e0e951cc6a9202dd8d"
logic_hash = "6621b029f65720e468bd167fcd7429a1f7ba8975298ddbd913b13fbe9e117df2"
score = 75
- quality = 35
+ quality = 60
tags = "ZIP, JS, SOCGHOLISH, FILE"
strings:
@@ -266423,8 +266596,8 @@ rule SIGNATURE_BASE_EXT_MAL_JS_Socgholish_Mar21_1 : JS SOCGHOLISH FILE
date = "2021-03-29"
modified = "2023-01-02"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_socgholish.yar#L25-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_socgholish.yar#L25-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7ccbdcde5a9b30f8b2b866a5ca173063dec7bc92034e7cf10e3eebff017f3c23"
hash = "f6d738baea6802cbbb3ae63b39bf65fbd641a1f0d2f0c819a8c56f677b97bed1"
hash = "c7372ffaf831ad963c0a9348beeaadb5e814ceeb878a0cc7709473343d63a51c"
@@ -266457,8 +266630,8 @@ rule SIGNATURE_BASE_Socgholish_JS_22_02_2022 : FILE
date = "2022-02-22"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_socgholish.yar#L53-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_socgholish.yar#L53-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3e14d04da9cc38f371961f6115f37c30"
hash = "dffa20158dcc110366f939bd137515c3"
hash = "afee3af324951b1840c789540d5c8bff"
@@ -266486,8 +266659,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_3_1 : FILE
date = "2020-12-08"
modified = "2025-02-12"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L47-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L47-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "995120b35db9d2f36d7d0ae0bfc9c10d"
logic_hash = "4fda951281b3d711e50c24f543b528b93295a119af39245b4bece77f641bbf2b"
score = 75
@@ -266533,8 +266706,8 @@ rule SIGNATURE_BASE_Credtheft_MSIL_Adpasshunt_2_1 : FILE
date = "2020-12-08"
modified = "2025-02-12"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L845-L861"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L845-L861"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6efb58cf54d1bb45c057efcfbbd68a93"
logic_hash = "a76faa34a1f9cc891aeaa65525c8698e49d5a141854ca0cffb42f06a251bea43"
score = 50
@@ -266561,8 +266734,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_Gorat_Memory_1
date = "2020-12-08"
modified = "2025-02-12"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L1013-L1039"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L1013-L1039"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3b926b5762e13ceec7ac3a61e85c93bb"
logic_hash = "bf8d80b7a7d35c1bcb353ff66d10bc95c2e6502043acc6554887465a467cdcf7"
score = 75
@@ -266595,8 +266768,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_Sharpivot_3_1 : FILE
date = "2020-12-08"
modified = "2025-02-12"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L1145-L1174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L1145-L1174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e4efa759d425e2f26fbc29943a30f5bd"
logic_hash = "f51ac9637f47a98beee1b3c37b594e292aab0e1d3f9e49c41b1f3c3ce02e17de"
score = 75
@@ -266635,8 +266808,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_SEATBELT_1_1 : FILE
date = "2020-12-08"
modified = "2023-01-27"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L1210-L1233"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L1210-L1233"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "848837b83865f3854801be1f25cb9f4d"
logic_hash = "89275ec08b75cef371b70fb749cbcada3f30309869094ab7940811fe40f8a008"
score = 75
@@ -266667,8 +266840,8 @@ rule SIGNATURE_BASE_APT_Builder_PY_REDFLARE_2_1
date = "2020-12-01"
modified = "2020-12-01"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L1376-L1391"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L1376-L1391"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4410e95de247d7f1ab649aa640ee86fb"
logic_hash = "0f28fb23c0c1d589466c7c541c8dc588b038d02dded0c66c4a448d1f768c95c5"
score = 75
@@ -266692,8 +266865,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_2_1 : FILE
date = "2020-12-08"
modified = "2025-02-12"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L1453-L1484"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L1453-L1484"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f59095f0ab15f26a1ead7eed8cdb4902"
logic_hash = "45c83e0d39184abcbc0ccc5804ab745b4feec1fad424a543a05754e5b4cca311"
score = 75
@@ -266735,8 +266908,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_4_1 : FILE
date = "2020-12-08"
modified = "2025-02-12"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L1706-L1716"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L1706-L1716"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f59095f0ab15f26a1ead7eed8cdb4902"
logic_hash = "fa76e994beb2ab1b7950cf9d6391adf4e1ba45586a14a6340fa8a25a904821e4"
score = 75
@@ -266755,8 +266928,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_PXELOOT_2_1 : FILE
date = "2020-12-08"
modified = "2023-01-27"
reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fireeye_redteam_tools.yar#L2088-L2113"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fireeye_redteam_tools.yar#L2088-L2113"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d93100fe60c342e9e3b13150fd91c7d8"
logic_hash = "f9a9167b806e0e3df3720c13b4009e18c5a36913d255978cb001c2284533ea82"
score = 75
@@ -266789,8 +266962,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_1 : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L10-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L10-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dfa356b4dff12c3de467c74763fc4d233db9ff5bc3e9ac9f052d331fa47a4ded"
score = 75
quality = 85
@@ -266823,8 +266996,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_Signing_Cert : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L36-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L36-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ead1de262858960a13b375713183f775bc275fbf4beba4c0839cef2baa5e9f00"
score = 50
quality = 85
@@ -266854,8 +267027,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_2 : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L59-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L59-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f640f1dc60c6714195dcdb9a0bb4fb0c34e0a62673bca00c7f49f7b73c3f9b0a"
score = 75
quality = 85
@@ -266887,8 +267060,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_Excalibur_1 : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L84-L105"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L84-L105"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ffbd971368420460573c4ecc68261088ffacf91ab9ae72405b41393b04aa2b46"
score = 75
quality = 85
@@ -266916,8 +267089,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_3 : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L107-L124"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L107-L124"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1032f41688e7cb3fe0be33b143c1af43ee705737a70af3b336ba8504ffe169a9"
score = 75
quality = 85
@@ -266943,8 +267116,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_4 : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L126-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L126-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c445e745ef520438fa7c4ddcae2657b57c80d798640fdd7c85eabf535f158911"
score = 75
quality = 85
@@ -266969,8 +267142,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Tool_Ntscan : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L143-L159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L143-L159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f2b41c1e6db8c9288663cccbf5659484ed415b403068cc566b31aa044bf0de9e"
score = 75
quality = 85
@@ -266995,8 +267168,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_5 : FILE
date = "2016-10-20"
modified = "2023-12-05"
reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passcv.yar#L161-L182"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passcv.yar#L161-L182"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "30508c6561a2bb908945e9092da1d5cf2257b8b183effcea25a1ba15567f3d20"
score = 75
quality = 85
@@ -267026,8 +267199,8 @@ rule SIGNATURE_BASE_Backdoor_Redosdru_Jun17 : HIGHVOL FILE
date = "2017-06-04"
modified = "2023-12-05"
reference = "https://goo.gl/OOB3mH"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eternalblue_non_wannacry.yar#L12-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eternalblue_non_wannacry.yar#L12-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99218c4decf98f02eb75c3c41a56f857a07779c68d30c4d16ca605052c4f9c3e"
score = 75
quality = 85
@@ -267060,8 +267233,8 @@ rule SIGNATURE_BASE_Backdoor_Nitol_Jun17 : FILE
date = "2017-06-04"
modified = "2023-01-07"
reference = "https://goo.gl/OOB3mH"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eternalblue_non_wannacry.yar#L38-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eternalblue_non_wannacry.yar#L38-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9035b8bd74c284f170f8c9767d96580dba243786abaa3b2e79e05a981f8fa204"
score = 75
quality = 85
@@ -267092,8 +267265,8 @@ rule SIGNATURE_BASE_Xrat_1 : FILE
date = "2017-12-11"
modified = "2023-12-05"
reference = "https://goo.gl/Pg3P4W"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_xrat.yar#L12-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_xrat.yar#L12-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "032c5af4f34959783102977543d2caf6199b8d1880a64797882f591e36c64d69"
score = 75
quality = 85
@@ -267128,8 +267301,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbrokers_Jan17_Screen_Strings : FILE
date = "2017-01-08"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message7/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_jan17.yar#L10-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_jan17.yar#L10-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8015b227c5df68fffadb86b72843b2b831d5603978ada3f50cc535a870aa94eb"
score = 75
quality = 85
@@ -267165,8 +267338,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_1 : FILE
date = "2018-01-28"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_suckfly.yar#L14-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_suckfly.yar#L14-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf617259df00b16272caffa8f1ffcf8d29cb98cb6ab85ca52e0bb0706f0cd5b0"
score = 75
quality = 85
@@ -267191,8 +267364,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_2 : FILE
date = "2018-01-28"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_suckfly.yar#L31-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_suckfly.yar#L31-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2e4f6a920e063113a9ff252869e1c2ebdf5a2495b4adb1edaf9500904234f362"
score = 75
quality = 85
@@ -267227,8 +267400,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_3 : FILE
date = "2018-01-28"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_suckfly.yar#L61-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_suckfly.yar#L61-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4fddb55999bbbeecd92863219e878c840640e4d17008cb789a255528ef3fac9c"
score = 75
quality = 85
@@ -267260,8 +267433,8 @@ rule SIGNATURE_BASE_APT_Apt_Duqu2_Loaders : FILE
date = "2015-06-09"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kaspersky_duqu2.yar#L10-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kaspersky_duqu2.yar#L10-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79f205745e61b55c43c239d9da9086fd72312ea2741351183d32f7c227174ff8"
score = 75
quality = 83
@@ -267298,8 +267471,8 @@ rule SIGNATURE_BASE_APT_Apt_Duqu2_Drivers : FILE
date = "2015-06-09"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kaspersky_duqu2.yar#L40-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kaspersky_duqu2.yar#L40-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "023a51408f86814a8f810d0f89b185aca07dd60a1abb6de47f86ad8eeda4c4c4"
score = 75
quality = 85
@@ -267327,8 +267500,8 @@ rule SIGNATURE_BASE_Duqu2_Generic1 : FILE
date = "2015-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/7yKyOj"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kaspersky_duqu2.yar#L61-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kaspersky_duqu2.yar#L61-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "742934198391bd30da654bf8efedc2a18c58dd0de357b2bcdbdbe8066187b0c2"
score = 75
quality = 85
@@ -267367,8 +267540,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Procexp : FILE
date = "2015-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/7yKyOj"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kaspersky_duqu2.yar#L92-L114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kaspersky_duqu2.yar#L92-L114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd63f0eebc88fa0737905f20dc30dc968df81b7976a86ed8ed5646f7708c4b4a"
score = 75
quality = 85
@@ -267399,8 +267572,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Samsungprint : FILE
date = "2015-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/7yKyOj"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kaspersky_duqu2.yar#L116-L134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kaspersky_duqu2.yar#L116-L134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ce39f41eb4506805efca7993d3b0b506ab6776ca"
logic_hash = "9b2d80cfe3c47ac315b76c773acc3290668e06e4bbd99402e203b72af593fab8"
score = 75
@@ -267428,8 +267601,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Msi3_32 : FILE
date = "2015-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/7yKyOj"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_kaspersky_duqu2.yar#L136-L157"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_kaspersky_duqu2.yar#L136-L157"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "53d9ef9e0267f10cc10f78331a9e491b3211046b"
logic_hash = "718223d1ff82ffa0f3204e0cdaf0d441ed133f1f069d9ba2eb818bd3445f63ca"
score = 75
@@ -267460,8 +267633,8 @@ rule SIGNATURE_BASE_P0Wnedpowercat : FILE
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L10-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L10-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5882d0f91f237d2abe1149421db0e217e6dfcca70130d346a70d5c851eca085f"
score = 75
quality = 85
@@ -267490,8 +267663,8 @@ rule SIGNATURE_BASE_Hacktool_Strings_P0Wnedshell : FILE
date = "2017-01-14"
modified = "2023-02-10"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L31-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L31-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "faec8f0af877f1a80ff994e08c756728cea5f58000f7124c1a6e7e4c86e7f5c0"
score = 75
quality = 85
@@ -267528,8 +267701,8 @@ rule SIGNATURE_BASE_P0Wnedpotato
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L64-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L64-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d9107db6c6460429358a2f9f1f47d103e96811152e8d03517871ff0c66578d05"
score = 75
quality = 85
@@ -267556,8 +267729,8 @@ rule SIGNATURE_BASE_P0Wnedexploits
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L83-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L83-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "40f23316117faa63fa9e9a5d281600f8e9d41857aac815d22559391c74dec157"
score = 75
quality = 85
@@ -267581,8 +267754,8 @@ rule SIGNATURE_BASE_P0Wnedshellx64
date = "2017-01-14"
modified = "2021-09-15"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L99-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L99-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d7cd33548ed3485cc6f3cd289813a8eb83b34e800b839c5c8f8add5f9e01a3da"
score = 75
quality = 85
@@ -267609,8 +267782,8 @@ rule SIGNATURE_BASE_P0Wnedlistenerconsole
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L120-L140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L120-L140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "068e590f6f4f99c27814f2bf96d51e1c8c6422afcf8b99bb9f1852216335da7b"
score = 75
quality = 85
@@ -267640,8 +267813,8 @@ rule SIGNATURE_BASE_P0Wnedbinaries
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L142-L161"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L142-L161"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4df7fcf508a9257ea418bd1995158c3676037b310dc884d44658977fda81b13b"
score = 75
quality = 85
@@ -267670,8 +267843,8 @@ rule SIGNATURE_BASE_P0Wnedamsibypass
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L163-L178"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L163-L178"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f7613506058706fc74979fdd4f9e425e9d16527120e0f2f49bc21e3e43d3b16"
score = 75
quality = 85
@@ -267696,8 +267869,8 @@ rule SIGNATURE_BASE_P0Wnedshell_Outputs
date = "2017-01-14"
modified = "2023-12-05"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_p0wnshell.yar#L180-L196"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_p0wnshell.yar#L180-L196"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "85d5317a473d981fe6ee1362789f34653a838c63d823bb62028a25c9db27cf6e"
score = 75
quality = 85
@@ -267723,8 +267896,8 @@ rule SIGNATURE_BASE_Keylogger_CN_APT : FILE
date = "2016-03-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_keylogger_cn.yar#L8-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_keylogger_cn.yar#L8-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3efb3b5be39489f19d83af869f11a8ef8e9a09c3c7c0ad84da31fc45afcf06e7"
logic_hash = "a5330d15ad7199212cec44ade401c224c40a468650abbc7bf282b26a21cdc22b"
score = 75
@@ -267760,8 +267933,8 @@ rule SIGNATURE_BASE_MAL_Gozicrypter_Dec20_1 : FILE
date = "2020-12-02"
modified = "2023-12-05"
reference = "YaraExchange"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_gozi_crypter.yar#L2-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_gozi_crypter.yar#L2-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51fdfbb59b8f52cc2ff89d994c0f89d2c2895c346b098879c68b4ccb880783c1"
score = 70
quality = 85
@@ -267780,10 +267953,10 @@ rule SIGNATURE_BASE_Gifcloaked_Webshell_A : FILE
author = "Florian Roth (Nextron Systems)"
id = "4fdef65c-204a-5019-9b4f-c5877c3e39d4"
date = "2018-03-12"
- modified = "2023-12-05"
+ modified = "2026-02-04"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/yara_mixed_ext_vars.yar#L180-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/yara_mixed_ext_vars.yar#L176-L197"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f1c95b13a71ca3629a0bb79601fcacf57cdfcf768806a71b26f2448f8c1d5d24"
logic_hash = "0c4570373d50c40745cd0523dcf8c34ee3cae1c298982b3a39d4a33e054aa779"
score = 60
@@ -267813,8 +267986,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Obfuscation : FILE
date = "2023-04-02"
modified = "2023-05-08"
reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_sparc_sbz_apr23.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_sparc_sbz_apr23.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d45dc8d8dbc62cee6b7ec4aa842eaa88bd23aea17e995eef4850fd91e7069a3"
score = 60
quality = 85
@@ -267836,8 +268009,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Uniquestrings
date = "2023-04-02"
modified = "2023-05-08"
reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_sparc_sbz_apr23.yar#L26-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_sparc_sbz_apr23.yar#L26-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bb95fc6bda0a0ed8ffc6db9734c725c487b0e70909d60119bf58d60987daaaeb"
score = 60
quality = 85
@@ -267861,8 +268034,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Modulestruct : FILE
date = "2023-04-02"
modified = "2023-05-08"
reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_sparc_sbz_apr23.yar#L49-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_sparc_sbz_apr23.yar#L49-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dc9608c769dcb14ba01559bfe2e8ed03eebf5695b867b53742f26e3fcce389ca"
score = 60
quality = 85
@@ -267884,8 +268057,8 @@ rule SIGNATURE_BASE_SUSP_Email_Redirection_Spoofing_Feb25
date = "2025-02-20"
modified = "2025-03-20"
reference = "https://any.run/cybersecurity-blog/cyber-attacks-january-2025/#fake-youtube-links-redirect-users-to-phishing-pages-11298"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/susp_email_redirection_spoofing.yar#L1-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_email_redirection_spoofing.yar#L1-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9b196220b369c199a7e4d57cb5db18b32eb2565a6f9190929c5c01ac4fa04ac8"
hash = "c4eb35c1a1c10226bff9bb0c88ca516441208d193b4994eeb292a66e53a2cc04"
hash = "e3b8ea03a472348814c6ac81088234836e627a1878ec36e46ce62526e1390935"
@@ -267911,8 +268084,8 @@ rule SIGNATURE_BASE_MAL_LNX_Camarodragon_Sheel_Oct23 : FILE
date = "2023-10-06"
modified = "2023-12-05"
reference = "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_camaro_dragon_oct23.yar#L2-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_camaro_dragon_oct23.yar#L2-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b06f645b766a099adb71c144bdced70c130735e75d5be6451f71077c7d3a5d19"
score = 85
quality = 85
@@ -267938,8 +268111,8 @@ rule SIGNATURE_BASE_MAL_LNX_Camarodragon_Horseshell_Oct23 : FILE
date = "2023-10-06"
modified = "2023-12-05"
reference = "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_camaro_dragon_oct23.yar#L27-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_camaro_dragon_oct23.yar#L27-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73adaa286b345cffd35e6ba017b3204d8818dcaeea8a48ca93959566461ac3ca"
score = 85
quality = 85
@@ -267970,8 +268143,8 @@ rule SIGNATURE_BASE_LOG_EXPL_SUSP_Teamcity_CVE_2023_42793_Oct23_1 : CVE_2023_427
date = "2023-10-02"
modified = "2023-12-05"
reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_teamcity_2023_42793.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_teamcity_2023_42793.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b6c8e3e3ff91563899ca94904a56460cd702a3e58e0aacf1c3acb506ec3f959"
score = 70
quality = 85
@@ -267995,8 +268168,8 @@ rule SIGNATURE_BASE_LOG_EXPL_SUSP_Teamcity_Oct23_1
date = "2023-10-02"
modified = "2023-12-05"
reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_teamcity_2023_42793.yar#L20-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_teamcity_2023_42793.yar#L20-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2f0abffb9c72e6b32875310e5af7365b6cab4e6c4f6188daa3085b57c38ed0e"
score = 70
quality = 85
@@ -268019,8 +268192,8 @@ rule SIGNATURE_BASE_MAL_EXPL_Perfctl_Oct24 : FILE
date = "2024-10-09"
modified = "2024-12-12"
reference = "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_perfctl_oct24.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_perfctl_oct24.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "44d4683efc66b3c6c2d32be6b83a2bbc1db39c9a020365dddd27c20667bc6a66"
score = 80
quality = 85
@@ -268045,8 +268218,8 @@ rule SIGNATURE_BASE_MAL_LNX_Perfctl_Oct24 : FILE
date = "2024-10-09"
modified = "2024-12-12"
reference = "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_perfctl_oct24.yar#L23-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_perfctl_oct24.yar#L23-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d47df34240f59124542acc41484e8935327490c04c4e15a558b2ffc6f9c52ea8"
score = 75
quality = 85
@@ -268072,8 +268245,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Dropped_P0O6543F_1 : FILE
date = "2015-12-02"
modified = "2023-12-05"
reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_phish_gina_dec15.yar#L8-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_phish_gina_dec15.yar#L8-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "db788d6d3a8ed1a6dc9626852587f475e7671e12fa9c9faa73b7277886f1e210"
logic_hash = "91fc1b4682c1490b916b11685e1ecc74a964d657e544c0b84e8301b299154d02"
score = 75
@@ -268104,8 +268277,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Dropped_P0O6543F_2 : FILE
date = "2015-12-03"
modified = "2023-12-05"
reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_phish_gina_dec15.yar#L31-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_phish_gina_dec15.yar#L31-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f5eb21d0f635171e1edcfecc909bc3508dfb6c32e7fdd7263edd5cd98e6ba411"
score = 75
quality = 85
@@ -268131,8 +268304,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Attach_P_ORD_C_10156_124658 : FILE
date = "2015-12-02"
modified = "2023-12-05"
reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_phish_gina_dec15.yar#L49-L73"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_phish_gina_dec15.yar#L49-L73"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2820b024b371447eab71f153b6251776719cfe55e08cb2a3cda5ee6da29949d"
score = 75
quality = 85
@@ -268167,8 +268340,8 @@ rule SIGNATURE_BASE_Keyboys_Malware_1 : FILE
date = "2017-11-02"
modified = "2023-12-05"
reference = "http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_keyboys.yar#L13-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_keyboys.yar#L13-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "78fb48c4b3e09f0d55ca6049601ea62dd526167481725b48de6624bb27fb943b"
score = 75
quality = 85
@@ -268207,8 +268380,8 @@ rule SIGNATURE_BASE_Keyboy_Installclient : FILE
date = "2018-03-26"
modified = "2023-12-05"
reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_keyboys.yar#L52-L73"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_keyboys.yar#L52-L73"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "701b87785562dc391191b1e59573c6027b27c4fffe1c9155a82114521c85bc59"
score = 75
quality = 85
@@ -268238,8 +268411,8 @@ rule SIGNATURE_BASE_Keyboy_Wab32Res : FILE
date = "2018-03-26"
modified = "2023-12-05"
reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_keyboys.yar#L75-L96"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_keyboys.yar#L75-L96"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e23bfeed0587ac69527234dd3f8b4f8c5628128ab667af7b99c4d75ca99459b"
score = 75
quality = 85
@@ -268270,8 +268443,8 @@ rule SIGNATURE_BASE_Keyboy_Rasauto : FILE
date = "2018-03-26"
modified = "2023-12-05"
reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_keyboys.yar#L98-L126"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_keyboys.yar#L98-L126"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87529000522d5fad4346a0228c96d3adf122587d91b0cff083948787e53cc024"
score = 75
quality = 85
@@ -268304,8 +268477,8 @@ rule SIGNATURE_BASE_Keyboy_876_0X4E20000 : FILE
date = "2018-03-26"
modified = "2023-12-05"
reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_keyboys.yar#L128-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_keyboys.yar#L128-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "092bb19cd7a4250560ea71a3e54780a8fd34a229caa294e4cd5b6d522850d519"
score = 75
quality = 85
@@ -268338,8 +268511,8 @@ rule SIGNATURE_BASE_Glassrat
date = "2015-11-03"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_glassRAT.yar#L8-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_glassRAT.yar#L8-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "939d2cb11ff414641f68b2913fe8d24458e1fd7ba450b8781072bb10da3ad039"
score = 75
quality = 85
@@ -268370,8 +268543,8 @@ rule SIGNATURE_BASE_Glassrat_Generic : FILE
date = "2015-11-23"
modified = "2023-12-05"
reference = "https://blogs.rsa.com/peering-into-glassrat/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_glassRAT.yar#L45-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_glassRAT.yar#L45-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fdd309c403e53bfa80340c1334f90fd5ef5f4618737b19069a07f7aa63aeb23d"
score = 80
quality = 85
@@ -268398,6 +268571,96 @@ rule SIGNATURE_BASE_Glassrat_Generic : FILE
condition:
uint16( 0 ) == 0x5a4d and filesize < 15MB and 5 of them
}
+rule SIGNATURE_BASE_SUSP_Claude_Refusal_Magic_String_Jan26
+{
+ meta:
+ description = "Detects refusal magic string that cause Claude sessions to be terminated. This might indicate that a file tries to prevent being analyzed by LLM agents."
+ author = "Marius Benthin"
+ id = "13e9c713-0201-5c5c-bc42-de898c0d8b95"
+ date = "2026-01-29"
+ modified = "2026-01-29"
+ reference = "https://x.com/williballenthin/status/2014687699165135150"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_claude_magic_strings.yar#L1-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
+ hash = "ffa48ed4b7b48897f6756c4222b2606399de0bca627cedfddf61e69986580430"
+ logic_hash = "ae5b451168d03440f84b89d96db2688f828e5dcbcdd1121edf3fb973571d2dbd"
+ score = 75
+ quality = 83
+ tags = ""
+
+ strings:
+ $x1 = "ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_" ascii wide nocase
+
+ condition:
+ $x1
+}
+rule SIGNATURE_BASE_MAL_Claude_Refusal_Magic_String_Jan26
+{
+ meta:
+ description = "Detects Base64 variations of refusal magic string that cause Claude sessions to be terminated. This might indicate that a file tries to prevent being analyzed by LLM agents."
+ author = "Marius Benthin"
+ id = "96b73331-989f-5af5-8f17-30b99fcc2800"
+ date = "2026-01-29"
+ modified = "2026-01-29"
+ reference = "Internal Research"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_claude_magic_strings.yar#L15-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
+ logic_hash = "e1c070b77e3568966f605fa47a2b3be917065954bc157e3721ff2fb3ac4d72f7"
+ score = 80
+ quality = 85
+ tags = ""
+
+ strings:
+ $xb1 = "ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_" ascii wide base64 base64wide
+
+ condition:
+ $xb1
+}
+rule SIGNATURE_BASE_SUSP_Claude_Redacted_Thinking_Magic_String_Jan26_1
+{
+ meta:
+ description = "Detects redacted thinking magic string that cause Claude sessions to be terminated. This might indicate that a file tries to prevent being analyzed by LLM agents."
+ author = "Marius Benthin"
+ id = "005732f9-015a-5741-8b39-b1a32812c96d"
+ date = "2026-01-29"
+ modified = "2026-01-29"
+ reference = "Internal Research"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_claude_magic_strings.yar#L28-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
+ hash = "ffa48ed4b7b48897f6756c4222b2606399de0bca627cedfddf61e69986580430"
+ logic_hash = "02b85e9df893d6be91f8053ac67884e5a24893ef225ca0e7b3878b38afb79420"
+ score = 65
+ quality = 83
+ tags = ""
+
+ strings:
+ $x1 = "ANTHROPIC_MAGIC_STRING_TRIGGER_REDACTED_THINKING_" ascii wide nocase
+
+ condition:
+ $x1
+}
+rule SIGNATURE_BASE_SUSP_Claude_Redacted_Thinking_Magic_String_Jan26_2
+{
+ meta:
+ description = "Detects Base64 variations of redacted thinking magic string that cause Claude sessions to be terminated. This might indicate that a file tries to prevent being analyzed by LLM agents."
+ author = "Marius Benthin"
+ id = "9c2f1cb1-e70d-5da4-843e-a31b39f492ff"
+ date = "2026-01-29"
+ modified = "2026-01-29"
+ reference = "Internal Research"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_claude_magic_strings.yar#L42-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
+ logic_hash = "3b901ffeaff1e4bef579df00e4e99fe8f9eb4ae9ee8e8bde7a730f0fd4646762"
+ score = 75
+ quality = 85
+ tags = ""
+
+ strings:
+ $xb1 = "ANTHROPIC_MAGIC_STRING_TRIGGER_REDACTED_THINKING_" ascii wide base64 base64wide
+
+ condition:
+ $xb1
+}
rule SIGNATURE_BASE_Bin_Ndisk : FILE
{
meta:
@@ -268407,8 +268670,8 @@ rule SIGNATURE_BASE_Bin_Ndisk : FILE
date = "2015-07-07"
modified = "2023-12-05"
reference = "https://www.virustotal.com/en/file/a03a6ed90b89945a992a8c69f716ec3c743fa1d958426f4c50378cca5bef0a01/analysis/1436184181/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hackingteam_rules.yar#L10-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hackingteam_rules.yar#L10-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cf5089752ba51ae827971272a5b761a4ab0acd84"
logic_hash = "d93147e9631065eab35cbbc4ce112cfef92f81063cf8570bc021fbfe72811ab6"
score = 100
@@ -268438,8 +268701,8 @@ rule SIGNATURE_BASE_Hackingteam_Elevator_DLL : FILE
date = "2015-07-07"
modified = "2023-12-05"
reference = "http://t.co/EG0qtVcKLh"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hackingteam_rules.yar#L33-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hackingteam_rules.yar#L33-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7ec5d36ca702cc9690ac7279fd4fea28d8bd060"
logic_hash = "f2860c0bb6176f7cc57cb703e9d4235c4cf0b9cc1c0e7c47fb4c8ba47155a616"
score = 70
@@ -268471,8 +268734,8 @@ rule SIGNATURE_BASE_Hackingteam_Elevator_EXE : FILE
date = "2015-07-07"
modified = "2023-12-05"
reference = "Hacking Team Disclosure elevator.c"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hackingteam_rules.yar#L58-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hackingteam_rules.yar#L58-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9261693b67b6e379ad0e57598602712b8508998c0cb012ca23139212ae0009a1"
logic_hash = "58f3c28fa69da0329a4cd5451a86260056076a9d0094965e9c23a63ef72cfc98"
score = 70
@@ -268508,8 +268771,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Scheduledtask_Loader : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L3-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L3-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d32ee777cb40c6fa58787e92c0de074ea5b81d629a17ccb4f9432d62436f03c"
score = 80
quality = 85
@@ -268532,8 +268795,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Kaosrat_Yamabot
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L20-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L20-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "92182aac2e56041292102b0486b7de1ee6eb3d54a9fc6786c567acd92073cd84"
score = 70
quality = 85
@@ -268564,8 +268827,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Trifaux_Easyrat_JUPITER : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L44-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L44-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6108035dbebd34fe994fc1f8b4123321321f6ed5c022be6e84a88f905ea6fb73"
score = 80
quality = 85
@@ -268588,8 +268851,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Cutiedrop_Magicrat : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L61-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L61-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f289bbd71bdeaf2c42063642454679ec26de5ed24c020af40db694a0ced54884"
score = 80
quality = 85
@@ -268617,8 +268880,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_HHSD_Filetransfertool : FILE
date = "2024-07-25"
modified = "2025-07-09"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L87-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L87-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "665c1b27d64d5377be98aa4e629b077e56f3a44273d98653a338439b3dc05b65"
score = 70
quality = 85
@@ -268642,8 +268905,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Atharvan_3RAT : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L127-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L127-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "741318234e245a35accc0b102a7891559ce5ef868ccdc3e6e4c8e59d8dea8b24"
score = 80
quality = 85
@@ -268665,8 +268928,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Lilithrat_Variant : FILE
date = "2024-07-25"
modified = "2024-07-26"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L143-L178"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L143-L178"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3ce68908468ff85683b081842fa4faa579fbf6f7dc1a7fab5dcf7eac63d90aea"
score = 80
quality = 85
@@ -268696,8 +268959,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Sockstroy_Strings_Opcodes : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L180-L199"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L180-L199"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ab31b285d0dba1745a2d8b172bd02931c6138e2b8e541203b88f111d179549b"
score = 80
quality = 85
@@ -268721,8 +268984,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Agni : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L201-L216"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L201-L216"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "302899b65e5a3a6beabbb46e80e3f0ff246c209206cc3a7f871011d68871d0b9"
score = 80
quality = 85
@@ -268744,8 +269007,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Handshake
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L218-L230"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L218-L230"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1978210d07d3298c0051c9faca16685636e3fb45131b4c2fcb7053a0b3ef84d1"
score = 75
quality = 85
@@ -268766,8 +269029,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Tasks
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L232-L247"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L232-L247"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d3fb944888b289d345ffc8dfcc988abd04b8cabd1729a66e8236f95ee6147ee"
score = 80
quality = 85
@@ -268791,8 +269054,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Blackstring : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L249-L261"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L249-L261"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "07ea38890e99dd53437a23b7c4002851604b69a83bd7fb8971609226249e5954"
score = 90
quality = 85
@@ -268813,8 +269076,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_ELF_Backdoor_Fipps : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L291-L307"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L291-L307"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b57eb6c6b89e93863b9600c4a1384f3e064f236e827ef9ffc37b1e5dcff7d24"
score = 80
quality = 85
@@ -268838,8 +269101,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Bindshell : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L309-L328"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L309-L328"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "409aa6a27d81e14ea90d90ee02924cb11f5fecef592e6577b084f9ab2dde35fc"
score = 50
quality = 85
@@ -268865,8 +269128,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Grease2 : FILE
date = "2024-07-25"
modified = "2024-07-26"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L330-L351"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L330-L351"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "138fc915206e0c2834090ebc0a808913488121d51c17de3dbfadcb4099fbfa2f"
score = 80
quality = 85
@@ -268890,8 +269153,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Nopineapple_Dtrack_Unpacked : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L353-L368"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L353-L368"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cf5f92a66ba3ff4db61102dcc50b781e8dd14ca7cb1eb70dae8eba2ed0910b66"
score = 80
quality = 85
@@ -268914,8 +269177,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Dtrack_Unpacked : FILE
date = "2024-07-25"
modified = "2024-07-26"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L370-L393"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L370-L393"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8de583fc0de01e6784305d28dbf7cea859a24cf4df1dc59356601bc830e4770"
score = 75
quality = 85
@@ -268940,8 +269203,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Tigerrat_Crowdsourced_Rule : FILE
date = "2024-07-25"
modified = "2024-07-26"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L395-L424"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L395-L424"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d203d8c7e624796571f4597f70be0b8303f21c096640f25018cad29d4abc05b"
score = 75
quality = 85
@@ -268969,8 +269232,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_WIN_Tiger_RAT_Auto : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L426-L565"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L426-L565"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1deef66efb44c0d17f33508a8b6f0d6253f0308f309e81657f78eb0f87121bf5"
score = 75
quality = 85
@@ -269006,8 +269269,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_WIN_Dtrack_Auto : FILE
date = "2024-07-25"
modified = "2026-01-29"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_andariel_jul24.yar#L567-L706"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_andariel_jul24.yar#L567-L706"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2bd68ee6e5f35a9b80c07120beba3fe1f3ba9a9137ee15bb04bb2740381a9a44"
score = 75
quality = 85
@@ -269042,8 +269305,8 @@ rule SIGNATURE_BASE_EXPL_Manageengine_CVE_2022_47966_Jan23_1
date = "2023-01-13"
modified = "2023-12-05"
reference = "https://www.horizon3.ai/manageengine-cve-2022-47966-iocs/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_manageengine_jan23.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_manageengine_jan23.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a62064e4f12632ba6c14cbbd9369ee919536334f19021a177c126b5dff7e568c"
score = 75
quality = 85
@@ -269065,8 +269328,8 @@ rule SIGNATURE_BASE_KHRAT_Malware : FILE
date = "2017-08-31"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_khrat.yar#L13-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_khrat.yar#L13-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cfc1a9fb4dbec4deb70616ab7c4cce3cf56429f61fd36f78245621527d011e20"
score = 75
quality = 85
@@ -269086,8 +269349,8 @@ rule SIGNATURE_BASE_MAL_KHRAT_Script
date = "2017-08-31"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_khrat.yar#L26-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_khrat.yar#L26-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c27a89028794b50b95850d90ee29b56606e6b58b862a26e287077e7f7be7f096"
score = 75
quality = 85
@@ -269112,8 +269375,8 @@ rule SIGNATURE_BASE_MAL_KHRAT_Scritplet : FILE
date = "2017-08-31"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_khrat.yar#L43-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_khrat.yar#L43-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbbabd8e2f17827d96aeef4ea362f133cf3fcc31716c517b86a05a010ff62510"
score = 75
quality = 85
@@ -269142,8 +269405,8 @@ rule SIGNATURE_BASE_ATM_Malware_Dispenserxfs_1 : FILE
date = "2019-02-27"
modified = "2023-01-06"
reference = "https://twitter.com/r3c0nst/status/1100775857306652673"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_atm_dispenserxfs.yar#L4-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_atm_dispenserxfs.yar#L4-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c7331b29f7cd8c40f99e235664f86361ba99c9ca0092c1cfb6faf367764303e"
score = 80
quality = 85
@@ -269168,8 +269431,8 @@ rule SIGNATURE_BASE_Saudi_Phish_Trojan : FILE
date = "2017-10-12"
modified = "2023-12-05"
reference = "https://goo.gl/Z3JUAA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_saudi_aramco_phish.yar#L10-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_saudi_aramco_phish.yar#L10-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f7199d2e408cc057d88234e4041c7d87652d1ed361eaaf75bb37da45900e9f38"
score = 75
quality = 85
@@ -269196,8 +269459,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_DLL_Moveit_Jun23_1 : FILE
date = "2023-06-01"
modified = "2023-12-05"
reference = "https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_moveit_0day_jun23.yar#L2-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_moveit_0day_jun23.yar#L2-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "47c2ec1e833852941434586b61d6f435b9acb32b2ff48e0a9e8006e0f9ff8056"
score = 85
quality = 85
@@ -269222,8 +269485,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Moveit_Jun23_1 : FILE
date = "2023-06-01"
modified = "2023-12-05"
reference = "https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_moveit_0day_jun23.yar#L24-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_moveit_0day_jun23.yar#L24-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "436f9a503ad938541faa8f34604310ba6d932e40a41dc189ccd293b7191a7621"
score = 85
quality = 85
@@ -269249,8 +269512,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_1
date = "2023-06-01"
modified = "2023-12-05"
reference = "https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_moveit_0day_jun23.yar#L43-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_moveit_0day_jun23.yar#L43-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26674d8dea5cb2e95e442c4c75d80ca610f7373f0b216c0b1c83a5b1f9f70316"
score = 70
quality = 85
@@ -269272,8 +269535,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_2
date = "2023-06-03"
modified = "2023-12-05"
reference = "https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_moveit_0day_jun23.yar#L58-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_moveit_0day_jun23.yar#L58-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "56328d078801a702ad47f01f356df6f00be8da593d03c549e77312af9b47b5be"
score = 70
quality = 85
@@ -269300,8 +269563,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_3
date = "2023-06-13"
modified = "2023-12-05"
reference = "https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_moveit_0day_jun23.yar#L81-L94"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_moveit_0day_jun23.yar#L81-L94"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2eaa06c31687c6368f036a705fdc1b1c42355f19c098ae764a998039cc4aebb5"
score = 70
quality = 85
@@ -269323,8 +269586,8 @@ rule SIGNATURE_BASE_ROKRAT_Malware : FILE
date = "2017-04-03"
modified = "2021-09-14"
reference = "http://blog.talosintelligence.com/2017/04/introducing-rokrat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rokrat.yar#L8-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rokrat.yar#L8-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8b8fa3f97ce13e501cc25b89e2cfdaf785f1cb9f57a9dbd3461596b1bc6178c2"
score = 75
quality = 85
@@ -269358,8 +269621,8 @@ rule SIGNATURE_BASE_ROKRAT_Dropper_Nov17 : FILE
date = "2017-11-28"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rokrat.yar#L48-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rokrat.yar#L48-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4a444342a4fb4d10aaf8efb5c26954847ce1089c9cec37d1ab3b03e0ac566c6c"
score = 75
quality = 85
@@ -269380,8 +269643,8 @@ rule SIGNATURE_BASE_Freeenki_Infostealer_Nov17 : FILE
date = "2017-11-28"
modified = "2023-01-06"
reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rokrat.yar#L63-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rokrat.yar#L63-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e823ef5506b2fdf30a6ff9bdf6eee552b767b66a6c007a30618fc212d598b540"
score = 75
quality = 85
@@ -269414,8 +269677,8 @@ rule SIGNATURE_BASE_Freeenki_Infostealer_Nov17_Export_Sig_Testing : FILE
date = "2017-11-28"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rokrat.yar#L94-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rokrat.yar#L94-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c6d8784aa976501a77441c4e705b7fdc9654277e8cd3f6d966967fb2e1cd724"
score = 50
quality = 85
@@ -269435,8 +269698,8 @@ rule SIGNATURE_BASE_ROKRAT_Nov17_1 : FILE
date = "2017-11-28"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rokrat.yar#L110-L127"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rokrat.yar#L110-L127"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12641d417408ef32292204f620efa3d1347238fa1c6f63b2b6f09a6c660e9e24"
score = 75
quality = 85
@@ -269462,8 +269725,8 @@ rule SIGNATURE_BASE_Invoke_Psimage : FILE
date = "2017-12-16"
modified = "2023-12-05"
reference = "https://github.com/peewpw/Invoke-PSImage"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_invoke_psimage.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_invoke_psimage.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ce4bc73fcba3b82e4d11203aa2c3f0b2f85c6eb9e1784ad76a7b20500b4053f8"
score = 75
quality = 85
@@ -269497,8 +269760,8 @@ rule SIGNATURE_BASE_Telebots_Intercepterng : FILE
date = "2016-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L10-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L10-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbf0d44d871ec471e891fb909612f58263ec0b0c702f87875f6e027362409318"
score = 75
quality = 85
@@ -269528,8 +269791,8 @@ rule SIGNATURE_BASE_Telebots_Killdisk_1 : FILE
date = "2016-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L32-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L32-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e70d324c408bae1bb42b16f19cd0e6b87e8228c7480d571fef5266eee5695fd2"
score = 75
quality = 85
@@ -269558,8 +269821,8 @@ rule SIGNATURE_BASE_Telebots_Killdisk_2 : FILE
date = "2016-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L53-L68"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L53-L68"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4ae09a226c4eecae18e685423ef30b3776be518609f89a078c647fe8ee00f19"
score = 75
quality = 85
@@ -269584,8 +269847,8 @@ rule SIGNATURE_BASE_Telebots_Credraptor_Password_Stealer : FILE
date = "2016-12-14"
modified = "2023-01-06"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L70-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L70-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed884cb7643a61109f87e2887bed7ddb838c73bce28812b76c35bb807629e116"
score = 75
quality = 85
@@ -269612,8 +269875,8 @@ rule SIGNATURE_BASE_Telebots_VBS_Backdoor_1 : FILE
date = "2016-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L90-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L90-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4ff4963058674cf71c123af74c0947da2edf3b5e2622261d14200f406dbe2992"
score = 75
quality = 85
@@ -269639,8 +269902,8 @@ rule SIGNATURE_BASE_Telebots_VBS_Backdoor_2 : FILE
date = "2016-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L108-L123"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L108-L123"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "299a2ca6eacc29b4a7697a8502a56cffda4f6bc6b3354d3cc133712c1755c476"
score = 75
quality = 85
@@ -269665,8 +269928,8 @@ rule SIGNATURE_BASE_Telebots_Win64_Spy_Keylogger_G : FILE
date = "2016-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/4if3HG"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_telebots.yar#L125-L144"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_telebots.yar#L125-L144"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b4db8f290bd4f943a90669afd5bff6b766d0723fb3ee9c69d7097e737beadc8"
score = 75
quality = 85
@@ -269696,8 +269959,8 @@ rule SIGNATURE_BASE_SUSP_THOR_Unsigned_Oct23_1 : FILE
date = "2023-10-28"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_unsigned_thor.yar#L4-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_unsigned_thor.yar#L4-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12303e3549071dd6c8896f7a1222eb5905f6b4d3f320134416a5b6d53857adeb"
score = 75
quality = 85
@@ -269720,8 +269983,8 @@ rule SIGNATURE_BASE_Win32_Buzus_Softpulse : FILE
date = "2015-05-13"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_buzus_softpulse.yar#L2-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_buzus_softpulse.yar#L2-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2f6df200e63a86768471399a74180466d2e99ea9"
logic_hash = "49625594db57e9d629860970c20493b76e554addc2edb41adba64673a820a94b"
score = 75
@@ -269750,8 +270013,8 @@ rule SIGNATURE_BASE_Bernhardpos
date = "2015-07-14"
modified = "2023-12-05"
reference = "http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_bernhard_pos.yar#L1-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_bernhard_pos.yar#L1-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e49820ef02ba5308ff84e4c8c12e7c3d"
logic_hash = "c00f2fda5a391b44767d918945069f18cef084dd4dc6aa94d8f945bf97ac462a"
score = 70
@@ -269777,8 +270040,8 @@ rule SIGNATURE_BASE_SUSP_Xored_URL_In_EXE : FILE
date = "2020-03-09"
modified = "2022-09-16"
reference = "https://twitter.com/stvemillertime/status/1237035794973560834"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_xor.yar#L4-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_xor.yar#L4-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2113324ae04a9022be4cf5c615ad231206eeefb5aa87a2236ec3c9deee9e7ec2"
score = 50
quality = 85
@@ -269818,8 +270081,8 @@ rule SIGNATURE_BASE_MAL_Sednit_Delphidownloader_Apr18_2 : FILE
date = "2018-04-24"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sednit_delphidownloader.yar#L11-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sednit_delphidownloader.yar#L11-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "32acbec3405007afce22b0521785439686338d4d3beb02a1d7b9005e49d87221"
score = 75
quality = 85
@@ -269855,8 +270118,8 @@ rule SIGNATURE_BASE_MAL_Sednit_Delphidownloader_Apr18_3 : FILE
date = "2018-04-24"
modified = "2023-01-06"
reference = "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sednit_delphidownloader.yar#L40-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sednit_delphidownloader.yar#L40-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "20446692842ec9481f34dd976f6b309515c33159653f9988a59335d2f04e4138"
score = 75
quality = 85
@@ -269887,8 +270150,8 @@ rule SIGNATURE_BASE_Octowave_Installer_03_2025 : FILE
date = "2025-03-28"
modified = "2025-04-08"
reference = "https://x.com/CyberRaiju/status/1893450184224362946?t=u0X6ST2Qgnrf-ujjphGOSg&s=19"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_octowave_installer_mar25.yar#L1-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_octowave_installer_mar25.yar#L1-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14b6247cf619ecb8f14fc0a860fa4285e58db2defa15488cda1b2431b3e3e980"
score = 75
quality = 60
@@ -269927,8 +270190,8 @@ rule SIGNATURE_BASE_Tempracer : FILE
date = "2016-03-30"
modified = "2023-12-05"
reference = "http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_tempracer.yar#L10-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_tempracer.yar#L10-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e17d80c4822d16371d75e1440b6ac44af490b71fbee1010a3e8a5eca94d22bb3"
logic_hash = "37355456e13ea9fa6429b68970e0450f4ddbd8da81c070a0383b1e048a05e35a"
score = 75
@@ -269955,8 +270218,8 @@ rule SIGNATURE_BASE_MAL_Shellcode_Loader_Apr23
date = "2023-04-03"
modified = "2023-12-05"
reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_gopuram_apr23.yar#L3-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_gopuram_apr23.yar#L3-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4e423158757c80b5e4e77f6a343323a87798c6697cf6a832aa01a146712b250"
score = 80
quality = 85
@@ -269981,8 +270244,8 @@ rule SIGNATURE_BASE_APT_MAL_Gopuram_Backdoor_Apr23 : FILE
date = "2023-02-24"
modified = "2023-12-05"
reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_gopuram_apr23.yar#L20-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_gopuram_apr23.yar#L20-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa3dd1f35d27d23eb775410cceae81d5b767dc0f1636aac67f2d2e988a3ed995"
score = 80
quality = 85
@@ -270008,8 +270271,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_DLL_Apr23_1 : FILE
date = "2023-04-03"
modified = "2023-12-05"
reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_gopuram_apr23.yar#L43-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_gopuram_apr23.yar#L43-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e0a8f3896c0119ce399e83fe3e565c66144693e84996aa3d01ca1b6315521782"
score = 75
quality = 85
@@ -270040,8 +270303,8 @@ rule SIGNATURE_BASE_APT_UNC4736_NK_MAL_TAXHAUL_3CX_Apr23_1 : FILE
date = "2023-03-04"
modified = "2023-12-05"
reference = "https://www.3cx.com/blog/news/mandiant-initial-results/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_gopuram_apr23.yar#L77-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_gopuram_apr23.yar#L77-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f67af611d0b3d96e4aaf7b3b5e49c1fb536e61a430b79ac0a0560ef3773ba140"
score = 80
quality = 85
@@ -270063,8 +270326,8 @@ rule SIGNATURE_BASE_SUSP_Maldoc_Excelmacro : FILE
date = "2020-11-03"
modified = "2023-12-05"
reference = "YARA Exchange - Undisclosed Macro Builder"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_macro_builders.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_macro_builders.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c5d0655eaf2ca36c828675f9673a1d4284ef8719fd9ec1d354ee3284d1fb0a0c"
score = 65
quality = 85
@@ -270089,8 +270352,8 @@ rule SIGNATURE_BASE_Triton_Trilog : FILE
date = "2017-12-14"
modified = "2023-12-05"
reference = "https://goo.gl/vtQoCQ"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_triton.yar#L70-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_triton.yar#L70-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6406e9e7651978a6817079945dc801afdb6c16dd107527cbfd9a946eca27a51a"
score = 75
quality = 85
@@ -270115,8 +270378,8 @@ rule SIGNATURE_BASE_MAL_Crime_Win32_Loader_Guloader_1_Experimental : FILE
date = "2020-05-04"
modified = "2023-12-05"
reference = "https://twitter.com/VK_Intel/status/1257206565146370050"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_guloader.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_guloader.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "03b7e0251b1c08798ce310cc4c11adfaa3071409d608c91c30d5fc7e28a079de"
score = 50
quality = 85
@@ -270139,8 +270402,8 @@ rule SIGNATURE_BASE_SUSP_SVG_JS_Payload_Mar25 : FILE
date = "2025-03-20"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_svg_js_phish_mar25.yar#L3-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_svg_js_phish_mar25.yar#L3-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7b4b8e42d4df56412969cd1c38dcb750d21b10a54d257a9b918bd6ae0e0f8d11"
hash = "4ae2ebc103f5de7ccfd75603b543d602b5c793e1ef7db19fbb60ff2e42611f75"
hash = "b92e9d6f8a516e78b3e848c4b5b2815b406c9478e6be3777f3e784ceedc66f4a"
@@ -270175,8 +270438,8 @@ rule SIGNATURE_BASE_Malware_QA_Not_Copy : FILE
date = "2016-08-29"
modified = "2023-12-05"
reference = "VT Research QA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_set_qa.yar#L13-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_set_qa.yar#L13-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4001d71101a9c6d4134e7ed4b9b03d34ada62241a668970e21a60d7a23dd7b86"
score = 80
quality = 85
@@ -270207,8 +270470,8 @@ rule SIGNATURE_BASE_Malware_QA_Update : FILE
date = "2016-08-29"
modified = "2023-12-05"
reference = "VT Research QA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_set_qa.yar#L39-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_set_qa.yar#L39-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "97e0fec7bb4ebf326b449cc0d65eb9f024b33e1d2e54c6d3893164b66c024b2a"
score = 80
quality = 85
@@ -270245,8 +270508,8 @@ rule SIGNATURE_BASE_Malware_QA_Tls : FILE
date = "2016-08-29"
modified = "2023-12-05"
reference = "VT Research QA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_set_qa.yar#L71-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_set_qa.yar#L71-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "20c849d8c60acd77a28244c7ebcbb2f96b233e74af6c52112a0c828e1de2ed84"
score = 80
quality = 85
@@ -270271,8 +270534,8 @@ rule SIGNATURE_BASE_Malware_QA_Get_The_Fucking_IP : FILE
date = "2016-08-29"
modified = "2023-12-05"
reference = "VT Research QA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_set_qa.yar#L89-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_set_qa.yar#L89-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab6a60142ef0e7a6e079a1b62da0b962dc3b59584b785516e93c74669574a81b"
score = 80
quality = 85
@@ -270299,8 +270562,8 @@ rule SIGNATURE_BASE_Malware_QA_Vqgk : FILE
date = "2016-08-29"
modified = "2022-12-21"
reference = "VT Research QA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_set_qa.yar#L109-L137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_set_qa.yar#L109-L137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "19b7099cdb8a984f1ba6cf88024db398a81ac4f4bf3c16cac40c5ee0e5b465fd"
score = 80
quality = 85
@@ -270335,8 +270598,8 @@ rule SIGNATURE_BASE_Malware_QA_1177 : FILE
date = "2016-08-29"
modified = "2023-12-05"
reference = "VT Research QA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_set_qa.yar#L139-L161"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_set_qa.yar#L139-L161"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0fa8e6c048bcc51553e8078a71416013696dd937c1508cd636873eab56c3797f"
score = 80
quality = 81
@@ -270365,8 +270628,8 @@ rule SIGNATURE_BASE_Custom_Ssh_Backdoor_Server
date = "2015-05-14"
modified = "2022-08-18"
reference = "https://goo.gl/S46L3o"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_backdoor_ssh_python.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_backdoor_ssh_python.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0953b6c2181249b94282ca5736471f85d80d41c9"
logic_hash = "7bb142b69a75003e8f26d462c0895a3d807d5c326684e83d756178a3b91669dc"
score = 75
@@ -270390,8 +270653,8 @@ rule SIGNATURE_BASE_Dubseven_File_Set : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L1-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L1-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "af98ab901ca97a350aa837779d74208a780b1099e113cfa59bee2eb33690918e"
score = 75
quality = 85
@@ -270419,8 +270682,8 @@ rule SIGNATURE_BASE_Dubseven_Dropper_Registry_Checks : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L31-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L31-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "813ff641a4213cf9d56013768e284e7f622a223c6c4f585c3bbbcf69fc03723c"
score = 75
quality = 85
@@ -270447,8 +270710,8 @@ rule SIGNATURE_BASE_Dubseven_Dropper_Dialog_Remains : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L59-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L59-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "322ddc1210b6bde393970c61113e6efcb87a3529db386323dfd08973e5d2703e"
score = 75
quality = 85
@@ -270470,8 +270733,8 @@ rule SIGNATURE_BASE_Maindll_Mutex : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L83-L103"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L83-L103"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d3311164104198e02e700c2e9a5293e55d75d63b39c75c4e375b7f35eb5fde4"
score = 75
quality = 85
@@ -270492,8 +270755,8 @@ rule SIGNATURE_BASE_Slserver_Dialog_Remains : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L106-L136"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L106-L136"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b18f4a6c54b456ae697e9639e8c3041fd4f3141d89850c3e1d3d4e220c3cea3"
score = 75
quality = 85
@@ -270518,8 +270781,8 @@ rule SIGNATURE_BASE_Slserver_Mutex : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L138-L158"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L138-L158"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9bf3c6c93e77424463e3fb6f9f4d58e80254866462fe1287293b0a357737da20"
score = 75
quality = 85
@@ -270540,8 +270803,8 @@ rule SIGNATURE_BASE_Slserver_Command_And_Control : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L160-L180"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L160-L180"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "48a13d27b7dc9a7f3a65752142b2a291e7c3ee93ef67b36aa4202d065e74d80e"
score = 75
quality = 85
@@ -270562,8 +270825,8 @@ rule SIGNATURE_BASE_Slserver_Campaign_Code : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L182-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L182-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fbf53678399b0e14eae6f1bb6594b2aa665f76f10388e492bec2f9101a4dd4b1"
score = 75
quality = 85
@@ -270584,8 +270847,8 @@ rule SIGNATURE_BASE_Slserver_Unknown_String : FILE
date = "2016-04-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_between-hk-and-burma.yar#L204-L224"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_between-hk-and-burma.yar#L204-L224"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18d3bb236282c506c161949883722da1cb0af6dd87bf5cb3d4a5b3d90f4a7db0"
score = 75
quality = 85
@@ -270606,8 +270869,8 @@ rule SIGNATURE_BASE_APT_MAL_SLOTHFULMEDIA_Oct20_1 : FILE
date = "2020-10-01"
modified = "2023-12-05"
reference = "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_iamtheking.yar#L2-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_iamtheking.yar#L2-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e50bda40eb05767e0903c3d8dd62b4e0290d89740c82c8b7f391d5763dc35156"
score = 75
quality = 85
@@ -270660,8 +270923,8 @@ rule SIGNATURE_BASE_Metasploit_Loader_Rsmudge : FILE
date = "2016-04-20"
modified = "2023-12-05"
reference = "https://github.com/rsmudge/metasploit-loader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_loader_rsmudge.yar#L10-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_loader_rsmudge.yar#L10-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "50b1898e3087a5e0876b87179252c452af48e00bbef52297060d70acd90d0133"
score = 75
quality = 85
@@ -270688,8 +270951,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Dropper_Gen1 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L8-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L8-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "927821e974cff6cd4d15b19bf4d0486abc57725ecdf6f00755dd4f912fbf82d1"
score = 70
quality = 85
@@ -270727,8 +270990,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Sample1 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L50-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L50-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "746df577e952e0354342a48fe9f1650e63e3470902e7c5bba36d36fa34ea2bff"
score = 80
quality = 85
@@ -270752,8 +271015,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Sample2 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L67-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L67-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c7e945131a867bf46a467784d7119c95342733cc723cdeeb76d69c8fdb326749"
score = 80
quality = 85
@@ -270779,8 +271042,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Gen : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L86-L124"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L86-L124"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbc1dec88994427fc5003c9506f5a766531136ee80a16d00d2bf5bd5d7990cb3"
score = 90
quality = 85
@@ -270827,8 +271090,8 @@ rule SIGNATURE_BASE_Plugx_Nvsmartmax_Gen : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L126-L154"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L126-L154"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7795b0d978f9447a6cee808708d65992447e359539a8fe64331c06ad46ff7491"
score = 70
quality = 85
@@ -270864,8 +271127,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Dropper_Gen2 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L156-L183"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L156-L183"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf274053fe7729471716a710e3bd5ed027d6ab2c45f7af9a1103bfa1ada9cbf4"
score = 70
quality = 85
@@ -270900,8 +271163,8 @@ rule SIGNATURE_BASE_Threatgroup3390_Strings : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L185-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L185-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d1e4889a48f4f9bfcc12237dd44cd8ad9db9918c6a5859de086d1ddc051ff937"
score = 60
quality = 85
@@ -270927,8 +271190,8 @@ rule SIGNATURE_BASE_Threatgroup3390_C2 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "http://snip.ly/giNB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_threatgroup_3390.yar#L204-L323"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_threatgroup_3390.yar#L204-L323"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "be411bb8e301eb4ba611bc9d6c8f0e3b8c27b87c2dd3f8405d0eba0296117697"
score = 60
quality = 60
@@ -271056,8 +271319,8 @@ rule SIGNATURE_BASE_Kraken_Bot_Sample : FILE
date = "2015-05-07"
modified = "2023-12-05"
reference = "https://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kraken_bot1.yar#L8-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kraken_bot1.yar#L8-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "798e9f43fc199269a3ec68980eb4d91eb195436d"
logic_hash = "2e0f0a981ce3483aad8e48f6a259f9875ea4f8449feb24bafbae07243dd82a16"
score = 90
@@ -271084,12 +271347,12 @@ rule SIGNATURE_BASE_FE_Webshell_PL_ATRIUM_1
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L12-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L12-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ca0175d86049fa7c796ea06b413857a3"
logic_hash = "869b397616495c644beb997602eac84ddcdbacce4c14755c555f5bda36663ca2"
score = 75
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -271109,12 +271372,12 @@ rule SIGNATURE_BASE_FE_Trojan_SH_ATRIUM_1
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L29-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L29-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a631b7a8a11e6df3fccb21f4d34dbd8a"
logic_hash = "672a293660d89d5d7d62a658c360bad0b6408611d8794744b17a81e6a75ceea7"
score = 75
- quality = 35
+ quality = 60
tags = ""
strings:
@@ -271135,12 +271398,12 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_HARDPULSE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L46-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L46-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "980cba9e82faf194edb6f3cc20dc73ff"
logic_hash = "37fc40fd998d3294edb05707170bc2deec524fc6451bff212901f9ac3e34bb35"
score = 75
- quality = 58
+ quality = 83
tags = ""
strings:
@@ -271164,8 +271427,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux32_LOCKPICK_1 : FILE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L66-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L66-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e8bfd3f5a2806104316902bbe1195ee8"
logic_hash = "1623c2dc63fe7d595069a024b715bbca267ec1c9400afcadc377ae58afb81a2a"
score = 75
@@ -271188,8 +271451,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux32_PACEMAKER : FILE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L81-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L81-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d7881c4de4d57828f7e1cab15687274b"
logic_hash = "f3f89744ce558179f36da3b412ba4afb3798684e6d976ef59de565b5a3323ad6"
score = 75
@@ -271215,8 +271478,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux_PACEMAKER : FILE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L99-L115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L99-L115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d7881c4de4d57828f7e1cab15687274b"
logic_hash = "cf83024cbbd500a301ac3c859b680cd79acabc232ea6f42c23fe9f8918a8d914"
score = 75
@@ -271241,12 +271504,12 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_PULSECHECK_1
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L116-L136"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L116-L136"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a1dcdf62aafc36dd8cf64774dea80d79fb4e24ba2a82adf4d944d9186acd1cc1"
logic_hash = "aba457dd33232ef37ca145c5b7cd9c5fe809730339a55c5e90ac46b4a136f6cb"
score = 75
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -271271,12 +271534,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_PULSEJUMP_1
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L137-L153"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L137-L153"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "91ee23ee24e100ba4a943bb4c15adb4c"
logic_hash = "c9aa2b9ef8aff14c20ed6597b1a71eafc3e3c181aabf9a3a68df18945207ff86"
score = 75
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -271297,12 +271560,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_QUIETPULSE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L154-L172"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L154-L172"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "00575bec8d74e221ff6248228c509a16"
logic_hash = "226a56369e141834d4834400bbf1a006bbb6e9b39e16e24b0106bff1a9c202a9"
score = 75
- quality = 58
+ quality = 83
tags = ""
strings:
@@ -271325,8 +271588,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_1
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L173-L190"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L173-L190"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d72daafedf41d484f7f9816f7f076a9249a6808f1899649b7daa22c0447bb37b"
logic_hash = "d65a466cc15214d8e26597588c039a6b9fb4637ef8f3b1ebea27f016fbd5cba8"
score = 75
@@ -271352,8 +271615,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_2
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L191-L208"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L191-L208"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4a2a7cbc1c8855199a27a7a7b51d0117"
logic_hash = "4ade993176c918ec23e99fc585e9ab14d9f9e93a7eca00f2c3b0ebbd13d6ec5b"
score = 75
@@ -271379,12 +271642,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_3
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L209-L226"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L209-L226"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4a2a7cbc1c8855199a27a7a7b51d0117"
logic_hash = "025308591e058de284f949fd4f788e4a4f46bb2f6c0e1161237f1f811d8179ba"
score = 75
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -271406,8 +271669,8 @@ rule SIGNATURE_BASE_FE_APT_Backdoor_Linux32_SLOWPULSE_1 : FILE
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L227-L244"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L227-L244"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cd09ec795a8f4b6ced003500a44d810f49943514e2f92c81ab96c33e1c0fbd68"
logic_hash = "c1d92ea4ed8e5934c8356e1e52092935c53a138e454026737448f7f523ea06be"
score = 75
@@ -271433,8 +271696,8 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_STEADYPULSE_1
date = "2021-04-16"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_pulsesecure.yar#L265-L284"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_pulsesecure.yar#L265-L284"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "168976797d5af7071df257e91fcc31ce1d6e59c72ca9e2f50c8b5b3177ad83cc"
logic_hash = "a0e3ebdd02ccf5cc8fc0a83c1d0224aed45dc5094eb85bd855e5b74b34e3aaaf"
score = 75
@@ -271462,8 +271725,8 @@ rule SIGNATURE_BASE_Malware_JS_Powershell_Obfuscated : FILE
date = "2017-03-24"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_javascript_powershell.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_javascript_powershell.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1dd745624971f10acb7911433f363b0cf20c8c45344f702d7f3549c58689b371"
score = 75
quality = 85
@@ -271486,8 +271749,8 @@ rule SIGNATURE_BASE_MAL_Go_Modbus_Jul24_1 : FILE
date = "2024-07-23"
modified = "2024-07-24"
reference = "https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_go_modbus.yar#L2-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_go_modbus.yar#L2-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d992c8159deca0ed2b2a33da3c31fdf0efa9a09ba941d059fa7fc1bad458aed1"
score = 75
quality = 85
@@ -271515,8 +271778,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_1 : FILE
date = "2018-02-07"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_middle_east_talosreport.yar#L13-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_middle_east_talosreport.yar#L13-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e5ea689de4be64a02aed31c85a4bd56561ba932587998bc276ddba248d73fa2d"
score = 75
quality = 85
@@ -271537,8 +271800,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_2 : FILE
date = "2018-02-07"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_middle_east_talosreport.yar#L28-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_middle_east_talosreport.yar#L28-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "414e7760c56d2a1713258bb5c5f65e4fb561523ae037f8715d7fba5914ef9211"
score = 75
quality = 85
@@ -271565,8 +271828,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_3 : FILE
date = "2018-02-07"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_middle_east_talosreport.yar#L50-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_middle_east_talosreport.yar#L50-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d45f9f624285ed13a16901335585490459f22ef8af157c38b720118735ed432"
score = 75
quality = 85
@@ -271593,8 +271856,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_4 : FILE
date = "2018-02-07"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_middle_east_talosreport.yar#L68-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_middle_east_talosreport.yar#L68-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "83340b2d8f5f58f886eb318b80d7fbb0b9a4f5ad634db857edc405932f3ea5bc"
score = 75
quality = 85
@@ -271614,8 +271877,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_5 : FILE
date = "2018-02-07"
modified = "2022-08-18"
reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_middle_east_talosreport.yar#L81-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_middle_east_talosreport.yar#L81-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b958a09be09de03e702a0653cf51148698b35c29bed90edbc3a65e485f0c3aa6"
score = 75
quality = 85
@@ -271643,8 +271906,8 @@ rule SIGNATURE_BASE_SVG_Loadurl : FILE
date = "2015-05-24"
modified = "2023-12-05"
reference = "http://goo.gl/psjCCc"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_cryptowall_svg.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_cryptowall_svg.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d9e40694e2d0099495289a2074e266bace9b0d9d776391020a1527eaabd2a395"
score = 50
quality = 85
@@ -271672,8 +271935,8 @@ rule SIGNATURE_BASE_TA459_Malware_May17_1 : FILE
date = "2017-05-31"
modified = "2023-12-05"
reference = "https://goo.gl/RLf9qU"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta459.yar#L12-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta459.yar#L12-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2655d4c3a28ad2f77bbf50cd3dface7de49f675f0f974aa44d9b69c3f803da30"
score = 75
quality = 85
@@ -271697,8 +271960,8 @@ rule SIGNATURE_BASE_TA459_Malware_May17_2 : FILE
date = "2017-05-31"
modified = "2023-12-05"
reference = "https://goo.gl/RLf9qU"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta459.yar#L28-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta459.yar#L28-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9904f3905672e5209df037dff1fa2e4d88ee33531096045eb9b9f7460458b6a2"
score = 75
quality = 85
@@ -271724,8 +271987,8 @@ rule SIGNATURE_BASE_Eternalrocks_Taskhost : FILE
date = "2017-05-18"
modified = "2023-12-05"
reference = "https://twitter.com/stamparm/status/864865144748298242"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_eternalrocks.yar#L12-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_eternalrocks.yar#L12-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "45e5295f34280078c586c4cb643dba65aed63beffb1d6ded05de03403caf273a"
score = 75
quality = 85
@@ -271752,8 +272015,8 @@ rule SIGNATURE_BASE_Eternalrocks_Svchost : FILE
date = "2017-05-18"
modified = "2023-12-05"
reference = "https://twitter.com/stamparm/status/864865144748298242"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_eternalrocks.yar#L32-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_eternalrocks.yar#L32-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "989df6d582949adbc4e0e2063c99d9ad83c367cedae1030dc23aade091216602"
score = 75
quality = 85
@@ -271779,8 +272042,8 @@ rule SIGNATURE_BASE_MAL_Ryuk_Ransomware : FILE
date = "2018-12-31"
modified = "2023-12-05"
reference = "https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ryuk_ransomware.yar#L3-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ryuk_ransomware.yar#L3-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01e8ad348e5954374fc0f9fc25ba1ee83db4a2a50e622b27640aa2eb394dc5a0"
score = 75
quality = 85
@@ -271807,8 +272070,8 @@ rule SIGNATURE_BASE_APT_Cobaltstrike_Beacon_Indicator : FILE
date = "2018-11-09"
modified = "2023-12-05"
reference = "https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike.yar#L40-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike.yar#L40-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f429a7a8c8bbea22eba3bbf81e391dab8e957583283a995d1d60d42f17c20e7"
score = 75
quality = 83
@@ -271830,8 +272093,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_Strings
date = "2021-03-16"
modified = "2023-12-05"
reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike.yar#L54-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike.yar#L54-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4349a7ad94df2269217b55c2aef9628c4eef078566c276936accdd4f996ba2cf"
score = 75
quality = 85
@@ -271854,8 +272117,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_XOR_Strings
date = "2021-03-16"
modified = "2023-12-05"
reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike.yar#L69-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike.yar#L69-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5009c29055784ce6371100417b862f723d7e3c1b4081c563fcd8770db48051f"
score = 75
quality = 85
@@ -271882,8 +272145,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_4_2_Decrypt
date = "2021-03-16"
modified = "2023-12-05"
reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike.yar#L90-L102"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike.yar#L90-L102"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8685b1626c8d263f49ccf129dcd4fe1b42482fcdb37c2e109cedcecaed8c2407"
score = 75
quality = 85
@@ -271905,8 +272168,8 @@ rule SIGNATURE_BASE_HKTL_Win_Cobaltstrike : COMMODITY
date = "2021-05-25"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike.yar#L104-L122"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike.yar#L104-L122"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b041efb8ba2a88a3d172f480efa098d72eef13e42af6aa5fb838e6ccab500a7c"
logic_hash = "1e8a68050ff25f77e903af2e0a85579be1af77c64684e42e8f357eee4ae59377"
score = 75
@@ -271934,8 +272197,8 @@ rule SIGNATURE_BASE_CVE_2014_4076_Exploitcode : CVE_2014_4076 FILE
date = "2018-04-04"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/yarGen"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2014_4076.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2014_4076.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "96b8743de8b3968d64b74af93f5e61574a3b31d33df6d51e944b4f02c7b9723e"
score = 75
quality = 85
@@ -271962,11 +272225,11 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxynotshell_Patterns_CVE_2022_41040_Oct22_1
modified = "2023-03-15"
old_rule_name = "EXPL_Exchange_ProxyNoShell_Patterns_CVE_2022_41040_Oct22_1"
reference = "https://github.com/kljunowsky/CVE-2022-41040-POC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2022_41040_proxynoshell.yar#L2-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2022_41040_proxynoshell.yar#L2-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "81b0f0fea2762beb47826ff95545c87e960e098b9d5f45eacfe07b3ecf319ac5"
score = 75
- quality = 60
+ quality = 85
tags = "SCRIPT"
strings:
@@ -271990,8 +272253,8 @@ rule SIGNATURE_BASE_Notpetya_Ransomware_Jun17 : FILE
date = "2017-06-27"
modified = "2023-12-05"
reference = "https://goo.gl/h6iaGj"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nopetya_jun17.yar#L12-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nopetya_jun17.yar#L12-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e49fd918e9cc09a60434e62767794cd908f195cb71fd7a752a2b4802973bc92e"
score = 75
quality = 85
@@ -272028,8 +272291,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Proxytoken_Exploitation_Aug21_1 : CVE_2021_33766
date = "2021-08-30"
modified = "2023-12-05"
reference = "https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2021_33766_proxytoken.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2021_33766_proxytoken.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ff0c3e4f7491f5faec3e2688819ea5ec636a7d4eb57941afff6f53f60b0c0293"
score = 75
quality = 85
@@ -272056,8 +272319,8 @@ rule SIGNATURE_BASE_EXT_APT32_Goopdate_Installer
date = "2021-02-25"
modified = "2023-12-05"
reference = "https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt32.yar#L3-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt32.yar#L3-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "69730f2c2bb9668a17f8dfa1f1523e0e1e997ba98f027ce98f5cbaa869347383"
logic_hash = "1dcb3009c5c19ff4e54d82d3a4b99b3431e78664f1660522a781e815d96958c4"
score = 75
@@ -272083,8 +272346,8 @@ rule SIGNATURE_BASE_EXT_APT32_Osx_Backdoor_Loader : FILE
date = "2021-02-25"
modified = "2023-12-05"
reference = "https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt32.yar#L22-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt32.yar#L22-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "768510fa9eb807bba9c3dcb3c7f87b771e20fa3d81247539e9ea4349205e39eb"
logic_hash = "26964f95a9298b838e06fb9d7f739c8b87a976d8da7fb08416e952d26e84b84e"
score = 75
@@ -272113,8 +272376,8 @@ rule SIGNATURE_BASE_Plugx_J16_Gen : FILE
date = "2016-06-08"
modified = "2023-12-05"
reference = "VT Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_win_plugx.yar#L10-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_win_plugx.yar#L10-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3e988243663264b2647e098e36b83dd675141fa9765c9bd47c30f29bf176cd8f"
score = 75
quality = 85
@@ -272153,8 +272416,8 @@ rule SIGNATURE_BASE_Plugx_J16_Gen2 : FILE
date = "2016-06-08"
modified = "2023-12-05"
reference = "VT Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_win_plugx.yar#L42-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_win_plugx.yar#L42-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8fbe90cbff5d408d26b0a5ace6833a0e3100d11ff544184d9ccc2f39ee806de9"
score = 75
quality = 85
@@ -272184,8 +272447,8 @@ rule SIGNATURE_BASE_Scarcruft_Malware_Feb18_1 : FILE
date = "2018-02-03"
modified = "2023-12-05"
reference = "https://twitter.com/craiu/status/959477129795731458"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_scarcruft.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_scarcruft.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa1ed130518a2096bd731dce917512d560160e271ad8f0ccd57fbedd478a5502"
score = 90
quality = 85
@@ -272207,8 +272470,8 @@ rule SIGNATURE_BASE_SUSP_Doc_Windowsinstaller_Call_Feb22_1 : FILE
date = "2022-02-26"
modified = "2023-12-05"
reference = "https://twitter.com/threatinsight/status/1497355737844133895"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_maldoc.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_maldoc.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "279182487ab7d35264adfbd0d122ee7634cd92ae1711de78ec7f20928df34f49"
score = 65
quality = 85
@@ -272232,8 +272495,8 @@ rule SIGNATURE_BASE_Gen_Trojan_Mikey : FILE
date = "2015-05-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_mikey_trojan.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_mikey_trojan.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a8e6c3ca056b3ff2495d7728654b780735b3a4cb"
logic_hash = "5454953bba09d6fc866bcb23ef81a0b6763d8f82b8b606597548cbb5cf6053ed"
score = 70
@@ -272261,8 +272524,8 @@ rule SIGNATURE_BASE_Gen_Excel_Xor_Obfuscation_Velvetsweatshop : FILE
date = "2020-10-09"
modified = "2023-12-05"
reference = "https://twitter.com/BouncyHat/status/1308896366782042113"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar#L3-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar#L3-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c38d56199d34adfc98d8032321239ab20c6eaa8abcafd56f8e1cf24fd3a4094f"
score = 75
quality = 85
@@ -272288,11 +272551,11 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxyshell_Failed_Aug21_1 : SCRIPT
date = "2021-08-08"
modified = "2021-08-09"
reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L1-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L1-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "690e74633ac8671727fe47f6398e536c1b7a4ac469d27d3f7507c75e175716bd"
score = 50
- quality = 60
+ quality = 85
tags = "SCRIPT"
strings:
@@ -272311,11 +272574,11 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxyshell_Successful_Aug21_1 : SCRIPT
date = "2021-08-08"
modified = "2025-03-21"
reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L17-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L17-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "06ab609a8efe3b36b6356a9cf7b7b11b2fc2a556ec1df6995008a9df86b3fcee"
score = 65
- quality = 33
+ quality = 83
tags = "SCRIPT"
strings:
@@ -272336,8 +272599,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug21_2 : FILE
date = "2021-08-13"
modified = "2025-11-03"
reference = "https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-are-getting-hacked-via-proxyshell-exploits/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L35-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L35-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4ede197d482f0a9e553ba857b5049e7b7405e3df92460e19418fa0653c844982"
score = 75
quality = 85
@@ -272358,8 +272621,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug21_3 : FILE
date = "2021-08-23"
modified = "2025-11-03"
reference = "https://twitter.com/gossithedog/status/1429175908905127938?s=12"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L50-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L50-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f071aaa8918b359f786f2ac7447eeaedb5a6fca9e0a0c0e8820e011244424503"
score = 75
quality = 85
@@ -272380,8 +272643,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Sep21_1 : FILE
date = "2021-09-17"
modified = "2025-11-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L66-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L66-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "219468c10d2b9d61a8ae70dc8b6d2824ca8fbe4e53bbd925eeca270fef0fd640"
logic_hash = "233ec15dff8da5f2beaa931eb06849aa37e548947c1068d688a1695d977605d8"
score = 75
@@ -272403,8 +272666,8 @@ rule SIGNATURE_BASE_APT_IIS_Config_Proxyshell_Artifacts : FILE
date = "2021-08-25"
modified = "2025-11-03"
reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L82-L105"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L82-L105"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4557694629448d258b8b2fefc278e059217560e7a0ec3279863a16fb9b3989c"
score = 90
quality = 85
@@ -272434,8 +272697,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Exploitation_Aug21_1 : FILE
date = "2021-08-25"
modified = "2025-11-03"
reference = "https://twitter.com/VirITeXplorer/status/1430206853733097473"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L107-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L107-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a2417bb85c7f91d98143d2f4c26d30416b3a01ba8abc1445ccfae5609825b4d"
score = 90
quality = 85
@@ -272456,8 +272719,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug15 : FILE
date = "2021-09-04"
modified = "2025-11-03"
reference = "https://github.com/hvs-consulting/ioc_signatures/tree/main/Proxyshell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L121-L152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L121-L152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46c37f1d80c777acafa6ee64d7df18a6b94768f4463d9196027111a84a63a24f"
score = 75
quality = 85
@@ -272488,8 +272751,8 @@ rule SIGNATURE_BASE_WEBSHELL_Mailbox_Export_PST_Proxyshell_Aug26 : FILE
date = "2021-09-04"
modified = "2025-11-03"
reference = "https://github.com/hvs-consulting/ioc_signatures/tree/main/Proxyshell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L154-L180"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L154-L180"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "07acbf74a4bf169fc128cd085759f33e89917e217703b3c6557ba5f954822fd4"
score = 85
quality = 85
@@ -272520,8 +272783,8 @@ rule SIGNATURE_BASE_SUSP_IIS_Config_Proxyshell_Artifacts : FILE
date = "2021-08-25"
modified = "2025-11-03"
reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L186-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L186-L201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f2822a2b762c8e683c5e3a3f4a8232faa187b9a36182ea71e5286158b0e8115c"
score = 70
quality = 85
@@ -272544,8 +272807,8 @@ rule SIGNATURE_BASE_SUSP_IIS_Config_Virtualdir : FILE
date = "2021-08-25"
modified = "2022-09-17"
reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L203-L223"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L203-L223"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b9be085957f368bc1890c42e3f1e8b974eed8c77ecb4d2ba6add4d877a9b488"
score = 60
quality = 85
@@ -272570,8 +272833,8 @@ rule SIGNATURE_BASE_SUSP_ASPX_Possibledropperartifact_Aug21 : FILE
date = "2021-08-23"
modified = "2025-11-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L225-L255"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L225-L255"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e2fc61897ed859d5165aca7360d8a27891f842a7a8e4894af3926427ac95ceb"
score = 60
quality = 85
@@ -272593,8 +272856,8 @@ rule SIGNATURE_BASE_WEBSHELL_Proxyshell_Exploitation_Nov21_1
date = "2021-11-01"
modified = "2025-11-03"
reference = "https://www.deepinstinct.com/blog/do-not-exchange-it-has-a-shell-inside"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxyshell.yar#L257-L271"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxyshell.yar#L257-L271"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d9812d3f53c346c4e318609e0c7de66811b27ffa7528a6ddeb6ac8436da59ef5"
score = 85
quality = 85
@@ -272617,8 +272880,8 @@ rule SIGNATURE_BASE_No_Powershell : FILE
date = "2016-05-21"
modified = "2023-12-05"
reference = "https://github.com/Ben0xA/nps"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_nopowershell.yar#L8-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_nopowershell.yar#L8-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9fba467cfbf8cad0c8e6cf1e1c7eacd8b0be869ebe6c5180f50f5cdefa8b5bb5"
score = 80
quality = 85
@@ -272642,8 +272905,8 @@ rule SIGNATURE_BASE_EXT_APT_Bitter_Win32K_0Day_Feb21 : FILE
date = "2021-01-01"
modified = "2023-12-05"
reference = "https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bitter.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bitter.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "84a8d0ae14469eb6431e73295d821609c7a8b313630d645085ffd8faff6e5e43"
score = 75
quality = 85
@@ -272671,8 +272934,8 @@ rule SIGNATURE_BASE_APT_RU_APT27_Hyperbro_Vftrace_Loader_Jan22_1 : FILE
date = "2022-01-14"
modified = "2023-12-05"
reference = "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L3-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L3-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8785ea937891636bea5ed8128de44fa6084a1a48800c1586739c5ca9e4c43bd"
score = 75
quality = 85
@@ -272696,8 +272959,8 @@ rule SIGNATURE_BASE_APT_CN_APT27_Compromised_Certficate_Jan22_1
date = "2022-01-29"
modified = "2023-12-05"
reference = "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L21-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L21-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "94a40d55936fc341eaba5e1accc8bfe3a401114298e7a3cc4d5c64af36eadf9e"
score = 80
quality = 85
@@ -272715,8 +272978,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Decrypted_Stage2 : FILE
date = "2022-02-07"
modified = "2023-12-05"
reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L35-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L35-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6eb56c4a92e89977e536ccc3c70170062aca072c6981b40aeea184ea2ca461a6"
score = 75
quality = 85
@@ -272744,8 +273007,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3 : FILE
date = "2022-02-07"
modified = "2023-01-07"
reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L59-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L59-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49c1e70d63d93244b4b44525f2b30c05512b5f3a30d6d7c43c9366a95c84e79b"
score = 50
quality = 85
@@ -272776,8 +273039,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3_C2
date = "2022-02-07"
modified = "2023-12-05"
reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L86-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L86-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "676df1eaa782c6b876df138a0ddddc3c63e277b84d4414b044314ee219674420"
score = 50
quality = 81
@@ -272800,8 +273063,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3_Persistence
date = "2022-02-07"
modified = "2023-12-05"
reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L103-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L103-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db4b7be2bafe29b5e7c81a90e17a660cf73cff1c2e8edd04a9421daba09e3e0e"
score = 75
quality = 85
@@ -272824,8 +273087,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Encrypted_Stage2 : FILE
date = "2022-02-07"
modified = "2023-12-05"
reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_hyperbro.yar#L120-L389"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_hyperbro.yar#L120-L389"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c3b07bdb19730fc9c8cca8aa7581a32eb80e3dbc5c4d366fbb2f9966081c1a21"
score = 75
quality = 60
@@ -273102,8 +273365,8 @@ rule SIGNATURE_BASE_TA17_293A_Malware_1
date = "2017-07-17"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L14-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L14-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "408297496dfb1cc28e1caa7faaf8537b7970bb1742e1b373175f8273fe11f19d"
score = 50
quality = 75
@@ -273157,11 +273420,11 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE
description = "Energetic Bear API Hashing Tool"
author = "CERT RE Team"
id = "4e58800a-9618-5d8b-954c-e843be6002c2"
- date = "2026-02-01"
+ date = "2026-02-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L77-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L77-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5f8a770c727cdd2d32d7cd1ad45ee8b37f7fc63c9e7f4311d318eb15d9050909"
score = 75
quality = 85
@@ -273187,8 +273450,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_XML_Code_MAL_DOC_PT_2 : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L95-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L95-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d4c1b23aa8323fa9ddec362bb36e13e5f992883fbf7936b34cf03fe62ee6127"
score = 75
quality = 85
@@ -273211,8 +273474,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_XML_Code_MAL_DOC : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L108-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L108-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fb3a84b66554e6c286ba64046d9b18a819f81108ee965862f288637ccee816d2"
score = 75
quality = 85
@@ -273236,8 +273499,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_Javascript_Decode_Function : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L122-L140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L122-L140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8b42c67bdcdbb7c38128d8956904baa524d155b1e6957c5c1b5bc28fd8a57e8a"
score = 75
quality = 83
@@ -273262,8 +273525,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_PS_1 : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L152-L166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L152-L166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a59834684cc1e7a34eeb8fb7f6cd1c414d6eab3ae58c6df763b2ec548705b371"
score = 75
quality = 85
@@ -273287,8 +273550,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_Touch_MAC_Modification : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L168-L184"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L168-L184"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5f4c6b653d1b6f4427c6582513d3c19cb8d580e669260a1afda01eecf8ce3bfc"
score = 75
quality = 85
@@ -273314,8 +273577,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_Exploit_MS16_032 : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L186-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L186-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f0bd4f8ae1e9689f111233ca8fdb9a9b6c20e526f22350c8204f64a54639dcd"
score = 75
quality = 85
@@ -273342,8 +273605,8 @@ rule SIGNATURE_BASE_Imphash_UPX_Packed_Malware_1_TA17_293A : FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L206-L217"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L206-L217"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "398ccbd5e492fb1efa80dc07900ef77611c4b5bab95f715fce7b5dbeb0aff49d"
score = 75
quality = 85
@@ -273364,8 +273627,8 @@ rule SIGNATURE_BASE_Imphash_Malware_2_TA17_293A : HIGHVOL FILE
date = "2017-10-21"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_293A.yar#L219-L229"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_293A.yar#L219-L229"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5f91c07a9cc65c31eb9fd09bdd2752bc285c5a4b118ffe647391f7d187765de4"
score = 75
quality = 85
@@ -273384,8 +273647,8 @@ rule SIGNATURE_BASE_Cobaltstrike_C2_Host_Indicator : FILE
date = "2019-08-16"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike_evasive.yar#L1-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike_evasive.yar#L1-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4761e282e9473ba665a597894ed514d057309703a7d5b4e462ef0e779bbb8c39"
score = 60
quality = 65
@@ -273407,8 +273670,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Sleep_Decoder_Indicator
date = "2021-07-19"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike_evasive.yar#L16-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike_evasive.yar#L16-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f3243c326df18edbd15c2d9120379588e61709efb9295b9584c0565c04ee38a5"
score = 75
quality = 85
@@ -273429,8 +273692,8 @@ rule SIGNATURE_BASE_Cobaltstrike_C2_Encoded_XOR_Config_Indicator
date = "2021-07-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike_evasive.yar#L28-L295"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike_evasive.yar#L28-L295"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b25ee9064e925c183ef7599c95ecffce48c7f96eea714fa5f6441b21716277e"
score = 75
quality = 60
@@ -273707,8 +273970,8 @@ rule SIGNATURE_BASE_Cobaltstrike_MZ_Launcher
date = "2021-07-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike_evasive.yar#L297-L307"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike_evasive.yar#L297-L307"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa188546db138dffdcdbf6538367b5d5bc37638a2784b24b7fcd913c15e56072"
score = 75
quality = 85
@@ -273729,8 +273992,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Unmodifed_Beacon
date = "2019-08-16"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cobaltstrike_evasive.yar#L309-L320"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cobaltstrike_evasive.yar#L309-L320"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "10114a431fb70be8e18e67b22aa76bf2c0536f07d373f717c1dc51755e0847c9"
score = 75
quality = 85
@@ -273753,8 +274016,8 @@ rule SIGNATURE_BASE_SUSP_Xored_Mozilla_Oct19
modified = "2023-11-03"
old_rule_name = "SUSP_XORed_Mozilla"
reference = "https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xor_hunting.yar#L2-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xor_hunting.yar#L2-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e1b5c7a0adb4dc65cdf0a653255ac865a0ecebbf1ff08b7fc46d510d5e8aa6c9"
score = 60
quality = 85
@@ -273779,8 +274042,8 @@ rule SIGNATURE_BASE_SUSP_Xored_MSDOS_Stub_Message : FILE
date = "2019-10-28"
modified = "2023-10-11"
reference = "https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xor_hunting.yar#L27-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xor_hunting.yar#L27-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b6d7d7242511d2c26122fe2b880cfe39facb5f68ae45e19c1558163f0427c304"
score = 55
quality = 85
@@ -273813,8 +274076,8 @@ rule SIGNATURE_BASE_SNOWGLOBE_Babar_Malware : FILE
date = "2015-02-18"
modified = "2023-12-05"
reference = "http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_snowglobe_babar.yar#L4-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_snowglobe_babar.yar#L4-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "27a0a98053f3eed82a51cdefbdfec7bb948e1f36"
logic_hash = "a93425a95efe471b815e2daf0b5e290b3472b722c6a48f8c22f0a6e9c588ffc9"
score = 80
@@ -273850,8 +274113,8 @@ rule SIGNATURE_BASE_Bluenoroffpos_DLL
date = "2018-06-07"
modified = "2023-12-05"
reference = "http://blog.trex.re.kr/3?category=737685"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_bluenoroff_pos.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_bluenoroff_pos.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "39f23045b3e5ef60c199091b7f01ac2a3a31bcb95219aebb9a4cfd0764886f19"
score = 75
quality = 73
@@ -273879,8 +274142,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Lnkfileoverrfc : FILE
date = "2018-09-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_lnk_files.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_lnk_files.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "52ff949a17039c1fa5707ff503aa1a96b3925bdfef01867c9b59a8d72493a84e"
score = 65
quality = 85
@@ -273904,8 +274167,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Suspiciouscommands : FILE
date = "2018-09-18"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_lnk_files.yar#L20-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_lnk_files.yar#L20-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0380927ebc89e46f9138e01f154113c5e23680cea9b117b47406003ea565c1e"
score = 60
quality = 81
@@ -273945,8 +274208,8 @@ rule SIGNATURE_BASE_SUSP_DOC_LNK_In_ZIP : FILE
date = "2019-07-02"
modified = "2023-12-05"
reference = "https://twitter.com/RedDrip7/status/1145877272945025029"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_lnk_files.yar#L53-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_lnk_files.yar#L53-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ef4cdaad05af12f210aa6324a1e34a42843f814c59fb0085ac18370917ad4866"
score = 50
quality = 85
@@ -273968,8 +274231,8 @@ rule SIGNATURE_BASE_Hunting_Rule_Shikataganai
date = "2019-10-21"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_shikataganai.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_shikataganai.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "733522cb1d61f4bbb300d73ff21d9d7d10a78aae06e03408fce4b88e4c51f662"
score = 50
quality = 85
@@ -274002,8 +274265,8 @@ rule SIGNATURE_BASE_WEBSHELL_Csharp_Hash_String_Oct22 : FILE
date = "2022-10-27"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshell_csharp.yar#L2-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshell_csharp.yar#L2-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "29c187ad46d3059dc25d5f0958e0e8789fb2a51b9daaf90ea27f001b1a9a603c"
logic_hash = "28a07f3dd17fc469388867fa82a0e21abeee9c4e114af245b684535e4e194891"
score = 60
@@ -274032,8 +274295,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php5 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L8-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L8-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0fd91b6ad400a857a6a65c8132c39e6a16712f19"
logic_hash = "e882f115a67fe31ece1a81e1a2770b46370a92ac3aa23e348a12cdb5735e8a0e"
score = 70
@@ -274057,8 +274320,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Test3693 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L25-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L25-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "246d629ae3ad980b5bfe7e941fe90b855155dbfc"
logic_hash = "a10618d54fb7adbbd89a10f2e1ac067ccd1832140bcaf3b92394ebe7323f2d1e"
score = 70
@@ -274082,8 +274345,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Mycode12 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L42-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L42-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "64be8760be5ab5c2dcf829e3f87d3e50b1922f17"
logic_hash = "94cb0e414634af753db9ec0c63a3a34b4f9104e93e01d67cebab7b3a0c471198"
score = 70
@@ -274107,8 +274370,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Offlibrary : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L59-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L59-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "eb5275f99211106ae10a23b7e565d208a94c402b"
logic_hash = "ffec24bedfe0794e8f92da5067c41932339e61ec23d71a67ed4b634434cd10d6"
score = 70
@@ -274132,8 +274395,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfm_Xl : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L76-L91"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L76-L91"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "49c3d16ee970945367a7d6ae86b7ade7cb3b5447"
logic_hash = "b6683a24ad58a9444ec91f13e7da5db3e3e768afded09a23e1bbd0a0c23cf6b9"
score = 70
@@ -274157,8 +274420,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Linux : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L93-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L93-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "78339abb4e2bb00fe8a012a0a5b7ffce305f4e06"
logic_hash = "2c6278acd123e0d41ed4f0f8f0da27d5de1ad56efb8102c9eae442838a0416d0"
score = 70
@@ -274182,8 +274445,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Interception3389_Get : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L110-L126"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L110-L126"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ceb6306f6379c2c1634b5058e1894b43abcf0296"
logic_hash = "649e611c9d8948e60811af4209d737b3e797e6b42beba42439541ae543b062d6"
score = 70
@@ -274208,8 +274471,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Nc_1 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L128-L143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L128-L143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "51d83961171db000fe4476f36d703ef3de409676"
logic_hash = "80ea8f16d943a3775fe9999131272af9e7f1af60d413109e58ecdef036484760"
score = 70
@@ -274233,8 +274496,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Blacksky : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L145-L160"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L145-L160"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a60a599c6c8b6a6c0d9da93201d116af257636d7"
logic_hash = "3b92f63f536361d8ba0cde853fb546f271abdec3a7c1d44688a42610f5f90c57"
score = 70
@@ -274258,8 +274521,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp3 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L162-L177"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L162-L177"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "87c5a76989bf08da5562e0b75c196dcb3087a27b"
logic_hash = "e5f30a445be30c491e669c633bf2df08cbfb1017ecfc91f9ed83275550488304"
score = 70
@@ -274283,8 +274546,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Sniff : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L179-L194"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L179-L194"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e246256696be90189e6d50a4ebc880e6d9e28dfd"
logic_hash = "198442e75422055e7d65c5d1aef55819036a99077aa79dbd5006ba97c4fe4af8"
score = 70
@@ -274308,8 +274571,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Udf_Udf : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L196-L211"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L196-L211"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "df63372ccab190f2f1d852f709f6b97a8d9d22b9"
logic_hash = "c7db32b5e66601e0b8322ac67b6b9ba8d6222891ed01db557bfac9985140421a"
score = 70
@@ -274333,8 +274596,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_JSP_Jsp : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L213-L228"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L213-L228"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c58fed3d3d1e82e5591509b04ed09cb3675dc33a"
logic_hash = "089e1a553900d149a4087ac81254295d74de15d9baaf73e60ce4f061e450e8c7"
score = 70
@@ -274358,8 +274621,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_T00Ls_Lpk_Sethc_V4_Mail : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L230-L245"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L230-L245"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0a9b7b438591ee78ee573028cbb805a9dbb9da96"
logic_hash = "b835a6d0c736116e0a8b277dadbf25c2ac333b0d7937a6f67ed59887c610a57a"
score = 70
@@ -274383,8 +274646,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Phpwebbackup : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L247-L262"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L247-L262"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c788cb280b7ad0429313837082fe84e9a49efab6"
logic_hash = "45452fc415fbafe170a1b1f5a58df40f0ec65a9a6678e675b40a8c54e2d8bd6c"
score = 70
@@ -274408,8 +274671,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Dz_Phpcms_Phpbb : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L264-L281"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L264-L281"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "33f23c41df452f8ca2768545ac6e740f30c44d1f"
logic_hash = "1455df58f51c3ae7558b89c940d97ea5870f261217b2a09727bb6678bcbd5500"
score = 70
@@ -274435,8 +274698,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Picloaked_1 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L283-L299"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L283-L299"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3eab1798cbc9ab3b2c67d3da7b418d07e775db70"
logic_hash = "a816ac9e98b7c5208f075ffcb9a6525016d6a5c468005d78ecab90d651423705"
score = 70
@@ -274461,8 +274724,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Assembly : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L301-L315"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L301-L315"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2bcb4d22758b20df6b9135d3fb3c8f35a9d9028e"
logic_hash = "34dc47b2f91a15a62175f3cab88d5ff24d2a3aa62f74fb9e43a4aaae96ced999"
score = 70
@@ -274485,8 +274748,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php8 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L317-L334"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L317-L334"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7b49f1d6645865691eccd025e140c521ff01cce"
logic_hash = "435ceb72c082f702284c464979a907a59a42bb4aa07311f9b2da1a9831efac11"
score = 70
@@ -274512,8 +274775,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Xx : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L336-L352"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L336-L352"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2f39f1d9846ae72fc673f9166536dc21d8f396aa"
logic_hash = "67c542f172fd1b97fbee4697fd42bab9486e3d779ce62993617e5a5205bd75d4"
score = 70
@@ -274538,8 +274801,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_JSPMSSQL : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L354-L369"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L354-L369"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c6b4faecd743d151fe0a4634e37c9a5f6533655f"
logic_hash = "c08e69345cb09e41840a81dcd8a015f9e1be93d570b64c310be74631e5314e2f"
score = 70
@@ -274563,8 +274826,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Injection_Transit_Jmpost : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L371-L386"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L371-L386"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f80ec26bbdc803786925e8e0450ad7146b2478ff"
logic_hash = "6c7f52cf7ff6df9867ea2c46cd8f40ef0e077d4e1d9033cde0649a209bffe21b"
score = 70
@@ -274588,8 +274851,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Web_Asp : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L388-L403"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L388-L403"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aebf6530e89af2ad332062c6aae4a8ca91517c76"
logic_hash = "5d2d7e6b9340ee4fd845ff05c99526c919214974b1a0def66492fe3cd4a75fe9"
score = 70
@@ -274613,8 +274876,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Wshell_Asp : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L405-L421"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L405-L421"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4a0afdf5a45a759c14e99eb5315964368ca53e9c"
logic_hash = "f3c4af85e4798d3a809d8edd9cc46d1df44453f14ed050b002fe789da4d6096f"
score = 70
@@ -274639,8 +274902,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp404 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L423-L439"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L423-L439"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bed51971288aeabba6dabbfb80d2843ec0c4ebf6"
logic_hash = "c84be2e561a08317be11cdb0fe103f8ad182a64d8cd1bf987163ebbeabe20f00"
score = 70
@@ -274665,8 +274928,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Asp : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L441-L457"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L441-L457"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cee91cd462a459d31a95ac08fe80c70d2f9c1611"
logic_hash = "c98c3f4db5ea812827b6108ef88b57116621142202248f4f26f0c71bd76e33ec"
score = 70
@@ -274691,8 +274954,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfm_List : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L459-L474"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L459-L474"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "85d445b13d2aef1df3b264c9b66d73f0ff345cec"
logic_hash = "41c7c5ba6187a8871dec83bcd859b9377813d60cea8ef2b4ad390c67de04e010"
score = 70
@@ -274716,8 +274979,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L476-L491"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L476-L491"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bf12e1d741075cd1bd324a143ec26c732a241dea"
logic_hash = "707e2795d82636fbbc4d9f5324e509a526f77f9ead8f3c4d59dd0e95bc94f11e"
score = 70
@@ -274741,8 +275004,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Oracle : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L493-L509"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L493-L509"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fc7043aaac0ee2d860d11f18ddfffbede9d07957"
logic_hash = "3ad4207e426ed2f9df0e0bac0e906af437b0774ba2ebb541afbe7e29b395ad63"
score = 70
@@ -274767,8 +275030,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx4 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L511-L527"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L511-L527"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "200a8f15ffb6e3af31d28c55588003b5025497eb"
logic_hash = "0aab8e327b4477cb0b8cd5d4b1e4b52c160180656dad57b0498654da1c8d7a29"
score = 70
@@ -274793,8 +275056,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L529-L546"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L529-L546"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8378619b2a7d446477946eabaa1e6744dec651c1"
logic_hash = "b59684633fd72bd1804a96850a8b358db98c169415b6e65fe3ecfb4d9fde72d0"
score = 70
@@ -274820,8 +275083,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Su7_X_9_X : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L548-L563"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L548-L563"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "808396b51023cc8356f8049cfe279b349ca08f1a"
logic_hash = "2d2398cf0f9e253eea343d39b6555f2633f92f627f1c93cc28123d5a7f3d1bf1"
score = 70
@@ -274845,8 +275108,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfmshell : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L565-L580"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L565-L580"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "740796909b5d011128b6c54954788d14faea9117"
logic_hash = "0767012ec8fd4a18a64eca04d459efb55fafd29ed052dab8a0eb1b8f4ce7aa66"
score = 70
@@ -274870,8 +275133,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp4 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L582-L598"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L582-L598"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4005b83ced1c032dc657283341617c410bc007b8"
logic_hash = "ae02d1efc975a8592a00cbab823355fb778fbb589f5752dd913aa432b316c3a4"
score = 70
@@ -274896,8 +275159,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_2_Admin_By_Lake2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L600-L617"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L600-L617"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cb8039f213e611ab2687edd23e63956c55f30578"
logic_hash = "a67c08b3a4bed2385d2fa8c007615bfb37a2d739cc13ee2e0f5eda00536b6ea8"
score = 70
@@ -274923,8 +275186,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php3 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L619-L634"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L619-L634"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e2924cb0537f4cdfd6f1bd44caaaf68a73419b9d"
logic_hash = "ba3892feacbbe3d7c6b6308a22ca22b19ae84b6490df2c976852260da2a96ca1"
score = 70
@@ -274948,8 +275211,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_By_Goldsun : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L636-L653"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L636-L653"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d4d7a632af65a961a1dbd0cff80d5a5c2b397e8c"
logic_hash = "962b2e75c03f716fc039cf26aa238e9a3faf5a7ea8fb3d4da556fa601790055a"
score = 70
@@ -274975,8 +275238,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php10 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L655-L670"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L655-L670"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3698c566a0ae07234c8957112cdb34b79362b494"
logic_hash = "76bb2dfd518173f031cc3c93b2098edaef4aca09f0dd8228223257b0b7df452b"
score = 70
@@ -275000,8 +275263,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Servu : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L671-L686"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L671-L686"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7de701b86820096e486e64ca34f1fa9f2fbba641"
logic_hash = "d3956b6daa0649233372aea4176e0d43c44d866146884222f92b7efe01f288bb"
score = 70
@@ -275025,8 +275288,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Portrecall_Jsp2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L688-L704"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L688-L704"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "412ed15eb0d24298ba41731502018800ffc24bfc"
logic_hash = "1ec77a1b0d30cdebce1b5b07445247016230b733a594d8d1de642c2c8af63031"
score = 70
@@ -275051,8 +275314,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L706-L723"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L706-L723"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "95db7a60f4a9245ffd04c4d9724c2745da55e9fd"
logic_hash = "7af90992bc3f708d877dcd5841c0d132793e41a0796607907084516d955b3ae0"
score = 70
@@ -275078,8 +275341,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Hy2006A : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L725-L740"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L725-L740"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "20da92b2075e6d96636f883dcdd3db4a38c01090"
logic_hash = "a24bf11a2728bb8d18ea005b057648770956694e0b257d4464ad15ee3e24eda2"
score = 70
@@ -275103,8 +275366,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php1 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L742-L758"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L742-L758"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c2f4b150f53c78777928921b3a985ec678bfae32"
logic_hash = "aadf47ac6231b41e720efdd85c481ebac8fccb572e57b86b27a95dd367c0d81b"
score = 70
@@ -275129,8 +275392,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Jspshell2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L760-L775"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L760-L775"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cc7bc1460416663012fc93d52e2078c0a277ff79"
logic_hash = "3a60991fa557655fbd2450739976ac612a0ea2a3df22873382b05438cac12762"
score = 70
@@ -275154,8 +275417,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Mysql : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L777-L791"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L777-L791"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8e242c40aabba48687cfb135b51848af4f2d389d"
logic_hash = "bde2ea1ccfc88138456a1b255a32a7323f5ef0f677499db6dc6670987cc37585"
score = 70
@@ -275179,8 +275442,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php9 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L793-L807"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L793-L807"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cd3962b1dba9f1b389212e38857568b69ca76725"
logic_hash = "bea117862ebc9220a4d9aee091c808274f9907fceb83b528055998ddcc90aa5f"
score = 70
@@ -275203,8 +275466,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Portrecall_Jsp : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L809-L823"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L809-L823"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "65e8e4d13ad257c820cad12eef853c6d0134fce8"
logic_hash = "98f279c3e50308f67f88ecf8459943187ea152664fe0206c4a7d3435242df2a6"
score = 70
@@ -275227,8 +275490,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx3 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L825-L840"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L825-L840"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dd61481771f67d9593214e605e63b62d5400c72f"
logic_hash = "11bf511ee70ff4bde0a9320cb80dd9efa0f437d432c78a859153cfcc8e80db01"
score = 70
@@ -275252,8 +275515,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Shell_Shell : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L842-L857"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L842-L857"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1816006827d16ed73cefdd2f11bd4c47c8af43e4"
logic_hash = "ac22d89353b4316289bf6c6e13332ac401f4b57f6c29b71861cb48359c1e55f9"
score = 70
@@ -275277,8 +275540,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Php1_Php7_Php9 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L859-L878"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L859-L878"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ea5b362f8d8f2e99725d4dd4d2ada5c3939a45a3dde0084571600452ab4673c"
score = 70
quality = 85
@@ -275306,8 +275569,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Serv_U_By_Goldsun_Asp3_Serv_U_Asp : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L880-L899"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L880-L899"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b733e80f234a85a4f65eedd94f535860b4da464adb80a91afc547a8d96b5dc7a"
score = 70
quality = 85
@@ -275335,8 +275598,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Asp4_Asp4_MSSQL__MSSQL_ : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L901-L921"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L901-L921"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8ec5ad87c83c16f47391c3ce08cee74c6be1e42c288eec6d1559867d28489c6"
score = 70
quality = 85
@@ -275365,8 +275628,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Injection_Jmcook_Jmpost_Manualinjection
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L923-L942"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L923-L942"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f3a4f81326154a6a6ac448d18be29ad534917bc39aba26cc458f06b43001681"
score = 70
quality = 85
@@ -275394,8 +275657,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cmfshell : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L944-L959"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L944-L959"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b9b2107c946431e4ad1a8f5e53ac05e132935c0e"
logic_hash = "f138a82c2d6a831626fe200308eb89cb50ffeec2f2722599eb4ccbd082bad73d"
score = 70
@@ -275419,8 +275682,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php4 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L961-L975"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L961-L975"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "179975f632baff6ee4d674fe3fabc324724fee9e"
logic_hash = "e625b6d1fd2c1e62306ccae2775ee7b53ddcdd7a6baef55b386dfcd92dc2e764"
score = 70
@@ -275443,8 +275706,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Linux_2_6_Exploit : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L977-L991"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L977-L991"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ec22fac0510d0dc2c29d56c55ff7135239b0aeee"
logic_hash = "7f3e2937796358a949ce980210ddeb1a606a7b9c2b4d9c4a4acad49bb556dfc8"
score = 70
@@ -275467,8 +275730,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L993-L1009"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L993-L1009"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b3ac478e72a0457798a3532f6799adeaf4a7fc87"
logic_hash = "6107afe9895c4e0c865e78bece160246815a0d3c589bfc79f8b369b94481cd89"
score = 70
@@ -275493,8 +275756,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_FTP_MYSQL_MSSQL_SSH : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1011-L1029"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1011-L1029"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe63b215473584564ef2e08651c77f764999e8ac"
logic_hash = "a66884c71ce0cce05ba6607bf66dc55bfae5393746328c06f5c9ca98005d0caf"
score = 70
@@ -275521,8 +275784,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Shell : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1031-L1047"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1031-L1047"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7b34215c2293ace70fc06cbb9ce73743e867289"
logic_hash = "be3961d6568acfaadfa09efda2f914259a59f4e30725c7d434e89f6020e40515"
score = 70
@@ -275547,8 +275810,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php7 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1049-L1064"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1049-L1064"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "05a3f93dbb6c3705fd5151b6ffb64b53bc555575"
logic_hash = "70804d914c6f31422632943bf663f997eb747a290a13b27bfcc66bc3129f136d"
score = 70
@@ -275572,8 +275835,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Rootkit : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1066-L1081"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1066-L1081"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3bfc1c95782e702cf56184e7d438edcf5802eab3"
logic_hash = "5569a179f011ece9802676542d5556fe8d2a2b144e26065b9e0c5bd06c970201"
score = 70
@@ -275597,8 +275860,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Jspshell : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1083-L1098"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1083-L1098"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d16af622f7688d4e0856a2678c4064d3d120e14b"
logic_hash = "9b952f941eb87d7a1b4f747f4e0b0b5ee8876190c6f684b811057a2c78044047"
score = 70
@@ -275622,8 +275885,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Serv_U : FILE
date = "2015-06-23"
modified = "2023-01-27"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1100-L1117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1100-L1117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1c6415a247c08a63e3359b06575b36017befc0c0"
logic_hash = "89cfcbaa38c3b0b6c31af634b4588dcc8bc7a5aa3edac955a162173341d03622"
score = 70
@@ -275648,8 +275911,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Webshell : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1119-L1135"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1119-L1135"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7ef773df7a2f221468cc8f7683e1ace6b1e8139a"
logic_hash = "7d80390a86b1858d2cf4f2be56df7e734aea402de0878adf40ef36721719ca74"
score = 70
@@ -275674,8 +275937,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Mssql_2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1137-L1153"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1137-L1153"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ad55512afa109b205e4b1b7968a89df0cf781dc9"
logic_hash = "1d4b75eeeddda6e92b8ec38679d5e2b9d21abf2d2b467b91a066dcf628725f0a"
score = 70
@@ -275700,8 +275963,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp1 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_webshells.yar#L1155-L1171"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_webshells.yar#L1155-L1171"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "78b5889b363043ed8a60bed939744b4b19503552"
logic_hash = "3b454b1254d05b2208aee02e966c9c56a338dd3d33a2c6acc2c4df3208314055"
score = 70
@@ -275726,8 +275989,8 @@ rule SIGNATURE_BASE_Worddoc_Powershell_Urldownloadtofile : FILE
date = "2017-02-23"
modified = "2024-04-03"
reference = "https://www.arbornetworks.com/blog/asert/additional-insights-shamoon2/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L10-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L10-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4ea4e6092011bccfc5132186b910075361f4f77f01ae00c51c486d77a996775"
score = 75
quality = 85
@@ -275756,11 +276019,11 @@ rule SIGNATURE_BASE_Suspicious_Powershell_Code_1 : FILE
date = "2017-02-22"
modified = "2024-04-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L32-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L32-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a254e0e4f0fdaa5907f5fe0b0c3d5226e2fdac4072349019abc2b2b11cbde30"
score = 60
- quality = 58
+ quality = 83
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
@@ -275784,8 +276047,8 @@ rule SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1 : HIGHVOL FILE
date = "2017-02-22"
modified = "2024-04-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L52-L91"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L52-L91"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "56ad9c71c34956e94325452d829627a30b1499552725232a07100f05a050ef1b"
score = 60
quality = 85
@@ -275830,8 +276093,8 @@ rule SIGNATURE_BASE_Powershell_In_Word_Doc : FILE
date = "2017-06-27"
modified = "2024-04-03"
reference = "Internal Research - ME"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L104-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L104-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6a9b295f1c430c285aedc5e6df268ea2023c8bdaccd04cf8a5d021419cd6bd64"
score = 50
quality = 83
@@ -275855,8 +276118,8 @@ rule SIGNATURE_BASE_Susp_Powershell_Sep17_1 : FILE
date = "2017-09-30"
modified = "2024-04-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L131-L148"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L131-L148"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6c8a1e72b2c4685a5a5749d86901b123976092aee373412bf04c62aa32145be8"
score = 60
quality = 85
@@ -275881,8 +276144,8 @@ rule SIGNATURE_BASE_Susp_Powershell_Sep17_2 : FILE
date = "2017-09-30"
modified = "2024-04-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L150-L170"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L150-L170"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0819f57afb6d1d878e4db4079bfd43ccac520829c877de04d16d8bd048a35ab5"
score = 65
quality = 85
@@ -275908,8 +276171,8 @@ rule SIGNATURE_BASE_Wscript_Shell_Powershell_Combo : FILE
date = "2018-02-07"
modified = "2024-04-03"
reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L172-L193"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L172-L193"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0ab5808593c999c1ce342051a8e292153aa20516cf48071565d677399adfb160"
score = 50
quality = 85
@@ -275936,8 +276199,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_String_K32_Remprocess : FILE
date = "2018-03-31"
modified = "2024-04-03"
reference = "https://github.com/nccgroup/redsnarf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L195-L215"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L195-L215"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "03c80de8e59e640709c4ee1912dc47c398e265f9b88845a6de88031e2eb46ba3"
score = 65
quality = 85
@@ -275967,8 +276230,8 @@ rule SIGNATURE_BASE_Powershell_JAB_B64 : FILE
date = "2018-04-02"
modified = "2024-04-03"
reference = "https://twitter.com/ItsReallyNick/status/980915287922040832"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L217-L231"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L217-L231"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4746a73774f945e63455ca7dd58ef67290f7c66d2dca80d06d52d2545c69a190"
score = 60
quality = 83
@@ -275991,8 +276254,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Frombase64String_Content_Indicator : FILE
date = "2020-01-25"
modified = "2024-04-03"
reference = "https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_susp.yar#L233-L284"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_susp.yar#L233-L284"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a9ec7a00e9faee5cc081a2bc86abf8027fcd3cfe590cdd4f2f99425b6723f23f"
score = 65
quality = 83
@@ -276053,8 +276316,8 @@ rule SIGNATURE_BASE_Elise_Jan18_1 : FILE
date = "2018-01-24"
modified = "2023-12-05"
reference = "https://twitter.com/blu3_team/status/955971742329135105"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lotusblossom_elise.yar#L13-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lotusblossom_elise.yar#L13-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d43486db0d4263f91924da89f1922ad965ed91eadd07ae0705eecd371f31fa44"
score = 75
quality = 85
@@ -276079,8 +276342,8 @@ rule SIGNATURE_BASE_Upatre_Hazgurut : FILE
date = "2015-10-13"
modified = "2023-12-05"
reference = "https://weankor.vxstream-sandbox.com/sample/6b857ef314938d37997c178ea50687a281d8ff9925f0c4e70940754643e2c0e3?environmentId=7"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_upatre_oct15.yar#L8-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_upatre_oct15.yar#L8-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "41dd2f615d1c75ef81073d26bfbdb4f5c6735d9a3ff6d543ca77d6e16fe7eb5b"
score = 70
quality = 85
@@ -276123,8 +276386,8 @@ rule SIGNATURE_BASE_Cloudduke_Malware : FILE
date = "2015-07-22"
modified = "2023-12-05"
reference = "https://www.f-secure.com/weblog/archives/00002822.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cloudduke.yar#L10-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cloudduke.yar#L10-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eaa159a99b6518db736adfd555bfcd052c2ae21b2e60a1db80b90459c47c90ab"
score = 60
quality = 85
@@ -276160,8 +276423,8 @@ rule SIGNATURE_BASE_SFXRAR_Acrotray : FILE
date = "2015-07-22"
modified = "2023-12-05"
reference = "https://www.f-secure.com/weblog/archives/00002822.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cloudduke.yar#L42-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cloudduke.yar#L42-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b318ab2854eb7614dd1a42d3971a96d1d485d5cce552336ad3a7f39886ba710"
score = 70
quality = 85
@@ -276189,8 +276452,8 @@ rule SIGNATURE_BASE_CN_Honker_Mafix_Root : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L8-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L8-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "826778ef9c22177d41698b467586604e001fed19"
logic_hash = "db54561ba4b9c1bd4d9b183658b98f6fd3165b05c8d6d7f006ae3b5fc96ba549"
score = 70
@@ -276215,8 +276478,8 @@ rule SIGNATURE_BASE_CN_Honker_Passwd_Dict_3389 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L26-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L26-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2897e909e48a9f56ce762244c3a3e9319e12362f"
logic_hash = "2be79fc7388ca12f06577e689944bcfa72ed1e1b6da5a7fa15c8da69a4555a9a"
score = 70
@@ -276245,8 +276508,8 @@ rule SIGNATURE_BASE_CN_Honker_Perl_Serv_U : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L48-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L48-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f333c597ff746ebd5a641fbc248497d61e3ec17b"
logic_hash = "deb4ee54f9127bc093f96f7dbf3633fbfc3f66358c76fb15928dabbbffdd4963"
score = 70
@@ -276270,8 +276533,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L65-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L65-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e216f4ba3a07de5cdbb12acc038cd8156618759e"
logic_hash = "be4817bcaae952eb13c35dd89606ec733c682b2e197054bb348c3934012bd105"
score = 70
@@ -276296,8 +276559,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L83-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L83-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f92b74f41a2138cc05c6b6993bcc86c706017e49"
logic_hash = "32603edd3f188a9f4919795df04112883d7b88da46b13fcd0b0e0065fd4c016b"
score = 70
@@ -276320,8 +276583,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389_2 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L99-L114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L99-L114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5ff92f39ade12f8ba6cb75dfdc9bb907e49f0ebd"
logic_hash = "637b3368fac624ca78d2f573b8b937b6b265426d7ed923f3a3d06039663c97ad"
score = 70
@@ -276345,8 +276608,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection_Transit_Jmcook : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L116-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L116-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5e1851c77ce922e682333a3cb83b8506e1d7395d"
logic_hash = "f7a9aca65b92d4b9c787d83a421b54a23844fa8e061c6c627ddde8ab5b7f4396"
score = 70
@@ -276370,8 +276633,8 @@ rule SIGNATURE_BASE_CN_Honker_Pwdump7_Pwdump7 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L133-L147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L133-L147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "67d0e215c96370dcdc681bb2638703c2eeea188a"
logic_hash = "50e4ec9716b4e9d824fb301bb493dcdcd9782d87c0fb8040b82a87faf56292cb"
score = 70
@@ -276394,8 +276657,8 @@ rule SIGNATURE_BASE_CN_Honker_Portrecall_Pr : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L149-L165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L149-L165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "583cf6dc2304121d835f2879803a22fea76930f3"
logic_hash = "f33373e87887506651b1fac464f860a3cf18ad681ba124b606524f6f2255e693"
score = 70
@@ -276420,8 +276683,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389_3 : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L167-L183"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L167-L183"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cfedec7bd327897694f83501d76063fe16b13450"
logic_hash = "df07958e44c7896bc7bdf2b79bc95969593eb21b9c9ed51213fd15affb731ec2"
score = 70
@@ -276446,8 +276709,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_D : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L185-L203"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L185-L203"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "de9cd4bd72b1384b182d58621f51815a77a5f07d"
logic_hash = "2eca697dd1f2ad80c5cd71507cd5f8abd2364b11dfe3206a1043e3d4f5835797"
score = 70
@@ -276474,8 +276737,8 @@ rule SIGNATURE_BASE_CN_Honker_Chinachopper_Db : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L205-L221"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L205-L221"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "af79ff2689a6b7a90a5d3c0ebe709e42f2a15597"
logic_hash = "b650498df99c4620e3904ce8980cd58eb0cb5e0a7a275d54bdbcc41a687bec8e"
score = 70
@@ -276500,8 +276763,8 @@ rule SIGNATURE_BASE_CN_Honker_Syconfig : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L223-L237"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L223-L237"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ff75353df77d610d3bccfbffb2c9dfa258b2fac9"
logic_hash = "6b7f918b83bac84df5ac6b247d4162dd385aba0a32570366c62fc4830199e86e"
score = 70
@@ -276524,8 +276787,8 @@ rule SIGNATURE_BASE_CN_Honker_Linux_Bin : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L239-L254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L239-L254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "26e71e6ebc6a3bdda9467ce929610c94de8a7ca0"
logic_hash = "d02fcf23e46a0b6d44c382e34d73ef6239b6a1afc690e417aa0e6b0898e277c0"
score = 70
@@ -276549,8 +276812,8 @@ rule SIGNATURE_BASE_CN_Honker_Intersect2_Beta : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L256-L272"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L256-L272"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3ba5f720c4994cd4ad519b457e232365e66f37cc"
logic_hash = "bc6a83f8f851f7fb5b620be889619fcbd9f34ba27d495c2040e207caf95854bb"
score = 70
@@ -276575,8 +276838,8 @@ rule SIGNATURE_BASE_CN_Honker_IIS_Logcleaner1_0_Readme : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L274-L289"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L274-L289"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2ab47d876b49e9a693f602f3545381415e82a556"
logic_hash = "3cbd7b2e1710c78bc8ab8d2730cc6da8eb95038f8431d5d0081db984b3d706cf"
score = 70
@@ -276600,8 +276863,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Command : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L291-L306"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L291-L306"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5896b74158ef153d426fba76c2324cd9c261c709"
logic_hash = "a55be30fdb6598669d144308af5a9b6a21ab6140c75fdfc18cecf5d9add4a530"
score = 70
@@ -276625,8 +276888,8 @@ rule SIGNATURE_BASE_CN_Honker_Portrecall_Bc : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L308-L324"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L308-L324"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2084990406398afd856b2309c7f579d7d61c3767"
logic_hash = "f51644f195e42b91dae80ba1770aeb40790ea8528b6d09f5fed0f71d93bda5fc"
score = 70
@@ -276651,8 +276914,8 @@ rule SIGNATURE_BASE_CN_Honker_Tuoku_Script_MSSQL_ : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L326-L342"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L326-L342"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7097c21f92306983add3b5b29a517204cd6cd819"
logic_hash = "4d721fd9711799cf3fd8ba6c300e270ed25faa2fb938ea01464e9bc9a3768e22"
score = 70
@@ -276677,8 +276940,8 @@ rule SIGNATURE_BASE_CN_Honker_Nc_MOVE : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L344-L360"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L344-L360"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4195370c103ca467cddc8f2724a8e477635be424"
logic_hash = "49f41162919bb04744041ae6f7438e61d98fb7d5984a17535d9c4ce4d398671b"
score = 70
@@ -276703,8 +276966,8 @@ rule SIGNATURE_BASE_CN_Honker_Mssqlpw_Scan : FILE
date = "2015-06-23"
modified = "2023-12-05"
reference = "Disclosed CN Honker Pentest Toolset"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/cn_pentestset_scripts.yar#L362-L377"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/cn_pentestset_scripts.yar#L362-L377"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e49def9d72bfef09a639ef3f7329083a0b8b151c"
logic_hash = "eb3bd38ca317f0b10358581fc3dbb8ca81b991b9a4f4f2d256d81a31028411b9"
score = 70
@@ -276728,8 +276991,8 @@ rule SIGNATURE_BASE_Gen_Suspicious_Inpage_Dropper : FILE
date = "2019-07-03"
modified = "2023-12-05"
reference = "https://twitter.com/Ahmedfshosha/status/1138138981521154049"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_InPage_dropper.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_InPage_dropper.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8ab5d0bffa72b32f4c388f42a38a799c178fddf9f06b1262842e146c43448bd4"
score = 65
quality = 85
@@ -276756,8 +277019,8 @@ rule SIGNATURE_BASE_Locky_Ransomware
date = "2016-02-17"
modified = "2023-12-05"
reference = "https://goo.gl/qScSrE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_locky.yar#L8-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_locky.yar#L8-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8"
logic_hash = "c7584ea39c4aceedeb0ea2952be6ff212461674175855274f1783eef80ffba86"
score = 75
@@ -276780,8 +277043,8 @@ rule SIGNATURE_BASE_APT_APT28_Generic_Poco_Openssl
date = "2020-08-13"
modified = "2023-12-05"
reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28_drovorub.yar#L1-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28_drovorub.yar#L1-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b6a78c358b3aee6b172ec29e72ce810c6fbf332f180d5879f0889f47688225e1"
score = 50
quality = 85
@@ -276809,8 +277072,8 @@ rule SIGNATURE_BASE_APT_APT28_Drovorub_Library_And_Unique_Strings : FILE
date = "2020-08-13"
modified = "2023-12-05"
reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28_drovorub.yar#L23-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28_drovorub.yar#L23-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "adb0d4cb6d589213e6a125d3cc20fcea8164b697bdd24d897ce75e7c7f06120a"
score = 75
quality = 85
@@ -276837,8 +277100,8 @@ rule SIGNATURE_BASE_APT_APT28_Drovorub_Unique_Network_Comms_Strings
date = "2020-08-13"
modified = "2023-12-05"
reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt28_drovorub.yar#L44-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt28_drovorub.yar#L44-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8c82766b76c36fe64c6aa99577e1997d7181dbd36a4c27329845ae8a413f5327"
score = 75
quality = 85
@@ -276875,8 +277138,8 @@ rule SIGNATURE_BASE_Powershell_Emp_Eval_Jul17_A1 : FILE
date = "2017-07-27"
modified = "2023-12-05"
reference = "PowerShell Empire Eval"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_ps_empire_eval.yar#L11-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_ps_empire_eval.yar#L11-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e77ff4e216601c62a049569a6ea1aae13fc2612b480f4d7fad4e99dc72155da3"
score = 65
quality = 85
@@ -276900,8 +277163,8 @@ rule SIGNATURE_BASE_Powershell_Emp_Eval_Jul17_A2 : FILE
date = "2017-07-27"
modified = "2023-12-05"
reference = "PowerShell Empire Eval"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_ps_empire_eval.yar#L27-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_ps_empire_eval.yar#L27-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "28f320e721a61d7e2db39830652038eb4090429d73162888570a97b0bc1504d8"
score = 65
quality = 85
@@ -276925,8 +277188,8 @@ rule SIGNATURE_BASE_VULN_Confluence_Questions_Plugin_CVE_2022_26138_Jul22_1 : CV
date = "2022-07-21"
modified = "2023-12-05"
reference = "https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-confluence-hardcoded-credentials-flaw/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_confluence_questions_plugin_cve_2022_26138.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_confluence_questions_plugin_cve_2022_26138.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c164bd3d9ed1e155d51112e14340b814f6ea782604540c84a6e9efb5c6041156"
score = 50
quality = 85
@@ -276954,8 +277217,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Core_PDF : FILE
date = "2015-01-22"
modified = "2023-12-05"
reference = "http://t.co/rF35OaAXrl"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbug.yar#L3-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbug.yar#L3-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a854926a4a98eb1d13a582b4ff4504b9740b8bbe7aa6b5192aeb4d2438a58926"
score = 75
quality = 60
@@ -276977,8 +277240,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Dll
date = "2015-01-22"
modified = "2023-12-05"
reference = "http://t.co/rF35OaAXrl"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbug.yar#L17-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbug.yar#L17-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f29ff81d62bd6bea776aeddc0725b034624f836c234441f63a8b697e959d3f8d"
score = 75
quality = 85
@@ -277002,8 +277265,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Core : FILE
date = "2015-01-22"
modified = "2023-01-27"
reference = "http://t.co/rF35OaAXrl"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbug.yar#L34-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbug.yar#L34-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "59e1363225b1f7765e953e3d6803270b82f4268431d92ef00ed1010df0793e5f"
score = 75
quality = 85
@@ -277027,8 +277290,8 @@ rule SIGNATURE_BASE_Waterbug_Turla_Dropper
date = "2015-01-22"
modified = "2023-12-05"
reference = "http://t.co/rF35OaAXrl"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbug.yar#L50-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbug.yar#L50-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6836b8d28fb41d9459f24d22e3c428b022b26885b7dce1caa5b0d5a7a1b7f82b"
score = 75
quality = 85
@@ -277050,8 +277313,8 @@ rule SIGNATURE_BASE_Waterbug_Fa_Malware : FILE
date = "2015-01-22"
modified = "2023-01-27"
reference = "http://t.co/rF35OaAXrl"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbug.yar#L64-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbug.yar#L64-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b3ac0d69551f27c7f81e24eb00e110639d4b31c8581dfee82715d65528b09632"
score = 75
quality = 85
@@ -277077,8 +277340,8 @@ rule SIGNATURE_BASE_Waterbug_Sav : FILE
date = "2015-01-22"
modified = "2023-01-27"
reference = "http://t.co/rF35OaAXrl"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbug.yar#L114-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbug.yar#L114-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8622ac6cb1f0b9965fe6ee1a4860f19d8b0dc1c586e2a3771420b8d78648066"
score = 75
quality = 85
@@ -277102,8 +277365,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_1 : FILE
date = "2017-08-01"
modified = "2023-12-05"
reference = "https://goo.gl/Nbqbt6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_foudre.yar#L13-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_foudre.yar#L13-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e42959162017ddf6da1d0b2950096e93e0e98c3e5f88ae28fc48e82ef98ca87b"
score = 75
quality = 85
@@ -277129,8 +277392,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_Dropper_1 : FILE
date = "2017-08-01"
modified = "2023-01-07"
reference = "https://goo.gl/Nbqbt6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_foudre.yar#L31-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_foudre.yar#L31-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77ae856e74ceb04e73c26154d7b4cf98ed0e1d8b9ac6ed78775becbff2473e13"
score = 75
quality = 85
@@ -277159,8 +277422,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_Component_1 : FILE
date = "2017-08-01"
modified = "2023-01-07"
reference = "https://goo.gl/Nbqbt6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_foudre.yar#L53-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_foudre.yar#L53-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2eb267ab93c297101aef0cfcca78d0299ca7baa96b983a5f2ff547394cbac82d"
score = 75
quality = 85
@@ -277186,8 +277449,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_SFX : FILE
date = "2017-08-01"
modified = "2023-12-05"
reference = "https://goo.gl/Nbqbt6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_foudre.yar#L77-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_foudre.yar#L77-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd5492f5314cb87fdb7c8b29bdf31e1fcd8541ed47b20f309538437d9c6ac600"
score = 75
quality = 85
@@ -277213,8 +277476,8 @@ rule SIGNATURE_BASE_ATM_Malware_Loup_1 : FILE
date = "2020-08-17"
modified = "2023-12-05"
reference = "https://twitter.com/r3c0nst/status/1295275546780327936"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_atm_loup.yar#L3-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_atm_loup.yar#L3-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6c9e9f78963ab3e7acb43826906af22571250dc025f9e7116e0201b805dc1196"
logic_hash = "5068c3f27cf821f512fb9a473d2bd45066d550f30fbc26f0cbebbe103e6f4ccb"
score = 75
@@ -277239,8 +277502,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Sep1_A1 : FILE
date = "2017-09-12"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dragonfly.yar#L13-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dragonfly.yar#L13-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d235dc964ac74d2b635251d07b2a9119b731a6c3c45b6b2a81ca88e6fc8b63b7"
score = 75
quality = 85
@@ -277260,8 +277523,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_1 : FILE
date = "2017-09-12"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dragonfly.yar#L29-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dragonfly.yar#L29-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c885fb690b7e047203529f0c4a6dd60dea822ce60a47e42b52d3216bc26da62e"
score = 75
quality = 85
@@ -277286,8 +277549,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_2 : FILE
date = "2017-09-12"
modified = "2023-01-06"
reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dragonfly.yar#L46-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dragonfly.yar#L46-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "433711dd15c8d1044b381046747194e47402288df06da6bbc61055dc9c90f52a"
score = 75
quality = 85
@@ -277317,8 +277580,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_3 : FILE
date = "2017-09-12"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dragonfly.yar#L68-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dragonfly.yar#L68-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f564685eb1426d1a3eb888a888bfdf3a8fa9bc96af07fb0bc5f10c0a324f1d9d"
score = 75
quality = 85
@@ -277344,8 +277607,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_4 : FILE
date = "2017-09-12"
modified = "2023-12-05"
reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dragonfly.yar#L91-L109"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dragonfly.yar#L91-L109"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "61af81f0cd1eccba3a1000e6715c9715e8e67849e5edd4279728a7e47bd8cb75"
score = 75
quality = 85
@@ -277373,8 +277636,8 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_1
date = "2021-03-02"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium_log_sigs.yar#L2-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium_log_sigs.yar#L2-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9306cf177928266ea921461e9da80ad5bb37e1e0848559898a414956cfbc2b49"
score = 75
quality = 85
@@ -277395,11 +277658,11 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_26858_Exchange_Forensic_Artefacts_Mar21_1
date = "2021-03-02"
modified = "2021-03-04"
reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium_log_sigs.yar#L15-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium_log_sigs.yar#L15-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a8296b7e990e52330412288e9ff71e08a5258fc63c4754e6d0e6d64302f55e6"
score = 65
- quality = 60
+ quality = 85
tags = "LOG, CVE-2021-26858"
strings:
@@ -277417,8 +277680,8 @@ rule SIGNATURE_BASE_LOG_Exchange_Forensic_Artefacts_Cleanup_Activity_Mar21_1 : L
date = "2021-03-08"
modified = "2023-12-05"
reference = "https://twitter.com/jdferrell3/status/1368626281970024448"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium_log_sigs.yar#L48-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium_log_sigs.yar#L48-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12e5b76dafcae13f1eb21913ae0bde233152fd8b9d29f073893418ac9f742de3"
score = 70
quality = 85
@@ -277443,11 +277706,11 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_27055_Exchange_Forensic_Artefacts : LOG
date = "2021-03-10"
modified = "2021-03-15"
reference = "https://www.praetorian.com/blog/reproducing-proxylogon-exploit/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium_log_sigs.yar#L67-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium_log_sigs.yar#L67-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "131ff0ce189dfeace0922000b0d15dfb5a1270bee8fba8e4d66aa75b1d3f864f"
score = 65
- quality = 35
+ quality = 60
tags = "LOG"
strings:
@@ -277472,11 +277735,11 @@ rule SIGNATURE_BASE_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_2 : LOG
date = "2021-03-10"
modified = "2023-12-05"
reference = "https://www.praetorian.com/blog/reproducing-proxylogon-exploit/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium_log_sigs.yar#L92-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium_log_sigs.yar#L92-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "13e2e46689bc0e87c3cf13dc2ce213c384afe6c03c21e62a467974a0518c12da"
score = 65
- quality = 60
+ quality = 85
tags = "LOG"
strings:
@@ -277494,8 +277757,8 @@ rule SIGNATURE_BASE_HKTL_Koh_Tokenstealer : FILE
date = "2022-07-09"
modified = "2023-12-05"
reference = "https://github.com/GhostPack/Koh"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_hktl_koh_tokenstealer.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_hktl_koh_tokenstealer.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e2c4d948e23f1a3a92689f35fedde6e041d09cd88deac9ff3249556be0b8f789"
score = 75
quality = 85
@@ -277520,8 +277783,8 @@ rule SIGNATURE_BASE_APT_Backdoor_SUNBURST_1
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L6-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L6-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fc006dead2fd540717e00e468bf30f37bdb1d061a805e33683e4a77db7f9156"
score = 85
quality = 77
@@ -277550,8 +277813,8 @@ rule SIGNATURE_BASE_APT_Backdoor_SUNBURST_2
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L28-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L28-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2bf0697b110bca88f712cbccaf0d2ba614d6093d6d9595659aefe088848d3826"
score = 85
quality = 83
@@ -277611,8 +277874,8 @@ rule SIGNATURE_BASE_APT_Webshell_SUPERNOVA_1 : FILE
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L80-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L80-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8471e6b3675e7e9ccfe5b81ab4c599668f2de528f3b179a675f50aa1fd7814b2"
score = 85
quality = 81
@@ -277639,8 +277902,8 @@ rule SIGNATURE_BASE_APT_Webshell_SUPERNOVA_2 : FILE
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L100-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L100-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "96e344bd2ba3ee07784852db3e9935352762c2fa7b6be88f00cac10a90706ffc"
score = 85
quality = 83
@@ -277666,11 +277929,11 @@ rule SIGNATURE_BASE_APT_Hacktool_PS1_COSMICGALE_1
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L119-L140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L119-L140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c7b4d3c29d57b8db8d21e3a436c83617bc3fe14e66ccc1500b33a3774f09ee12"
score = 85
- quality = 40
+ quality = 65
tags = ""
strings:
@@ -277696,8 +277959,8 @@ rule SIGNATURE_BASE_APT_Dropper_Raw64_TEARDROP_1
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L141-L156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L141-L156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ab5197e7a1a123055b361a2ef79f8a77a7935606fccc8f163ea5914c94cd14d"
score = 85
quality = 85
@@ -277720,8 +277983,8 @@ rule SIGNATURE_BASE_APT_Dropper_Win64_TEARDROP_1 : FILE
date = "2020-12-14"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_sunburst.yar#L157-L174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_sunburst.yar#L157-L174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a1fa9b9c700601d10cb77ec714b972f04308de615dfc519f680fc956227cc11d"
score = 70
quality = 85
@@ -277746,8 +278009,8 @@ rule SIGNATURE_BASE_Honeybee_Dropper_Maldoc : FILE
date = "2018-03-03"
modified = "2023-12-05"
reference = "https://goo.gl/JAHZVL"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_honeybee.yar#L13-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_honeybee.yar#L13-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8bc680a59a7bd269eea001c2c74e41ecd93a9b848210779fc7d9c24dfab7767a"
score = 75
quality = 85
@@ -277779,8 +278042,8 @@ rule SIGNATURE_BASE_Ophoneybee_Malware_1 : FILE
date = "2018-03-03"
modified = "2023-12-05"
reference = "https://goo.gl/JAHZVL"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_honeybee.yar#L37-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_honeybee.yar#L37-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5cd37bc515bc1dd61ee58cfdf34622e4f884cc771d1fa2c793986be94b751a70"
score = 75
quality = 85
@@ -277818,8 +278081,8 @@ rule SIGNATURE_BASE_Ophoneybee_Maocheng_Dropper : FILE
date = "2018-03-03"
modified = "2023-12-05"
reference = "https://goo.gl/JAHZVL"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_honeybee.yar#L73-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_honeybee.yar#L73-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "85bcde1d821c052636a75dce4d8c3753188dd7da5fce2b3401d51c02d1c2fa6b"
score = 75
quality = 85
@@ -277842,8 +278105,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_1 : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L10-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L10-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "94763f42dacbeede9a72c3ecc222164a5808bd74c5d2d783c76831221a9c30c8"
score = 75
quality = 85
@@ -277867,8 +278130,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_2 : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L26-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L26-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b633a7e002609fa78b0de8fb818af1b47fbe77497d161b6b41602fb34780ca8"
score = 75
quality = 85
@@ -277892,8 +278155,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_3 : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L42-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L42-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "851efb71cd80040fdd13d9961d1e0084421c783afc43417ff1ac3ed023a73ae1"
score = 75
quality = 85
@@ -277923,8 +278186,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_5 : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L64-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L64-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f84f502ba9a4fe304851badfa98d9e8500cdef472d4358cfd327365ac04dda3"
score = 75
quality = 85
@@ -277957,8 +278220,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_6 : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L89-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L89-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3425734b3259ebd5390cf16d2e394a4cc735dc3fc9fcc627b46bcc77729e465e"
score = 75
quality = 85
@@ -277986,8 +278249,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_7 : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L109-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L109-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "76cf4acee025fcae1dec975a124f4bf808f1f09f99f7fa6a4e965febd6a89e3a"
score = 75
quality = 85
@@ -278019,8 +278282,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_Sshopenssl : FILE
date = "2016-06-10"
modified = "2023-12-05"
reference = "https://goo.gl/AW9Cuu"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dubnium.yar#L133-L152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dubnium.yar#L133-L152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5cad6b0785e8c9627f1b9678dc6206cf36cd33ead2283f77655fdb0ea36249e9"
score = 75
quality = 85
@@ -278049,8 +278312,8 @@ rule SIGNATURE_BASE_Rottenpotato_Potato : FILE
date = "2017-02-07"
modified = "2022-12-21"
reference = "https://github.com/foxglovesec/RottenPotato"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_rottenpotato.yar#L10-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_rottenpotato.yar#L10-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79d2dfd5c2cfd12301c1924dce2ca2a2c3cc070565671c3e0cd69123d2245b1c"
score = 90
quality = 85
@@ -278081,8 +278344,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Powerup : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L10-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L10-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64562c623de89df59d15db48990c25886c67b79ac9341cf8f21ef372057ccd85"
score = 80
quality = 85
@@ -278112,8 +278375,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L33-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L33-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b23b6ad66e054e435415464262004ead6e7ee121185d76c02110506293b3867b"
score = 80
quality = 85
@@ -278138,8 +278401,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Shellcode : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L51-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L51-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "03e9a8c5e45781d73fd13c331d82802a18e4255b506e896019d6f08c5a67dedf"
score = 80
quality = 85
@@ -278166,8 +278429,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Mimikatz : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L71-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L71-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bca6245befb5183f6a45406823c45267b0a31fb0d4505606b98025f6494f2cc"
score = 80
quality = 85
@@ -278195,8 +278458,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Relfectivepeinjection : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L92-L111"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L92-L111"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "910b8b1dbc7306369f90eae0dfd5949347b2c41fa0eb5f590aed8e90e8db199a"
score = 80
quality = 85
@@ -278224,8 +278487,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Persistence : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L113-L134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L113-L134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bfe6b20fb712fcf7b45d0ef80075bc9a254867d2251109f377a378f887b38494"
score = 80
quality = 85
@@ -278255,8 +278518,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Mimikatz_Relfectivepeinjection : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L136-L162"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L136-L162"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "220597cb76c189adc33a9ac740c8164b52743f61523898aefb7a74206b23b76b"
score = 80
quality = 85
@@ -278291,8 +278554,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce_2 : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L164-L181"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L164-L181"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5c035898a9574e2516cbc66efcf57f7380fd979c4a5099f8a0a190ad21af32c0"
score = 80
quality = 85
@@ -278318,8 +278581,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Powerup_2 : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L183-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L183-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8cbd86f103d8b49e72787cbb85fc97e6a02d5332039ce29359cb673c273760b7"
score = 80
quality = 85
@@ -278347,8 +278610,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Persistence_2 : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L204-L226"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L204-L226"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "47d1c3593edeba02e1c08cc53b4ba3d375b73dd04816b84e807e28be2bcf917e"
score = 80
quality = 85
@@ -278379,8 +278642,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce_3 : FILE
date = "2016-09-04"
modified = "2023-12-05"
reference = "https://github.com/vysec/ps1-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_toolkit.yar#L228-L248"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_toolkit.yar#L228-L248"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "09afe669e90bd73318a9f9f68fda362451f6611f8585de67176c5dc43f05f937"
score = 80
quality = 85
@@ -278410,8 +278673,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Proxy_DLL_1 : FILE
date = "2017-08-07"
modified = "2023-12-05"
reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_agent_btz.yar#L13-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_agent_btz.yar#L13-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ea430b2888b487a5c7a91b73e8a7893b53d67e8ac95ae85fe9d15c633b2ee660"
score = 75
quality = 85
@@ -278436,8 +278699,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Proxy_DLL_2 : FILE
date = "2017-08-07"
modified = "2023-12-05"
reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_agent_btz.yar#L29-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_agent_btz.yar#L29-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "41960e6deaee5d087b0eeee515b323cef8ead45ad305d053f6eb1897e204b003"
score = 75
quality = 85
@@ -278471,8 +278734,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Aug17 : FILE
date = "2017-08-07"
modified = "2023-12-05"
reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_agent_btz.yar#L54-L73"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_agent_btz.yar#L54-L73"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cf4fc7820d516cf0322bf25460301b4d04f914814fc2a069164814dd4e1158be"
score = 75
quality = 85
@@ -278498,8 +278761,8 @@ rule SIGNATURE_BASE_APT_Turla_Agent_BTZ_Gen_1 : FILE
date = "2018-06-16"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_agent_btz.yar#L75-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_agent_btz.yar#L75-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8616d95e683f213916f06a7bf672ced90b2fa55cb4331176021614b4f0b03aed"
score = 80
quality = 85
@@ -278534,8 +278797,8 @@ rule SIGNATURE_BASE_HKTL_Keyword_Injectdll : FILE
date = "2019-04-04"
modified = "2023-12-05"
reference = "https://github.com/zerosum0x0/koadic"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_hacktool.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_hacktool.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51c54026672e9ad36d2d68ae8dba61437f8808fbf2ad3c3c7bb086d8abb63987"
score = 60
quality = 85
@@ -278558,8 +278821,8 @@ rule SIGNATURE_BASE_HKTL_Python_Sectools
date = "2023-01-27"
modified = "2023-12-05"
reference = "https://github.com/p0dalirius/sectools"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_hacktool.yar#L18-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_hacktool.yar#L18-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "814ba1aa62bbb7aba886edae0f4ac5370818de15ca22a52a6ab667b4e93abf84"
hash = "b3328ac397d311e6eb79f0a5b9da155c4d1987e0d67487ea681ea59d93641d9e"
hash = "8cd205d5380278cff6673520439057e78fb8bf3d2b1c3c9be8463e949e5be4a1"
@@ -278583,11 +278846,11 @@ rule SIGNATURE_BASE_Powershell_Susp_Parameter_Combo : HIGHVOL FILE
author = "Florian Roth (Nextron Systems)"
id = "17c707f3-7f51-5772-9874-a96c220960a7"
date = "2017-03-12"
- modified = "2022-09-15"
+ modified = "2025-12-16"
reference = "https://goo.gl/uAic1X"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_invocation.yar#L2-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
- logic_hash = "d56d97b4f0506430f21ccb029524111c404c03f8cef25710b96c6c0915fdcf22"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_invocation.yar#L2-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
+ logic_hash = "c359a1d2a460f2939a1dd0959687ed4fbc2d874e689b42ae4bc73ee05145cce3"
score = 60
quality = 31
tags = "HIGHVOL, FILE"
@@ -278634,6 +278897,7 @@ rule SIGNATURE_BASE_Powershell_Susp_Parameter_Combo : HIGHVOL FILE
$fp11 = "REM " ascii
$fp12 = "set /p " ascii
$fp13 = "rxScan Application" wide
+ $fp14 = "psutil.tests"
$fpa1 = "All Rights"
$fpa2 = " 10 and #timestamp > 10
+}
rule SIGNATURE_BASE_Vssown_VBS
{
meta:
@@ -304321,8 +304733,8 @@ rule SIGNATURE_BASE_Vssown_VBS
date = "2015-10-01"
modified = "2025-12-18"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3056-L3073"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3056-L3073"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f49e9d7a07d591330e16fc539bd98d019b47dd8579d0f1ad92fa987790e64189"
score = 75
quality = 85
@@ -304349,8 +304761,8 @@ rule SIGNATURE_BASE_Netview_Hacktool : FILE
date = "2016-03-07"
modified = "2025-12-18"
reference = "https://github.com/mubix/netview"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3075-L3098"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3075-L3098"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "52cec98839c3b7d9608c865cfebc904b4feae0bada058c2e8cdbd561cfa1420a"
logic_hash = "dc27d2358937d736823891c9d5c3f41f83a6f4e72d35fae0983435effda2141a"
score = 60
@@ -304382,8 +304794,8 @@ rule SIGNATURE_BASE_Netview_Hacktool_Output
date = "2016-03-07"
modified = "2025-12-18"
reference = "https://github.com/mubix/netview"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3100-L3115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3100-L3115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "38a51e583b1485bdb29400cb9d0a73ec4d5387675779f949572d2b4d74da4230"
score = 60
quality = 85
@@ -304407,8 +304819,8 @@ rule SIGNATURE_BASE_Psattack_EXE : FILE
date = "2016-03-09"
modified = "2023-01-06"
reference = "https://github.com/gdssecurity/PSAttack/releases/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3126-L3146"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3126-L3146"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ad05d75640c850ee7eeee26422ba4f157be10a4e2d6dc6eaa19497d64cf23715"
logic_hash = "b73566eb6370fbe68f0477d1179e5d6c19fb9be2c29f63d560c42adcdf19fe58"
score = 100
@@ -304435,8 +304847,8 @@ rule SIGNATURE_BASE_Powershell_Attack_Scripts
date = "2016-03-09"
modified = "2025-12-18"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3148-L3163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3148-L3163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "42a52de089ee00e229499fea23b8acd0b7c881a9c578671aea180c0c018a54e0"
score = 70
quality = 85
@@ -304461,8 +304873,8 @@ rule SIGNATURE_BASE_Psattack_ZIP : FILE
date = "2016-03-09"
modified = "2025-12-18"
reference = "https://github.com/gdssecurity/PSAttack/releases/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3165-L3179"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3165-L3179"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3864f0d44f90404be0c571ceb6f95bbea6c527bbfb2ec4a2b4f7d92e982e15a2"
logic_hash = "4c869e8663b8c87780d4be622f86b3887511e1ac3cfc67767f1c986af7d43767"
score = 100
@@ -304485,8 +304897,8 @@ rule SIGNATURE_BASE_Linux_Portscan_Shark_1 : FILE
date = "2016-04-01"
modified = "2025-12-18"
reference = "Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3190-L3207"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3190-L3207"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e807ed6c83c8d908bfe29c65abd7b877b65655cc64cd1497fc124a2fd88cd1e9"
score = 75
quality = 85
@@ -304513,8 +304925,8 @@ rule SIGNATURE_BASE_Linux_Portscan_Shark_2
date = "2016-04-01"
modified = "2025-12-18"
reference = "Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3209-L3226"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3209-L3226"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "45efbbe01c45065efc07e9c75b6a7cdcae469861f84df4a1e1381fe864f7ddc0"
score = 75
quality = 85
@@ -304541,8 +304953,8 @@ rule SIGNATURE_BASE_Dnscat2_Hacktool : FILE
date = "2016-05-15"
modified = "2025-12-18"
reference = "https://downloads.skullsecurity.org/dnscat2/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3235-L3254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3235-L3254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c163a62b607323e08ca083a7091585550c830827728a8a60e25af8db6550ed1c"
score = 75
quality = 85
@@ -304571,8 +304983,8 @@ rule SIGNATURE_BASE_WCE_In_Memory
date = "2016-08-28"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3256-L3270"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3256-L3270"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "74ab7772db5b1de8a4eae03370e2be3cd35004730f84d472677688109a1d6d88"
score = 80
quality = 85
@@ -304595,8 +305007,8 @@ rule SIGNATURE_BASE_Pstgdump : FILE
date = "2016-09-08"
modified = "2025-12-18"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3272-L3290"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3272-L3290"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c4f8697b1b65007acc4fdabd1c6263a428448232f95dbb12d8f737297893157"
score = 75
quality = 85
@@ -304624,8 +305036,8 @@ rule SIGNATURE_BASE_Lsremora : FILE
date = "2016-09-08"
modified = "2025-12-18"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3292-L3314"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3292-L3314"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac8f6b7284307456749b3386340a2b3deb0718bc68875bc90bccf74a96469a59"
score = 75
quality = 85
@@ -304656,8 +305068,8 @@ rule SIGNATURE_BASE_Servpw : FILE
date = "2016-09-08"
modified = "2025-12-18"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3316-L3335"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3316-L3335"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "150466c23ea7aa20f6e60c592ab6bd2f42e3a48a65a6665b89a9f19fa61aae8f"
score = 75
quality = 85
@@ -304686,8 +305098,8 @@ rule SIGNATURE_BASE_Fgexec : FILE
date = "2016-09-08"
modified = "2025-12-18"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3337-L3353"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3337-L3353"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3672255d7829520aa8ca792519f645b86fe4244a16652a960375f23baa7d32b3"
score = 75
quality = 85
@@ -304713,8 +305125,8 @@ rule SIGNATURE_BASE_Cachedump : FILE
date = "2016-09-08"
modified = "2025-12-18"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3355-L3375"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3355-L3375"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e4d710ed9dab12114e87fa33abe6db6245c780b31bcd94fbd21e75aaa355ca8"
score = 75
quality = 85
@@ -304744,8 +305156,8 @@ rule SIGNATURE_BASE_Pwdump_B : FILE
date = "2016-09-08"
modified = "2025-12-18"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3377-L3397"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3377-L3397"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d50ad359b9433439cddda9408d227f35ee8de3280ad24f42c5e6ef1e6a1526bd"
score = 75
quality = 85
@@ -304774,8 +305186,8 @@ rule SIGNATURE_BASE_Msbuild_Mimikatz_Execution_Via_XML
date = "2016-10-07"
modified = "2025-12-18"
reference = "https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8#file-katz-xml"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3408-L3427"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3408-L3427"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f926a2d5ab987b97c6ed2a89c69eac5549d8b7885bdbf75ce40e05e6ce6cfa7a"
score = 75
quality = 85
@@ -304803,8 +305215,8 @@ rule SIGNATURE_BASE_Fscan_Portscanner : FILE
date = "2017-01-06"
modified = "2025-12-18"
reference = "https://twitter.com/JamesHabben/status/817112447970480128"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3438-L3452"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3438-L3452"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "35770f040da0b14fe4492a44383e332c9912bd89943838627491196ce8f0ec37"
score = 75
quality = 85
@@ -304828,8 +305240,8 @@ rule SIGNATURE_BASE_WPR_Loader_EXE : FILE
date = "2017-03-15"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3463-L3483"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3463-L3483"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26af6fe1b3dfe8e3a48c03a9f6f2033fbc909a677d35159e28b7e9b867ea5542"
score = 75
quality = 85
@@ -304859,8 +305271,8 @@ rule SIGNATURE_BASE_WPR_Loader_DLL : FILE
date = "2017-03-15"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3485-L3518"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3485-L3518"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "015334828007e954d1e910e6377b37bade99df2ce86152901ec4ded8c71975de"
score = 75
quality = 85
@@ -304896,8 +305308,8 @@ rule SIGNATURE_BASE_WPR_Passscape_Loader : FILE
date = "2017-03-15"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3520-L3538"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3520-L3538"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79b1a3ed1ea0d9a3ddee0b8557393318a8baf4812110a6ed03a7106b8096b31e"
score = 75
quality = 85
@@ -304925,8 +305337,8 @@ rule SIGNATURE_BASE_WPR_Asterisk_Hook_Library : FILE
date = "2017-03-15"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3540-L3562"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3540-L3562"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6bb75cb8c3ba18a34f4651532060154608c78e6f748148226da4416ad1171124"
score = 75
quality = 85
@@ -304958,8 +305370,8 @@ rule SIGNATURE_BASE_WPR_Windowspasswordrecovery_EXE : FILE
date = "2017-03-15"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3564-L3593"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3564-L3593"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f2995a8ba1644d384167221560aa0c3f074e8e2cf2b79bbb06537fcaed2df7f"
score = 75
quality = 85
@@ -304990,8 +305402,8 @@ rule SIGNATURE_BASE_WPR_Windowspasswordrecovery_EXE_64 : FILE
date = "2017-03-15"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3595-L3612"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3595-L3612"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6cdd46609d401b7c12b936de7f64bab0bc45b9d2c6079fae45a96f5be6857b82"
score = 75
quality = 85
@@ -305017,8 +305429,8 @@ rule SIGNATURE_BASE_Beyondexec_Remoteaccess_Tool : FILE
date = "2017-03-17"
modified = "2025-12-18"
reference = "https://goo.gl/BvYurS"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3623-L3641"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3623-L3641"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f21ddf04ab0d29549c3d07a45afb3e7648a15b0c81f88b8d7ccccc436ba4084"
score = 75
quality = 85
@@ -305045,8 +305457,8 @@ rule SIGNATURE_BASE_Mimikatz_Gen_Strings : FILE
date = "2017-06-19"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3643-L3665"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3643-L3665"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "371e74538a63cfe355ebd31e1ac73cd25e92f3a7ce3f9299e0f3406f2bcb5b01"
score = 75
quality = 85
@@ -305078,8 +305490,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Lpe : FILE
date = "2017-07-07"
modified = "2025-12-18"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3677-L3698"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3677-L3698"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77d72792d7fcf2c54b36d124448e928f306981296715e583d346ccd101e22fc7"
score = 75
quality = 85
@@ -305110,8 +305522,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Exploit : FILE
date = "2017-07-07"
modified = "2025-12-18"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3700-L3714"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3700-L3714"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12a7a04fdc621242f42107204996e44b1962b5ac5eef4f9b9cbbe0ad52b85676"
score = 75
quality = 85
@@ -305135,8 +305547,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Injectdll : FILE
date = "2017-07-07"
modified = "2022-12-21"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3716-L3734"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3716-L3734"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b0a9bd4fa2d8a1192258b303cb757c8bbce7f6962a1d895f57add8a1c3887799"
score = 75
quality = 85
@@ -305163,8 +305575,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Payload_MSI : FILE
date = "2017-07-07"
modified = "2022-12-21"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3736-L3752"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3736-L3752"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7dfc8d2bd871ad6acb7d362a946d34ed1830f42ab625c3d3d9cb512f28ccdb57"
score = 75
quality = 85
@@ -305189,8 +305601,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Injector : FILE
date = "2017-07-07"
modified = "2025-12-18"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3754-L3774"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3754-L3774"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "37ed19fe19d3645adcd5fa7d6f6b3572d2821fdb78a6d0c8afdba6ccecfc8528"
score = 75
quality = 60
@@ -305220,8 +305632,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Lpe_2 : FILE
date = "2017-07-07"
modified = "2025-12-18"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3776-L3791"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3776-L3791"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9ca23e4375674ea189d5e9de015f6a1ae16c30d35378580bdc8f42007b716df"
score = 75
quality = 85
@@ -305246,8 +305658,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Shellcodegenerator : FILE
date = "2017-07-07"
modified = "2025-12-18"
reference = "Disclosed 0day Repos"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3793-L3806"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3793-L3806"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b267a816871c30e9403805b942be25ed8e28ad2fd946f234f6877a65420754d8"
score = 75
quality = 85
@@ -305270,8 +305682,8 @@ rule SIGNATURE_BASE_Securityxploded_Producer_String : FILE
date = "2017-07-13"
modified = "2025-12-18"
reference = "http://securityxploded.com/browser-password-dump.php"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3808-L3822"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3808-L3822"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "101e0b8b8aeb8ed4314bc07139dcc2b40600fde82ff786d15a15c10692f9aa4a"
score = 60
quality = 85
@@ -305294,8 +305706,8 @@ rule SIGNATURE_BASE_Kekeo_Hacktool : FILE
date = "2017-07-21"
modified = "2025-12-18"
reference = "https://github.com/gentilkiwi/kekeo/releases"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3834-L3849"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3834-L3849"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14283064e7c8fcee9cde206d25b43b02876a7a4d5de9da6dab47d7f5ba54f019"
score = 75
quality = 85
@@ -305320,8 +305732,8 @@ rule SIGNATURE_BASE_Allthethings : FILE
date = "2017-07-27"
modified = "2022-12-21"
reference = "https://github.com/subTee/AllTheThings"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3861-L3880"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3861-L3880"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d6b961afb98cfaefe930a7bc246b3f087469b752a8d4abb62b2826418fdfd53"
score = 75
quality = 85
@@ -305349,8 +305761,8 @@ rule SIGNATURE_BASE_Impacket_Keyword : FILE
date = "2017-08-04"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3882-L3899"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3882-L3899"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "92a911dc36f8e74ad49ae09ef4dd997b968a2dde46a7500c98983fafb84a086e"
score = 60
quality = 85
@@ -305376,8 +305788,8 @@ rule SIGNATURE_BASE_Passwordspro : FILE
date = "2017-08-27"
modified = "2025-12-18"
reference = "PasswordPro"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3912-L3930"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3912-L3930"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "24887c3a7e4997c9a4e5d3317a5684b0eca7ccc0ffb213660dd9b37bb220f514"
score = 75
quality = 85
@@ -305403,8 +305815,8 @@ rule SIGNATURE_BASE_Passwordpro_NTLM_DLL : FILE
date = "2017-08-27"
modified = "2025-12-18"
reference = "PasswordPro"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3932-L3950"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3932-L3950"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1021fe1a4c7a237d7a7cfcb1db8fa5e6fa640d3dd9f14ed37910a6b847717d36"
score = 75
quality = 85
@@ -305428,8 +305840,8 @@ rule SIGNATURE_BASE_Keethief_PS : FILE
date = "2017-08-29"
modified = "2025-12-18"
reference = "https://github.com/HarmJ0y/KeeThief"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3962-L3979"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3962-L3979"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d3d4ff3b854c5efad99e6f20121b16d5f2f0a31a4c8efd87a937f857923a5e1"
score = 75
quality = 85
@@ -305453,8 +305865,8 @@ rule SIGNATURE_BASE_Keetheft_EXE : FILE
date = "2017-08-29"
modified = "2025-12-18"
reference = "https://github.com/HarmJ0y/KeeThief"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L3981-L4000"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L3981-L4000"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a6019248ad9708b1508fdf77a2ecbe92a7e8aac916fbca88aec117abeb07b9a0"
score = 75
quality = 85
@@ -305483,8 +305895,8 @@ rule SIGNATURE_BASE_Keetheft_Out_Shellcode : FILE
date = "2017-08-29"
modified = "2025-12-18"
reference = "https://github.com/HarmJ0y/KeeThief"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4002-L4016"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4002-L4016"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d536edf1a40defc3b3aa7ce8e595c53e7dd3b7f1daea772c13319ee5bf7675e"
score = 75
quality = 85
@@ -305508,8 +305920,8 @@ rule SIGNATURE_BASE_Sharpire : FILE
date = "2017-09-23"
modified = "2022-12-21"
reference = "https://github.com/0xbadjuju/Sharpire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4026-L4049"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4026-L4049"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1437b4c5229761bcc18d97ea6328866f4b9c763461fa6ecb5c18e6f3961c3114"
score = 75
quality = 83
@@ -305540,8 +305952,8 @@ rule SIGNATURE_BASE_Invoke_Metasploit : FILE
date = "2017-09-23"
modified = "2025-12-18"
reference = "https://github.com/jaredhaight/Invoke-MetasploitPayload/blob/master/Invoke-MetasploitPayload.ps1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4059-L4074"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4059-L4074"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ef174008517b101be844e30890626378f49a275bad3f08ce25fb8d6118c77c3"
score = 75
quality = 85
@@ -305566,8 +305978,8 @@ rule SIGNATURE_BASE_Powershell_Mal_Hacktool_Gen : FILE
date = "2017-11-02"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4076-L4092"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4076-L4092"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "273222cde3ff155cef09c25192dcb4865179e8172e625fe8f43b21a13fe1a170"
score = 75
quality = 85
@@ -305593,8 +306005,8 @@ rule SIGNATURE_BASE_Sig_Remoteadmin_1 : FILE
date = "2017-12-03"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4094-L4108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4094-L4108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "81912bbfc1f6ac3ec7c54fc935b9ed531c97ad509cf2c096a19e638836cd0baf"
score = 45
quality = 85
@@ -305617,8 +306029,8 @@ rule SIGNATURE_BASE_Remcom_Remotecommandexecution
date = "2017-12-28"
modified = "2025-12-18"
reference = "https://goo.gl/tezXZt"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4110-L4125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4110-L4125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c39a09c8d0c1799febcb4d9eafece43f8b21e7ffc277fdfad6c235eb1a201697"
score = 50
quality = 85
@@ -305642,8 +306054,8 @@ rule SIGNATURE_BASE_Crackmapexec_EXE : FILE
date = "2018-04-06"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4127-L4143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4127-L4143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa05fa41d6aaed45a9b44806a310fdb584874f7eb382e576b36e6d1db87cef88"
score = 85
quality = 85
@@ -305669,8 +306081,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Passrevealer_PY_EXE : FILE
date = "2018-04-06"
modified = "2021-11-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4145-L4163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4145-L4163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "684e901eebf47e2bd8b25fd302963c2761376ce4754d74f9e6f1eb3024c89144"
score = 40
quality = 85
@@ -305694,8 +306106,8 @@ rule SIGNATURE_BASE_MAL_Unknown_Pwdumper_Apr18_3 : FILE
date = "2018-04-06"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4165-L4184"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4165-L4184"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf0dff02bdfa239336b2bc865f2a9aed6d20cafb059caa87a60aa30269dd94b5"
score = 75
quality = 85
@@ -305725,8 +306137,8 @@ rule SIGNATURE_BASE_Processinjector_Gen : HIGHVOL FILE
date = "2018-04-23"
modified = "2025-12-18"
reference = "https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4186-L4207"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4186-L4207"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "90d200e79c97911b105e592549bc2c04fb09ce841413c30117d421b45bb9988c"
score = 60
quality = 85
@@ -305753,8 +306165,8 @@ rule SIGNATURE_BASE_Lazagne_PW_Dumper
date = "2018-03-22"
modified = "2025-12-18"
reference = "https://github.com/AlessandroZ/LaZagne/releases/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4209-L4223"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4209-L4223"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2eac81d5cecdaca7eeaa83be70a688a595f8bbf54679ee565ba325b9e384552b"
score = 70
quality = 85
@@ -305777,8 +306189,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Tclsh : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4225-L4237"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4225-L4237"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "622805e8067f5158d82783971dcf31e8db05f1d52a38bd1ec3e76ddbbd78032b"
score = 65
quality = 85
@@ -305800,8 +306212,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Ruby : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4239-L4251"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4239-L4251"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa076540ef01d04117d3340f4d84c21f79acfc558ed4aa585d801b6a6bc797a2"
score = 65
quality = 85
@@ -305823,8 +306235,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Awk : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4253-L4266"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4253-L4266"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d676ffbd1ce083a1b8e34576125fb0805caef4423089cd72a92483467669b78"
score = 65
quality = 85
@@ -305847,8 +306259,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Netcat_UDP : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4268-L4281"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4268-L4281"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c85b1275ccf5bbc7f6e0ab0f1fa9d1bce7d56912411f84f9946163191c79576"
score = 65
quality = 85
@@ -305871,8 +306283,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Socat : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4283-L4296"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4283-L4296"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "48c06096b27be11ae12cc38294acb495b739101cabc04e89eb76e93fb42c52df"
score = 65
quality = 85
@@ -305895,8 +306307,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Perl : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4298-L4311"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4298-L4311"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8f3c5920acdc080b437c15b93e192a00a5037be0323cc04473e238033b7d53ec"
score = 75
quality = 85
@@ -305919,8 +306331,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Python : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4313-L4325"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4313-L4325"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4c35bb739eeabf0de558ee1b97225ed4eb3198e7e6db1817348115b848146c7"
score = 75
quality = 85
@@ -305942,8 +306354,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_PHP_TCP : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4327-L4340"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4327-L4340"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8ffab71130b4fa6efbe9864f97c33fed9359f79d51b84e8f952c911f24d1496c"
score = 75
quality = 85
@@ -305966,8 +306378,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Powershell_TCP : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4342-L4355"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4342-L4355"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8eb484ba87fa2e10af3c59445ccb4be73db2f5ae67c59118a2e188ba02fdc957"
score = 75
quality = 85
@@ -305990,8 +306402,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_Shellcommand_May18_1 : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4357-L4370"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4357-L4370"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bc858d74b8aad09ff539489e961e1a51ba5fe17d3424615ffe5029587ddb9478"
score = 65
quality = 85
@@ -306013,8 +306425,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Telnet_TCP : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4372-L4385"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4372-L4385"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e900fb8c0f1fa61f242b97ac542cb1bfd691dd50523e0023e97e3b21617053d7"
score = 75
quality = 85
@@ -306037,8 +306449,8 @@ rule SIGNATURE_BASE_SUSP_Shellpop_Bash
date = "2018-05-18"
modified = "2025-04-11"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4387-L4404"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4387-L4404"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a557822eaaad84897acc32935f7545deb17ea3b8c6e34acd0ac5ef9fad08cb1e"
score = 70
quality = 85
@@ -306062,8 +306474,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Netcat : FILE
date = "2018-05-18"
modified = "2025-12-18"
reference = "https://github.com/0x00-0x00/ShellPop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4406-L4421"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4406-L4421"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c61da27d4bc455a9f2555fcc1c5cce7cead226a5900eeed1aaf622616051b79"
score = 75
quality = 85
@@ -306088,8 +306500,8 @@ rule SIGNATURE_BASE_HKTL_Berootexe : FILE
date = "2018-07-25"
modified = "2025-12-18"
reference = "https://github.com/AlessandroZ/BeRoot/tree/master/Windows"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4423-L4439"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4423-L4439"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8e10fddd3b3eb5e5200d9ed0bcb23961d196d9e1de03ebf03a96374ee02a9097"
score = 75
quality = 85
@@ -306113,8 +306525,8 @@ rule SIGNATURE_BASE_HKTL_Berootexe_Output : FILE
date = "2018-07-25"
modified = "2025-12-18"
reference = "https://github.com/AlessandroZ/BeRoot/tree/master/Windows"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4441-L4455"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4441-L4455"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7886535d071092df76507f0dd431409e85c368d404f49e7f118278f6565618e6"
score = 75
quality = 85
@@ -306138,8 +306550,8 @@ rule SIGNATURE_BASE_HKTL_Embeddedpdf : FILE
date = "2018-07-25"
modified = "2025-12-18"
reference = "https://twitter.com/infosecn1nja/status/1021399595899731968?s=12"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4457-L4473"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4457-L4473"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "041580406e2a7c644d713d8fbf7fccb81664ff536e62df26b3c0f331409fb993"
score = 75
quality = 85
@@ -306164,8 +306576,8 @@ rule SIGNATURE_BASE_HKTL_Blackbone_Driverinjector : FILE
modified = "2025-12-18"
old_rule_name = "HTKL_BlackBone_DriverInjector"
reference = "https://github.com/DarthTon/Blackbone"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4475-L4503"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4475-L4503"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d6a5f02a465ea46892e1de54a3482aace387ab0d2cdb949e263ce63f4f9edbb7"
score = 60
quality = 85
@@ -306199,8 +306611,8 @@ rule SIGNATURE_BASE_HKTL_Sqlmap : FILE
date = "2018-10-09"
modified = "2025-12-18"
reference = "https://github.com/sqlmapproject/sqlmap"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4505-L4518"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4505-L4518"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9aa13bc2db40f5ab3debd617c84b1e11805d137bc55e9088bc9a0c23e185dfce"
score = 75
quality = 85
@@ -306223,8 +306635,8 @@ rule SIGNATURE_BASE_HKTL_Sqlmap_Backdoor : FILE
date = "2018-10-09"
modified = "2025-12-18"
reference = "https://github.com/sqlmapproject/sqlmap"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4520-L4536"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4520-L4536"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e09135e3908442d873511b7b75c8475b2345a28f3bad41a242d6fc5a3b7c002"
score = 75
quality = 85
@@ -306242,8 +306654,8 @@ rule SIGNATURE_BASE_HKTL_Lazagne_Passworddumper_Dec18_1 : FILE
date = "2018-12-11"
modified = "2025-12-18"
reference = "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4538-L4558"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4538-L4558"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "887c8e91942076395dc7575d5cbd926e7e0971a759daf719983dd918d9babad3"
score = 85
quality = 85
@@ -306272,8 +306684,8 @@ rule SIGNATURE_BASE_HKTL_Lazagne_Gen_18
date = "2018-12-11"
modified = "2025-12-18"
reference = "https://creativecommons.org/licenses/by-nc/4.0/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4560-L4577"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4560-L4577"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f3e895080267a551a3b7a0ba2d4207b31befacbd35d1e6941e1b69d7e2689ce"
score = 80
quality = 85
@@ -306298,8 +306710,8 @@ rule SIGNATURE_BASE_HKTL_Nopowershell
date = "2018-12-28"
modified = "2022-12-21"
reference = "https://github.com/bitsadmin/nopowershell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4579-L4596"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4579-L4596"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2207af9fcc61d547dfeff347a1eae2c59024a7270d1b8cbb7abef56d80864728"
score = 75
quality = 85
@@ -306325,8 +306737,8 @@ rule SIGNATURE_BASE_HKTL_Htran_Go : FILE
date = "2019-01-09"
modified = "2025-12-18"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4598-L4611"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4598-L4611"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "444fe8ce2fdb67c982de26a10882d2cfebc4d2de6c4b4ba6ee10cf39130f1cc5"
score = 75
quality = 85
@@ -306350,11 +306762,11 @@ rule SIGNATURE_BASE_SUSP_Katz_PDB : FILE
date = "2019-02-04"
modified = "2025-12-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4613-L4626"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4613-L4626"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a38f63d8e8baa9bc8f34c1886fc2aaea7f61d5e09792ba9cde4cf6ed8441fab"
score = 65
- quality = 60
+ quality = 85
tags = "FILE"
hash1 = "6888ce8116c721e7b2fc3d7d594666784cf38a942808f35e309a48e536d8e305"
@@ -306374,8 +306786,8 @@ rule SIGNATURE_BASE_HKTL_LNX_Pnscan : FILE
date = "2019-05-27"
modified = "2025-12-18"
reference = "https://github.com/ptrrkssn/pnscan"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4628-L4641"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4628-L4641"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46a064f9df9d0a0f3fad4ec7be70b1e42074e5e117f7403d8239bc725590f268"
score = 55
quality = 85
@@ -306397,8 +306809,8 @@ rule SIGNATURE_BASE_Paexec : FILE
date = "2017-03-27"
modified = "2025-12-18"
reference = "http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4643-L4663"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4643-L4663"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "30478d90756a9ea362c40236518fe9013e5e5683641b7e7e1ad33aa3b5587e04"
score = 40
quality = 85
@@ -306427,8 +306839,8 @@ rule SIGNATURE_BASE_HKTL_Domainpasswordspray : FILE
date = "2023-01-13"
modified = "2025-12-18"
reference = "https://github.com/dafthack/DomainPasswordSpray"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4665-L4680"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4665-L4680"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa20bf139eff36100624771fe7617c214337ae5ab2e2746143bd8e6cc1b05b4e"
score = 60
quality = 85
@@ -306451,8 +306863,8 @@ rule SIGNATURE_BASE_HKTL_Rusthound : FILE
date = "2023-03-30"
modified = "2025-12-18"
reference = "https://github.com/OPENCYBER-FR/RustHound"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-hacktools.yar#L4682-L4709"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-hacktools.yar#L4682-L4709"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "409f61a34d9771643246f401a9670f6f7dcced9df50cbd89a2e1a5c9ba8d03ab"
hash = "b1a58a9c94b1df97a243e6c3fc2d04ffd92bc802edc7d8e738573b394be331a9"
hash = "170f4a48911f3ebef674aade05184ea0a6b1f6b089bcffd658e95b9905423365"
@@ -306485,8 +306897,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_1 : FILE
date = "2018-10-17"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_greyenergy.yar#L12-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_greyenergy.yar#L12-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0cbdc156b7080608c1071feeb4826a70bb259c55139d74d019465c4bb5244260"
score = 75
quality = 85
@@ -306511,8 +306923,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_2 : FILE
date = "2018-10-17"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_greyenergy.yar#L31-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_greyenergy.yar#L31-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "600bc5b423ef3281bfc7ad7ab479aa1208b0144b0f4afd8c2d14f17b5e2c600b"
score = 75
quality = 85
@@ -306535,8 +306947,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_3 : FILE
date = "2018-10-17"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_greyenergy.yar#L46-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_greyenergy.yar#L46-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f4851f5381a4d8dea488d50ff11048052826c51428f8610bc5d3480ed254d32f"
score = 75
quality = 85
@@ -306561,8 +306973,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_4 : FILE
date = "2018-10-17"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_greyenergy.yar#L62-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_greyenergy.yar#L62-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c845be8b56dc9aa9f0eaec2a67c4baef9c9b4fd1789e96cd781e3876721b1297"
score = 75
quality = 85
@@ -306589,8 +307001,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_5 : FILE
date = "2018-10-17"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_greyenergy.yar#L84-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_greyenergy.yar#L84-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3ced67c514d54324b41a4a4a92c1d3138e75380f3129b39ae92c1895c267acb2"
score = 75
quality = 85
@@ -306613,8 +307025,8 @@ rule SIGNATURE_BASE_EXPL_Shitrix_Exploit_Code_Jan20_1 : FILE CVE_2019_19781
date = "2020-01-13"
modified = "2023-12-05"
reference = "https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_shitrix.yar#L2-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_shitrix.yar#L2-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "00687b30235be5ef3c00432b5b96bbc325dee553e7c0cb565d6f389b1bce12de"
score = 70
quality = 85
@@ -306649,11 +307061,11 @@ rule SIGNATURE_BASE_EXPL_CVE_2024_21413_Microsoft_Outlook_RCE_Feb24 : CVE_2024_2
date = "2024-02-17"
modified = "2024-02-19"
reference = "https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_outlook_cve_2024_21413.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_outlook_cve_2024_21413.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "06cfafe0b92949e493dca6d54f671d0607242d97341144b69f563a0cc24dc6a1"
score = 75
- quality = 60
+ quality = 85
tags = "CVE-2024-21413, FILE"
strings:
@@ -306673,8 +307085,8 @@ rule SIGNATURE_BASE_Irongate_APT_Step7Prosim_Gen : FILE
date = "2016-06-04"
modified = "2023-12-05"
reference = "https://goo.gl/Mr6M2J"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irongate.yar#L10-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irongate.yar#L10-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aab41ada32a8186f958baccad08b60ac1ab686f7561d4dd4471a1e88ddd53730"
score = 90
quality = 85
@@ -306711,8 +307123,8 @@ rule SIGNATURE_BASE_Irongate_Pyinstaller_Update_EXE : FILE
date = "2016-06-04"
modified = "2023-01-06"
reference = "https://goo.gl/Mr6M2J"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irongate.yar#L42-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irongate.yar#L42-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b55e02af900b3510743502bd72d5e14c9235985b5a7b05def0f5c462b28f2216"
score = 60
quality = 85
@@ -306740,8 +307152,8 @@ rule SIGNATURE_BASE_Nirsoft_Netresview : FILE
date = "2016-06-04"
modified = "2023-12-05"
reference = "https://goo.gl/Mr6M2J"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irongate.yar#L67-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irongate.yar#L67-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "56c3c7a98bcefa609ee604ea0d7d3f4dd237d91a9439eeed66e0d6f3a20dfdd0"
score = 40
quality = 85
@@ -306765,8 +307177,8 @@ rule SIGNATURE_BASE_APT_MAL_BKA_Goldenspy_Aug20_1 : FILE
date = "2020-08-21"
modified = "2023-12-05"
reference = "https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_goldenspy.yar#L1-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_goldenspy.yar#L1-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ba81a2b081842aaf06bbf623640a87946894df83fd0d7b7149c48afa8ed0a081"
score = 75
quality = 85
@@ -306794,8 +307206,8 @@ rule SIGNATURE_BASE_Recon_Commands_Windows_Gen1 : FILE
date = "2017-07-10"
modified = "2023-12-05"
reference = "https://goo.gl/MSJCxP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_recon_indicators.yar#L12-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_recon_indicators.yar#L12-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36beb09c428949140cb007c1022c385c9a1ae4eea8c1f1a419f96b36b8030c7c"
score = 60
quality = 85
@@ -306839,8 +307251,8 @@ rule SIGNATURE_BASE_SUSP_Recon_Outputs_Jun20_1 : FILE
date = "2020-06-04"
modified = "2023-12-05"
reference = "https://securelist.com/cycldek-bridging-the-air-gap/97157/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_recon_indicators.yar#L52-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_recon_indicators.yar#L52-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "652b28bfb45a11eaaee198c76560c1f55edc5b32c5394e606bb5426551260f24"
score = 60
quality = 85
@@ -306865,8 +307277,8 @@ rule SIGNATURE_BASE_SUSP_TINY_PE : FILE
date = "2019-10-23"
modified = "2023-12-05"
reference = "https://webserver2.tecgraf.puc-rio.br/~ismael/Cursos/YC++/apostilas/win32_xcoff_pe/tyne-example/Tiny%20PE.htm"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_file_anomalies.yar#L3-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_file_anomalies.yar#L3-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5eabfa8e0fd4d6d1376d263484fba985e7a4b05d68046be1f79c1dfdbbfff9e5"
score = 80
quality = 85
@@ -306887,8 +307299,8 @@ rule SIGNATURE_BASE_SUSP_GIF_Anomalies : FILE
date = "2020-07-02"
modified = "2023-12-05"
reference = "https://en.wikipedia.org/wiki/GIF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_file_anomalies.yar#L17-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_file_anomalies.yar#L17-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64d17c8de72600cd889a802fd002faaaf9a3a17f7fa157ae5b2b620b28e6c439"
score = 60
quality = 85
@@ -306907,8 +307319,8 @@ rule SIGNATURE_BASE_SUSP_Hxd_Icon_Anomaly_May23_1 : FILE
date = "2023-05-29"
modified = "2023-12-05"
reference = "https://www.linkedin.com/feed/update/urn:li:activity:7068631930040188929/?utm_source=share&utm_medium=member_ios"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_file_anomalies.yar#L32-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_file_anomalies.yar#L32-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a328687ac8b868fb78a49188b286a8951c6043a7ff6ff0c7a23c3f9b3ef15eb2"
score = 65
quality = 85
@@ -306948,8 +307360,8 @@ rule SIGNATURE_BASE_SUSP_Qakbot_Uninstaller_Shellcode_Aug23
date = "2023-08-30"
modified = "2023-12-05"
reference = "https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_qakbot_uninstaller.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_qakbot_uninstaller.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "91d26c50bf29517aa68e709ca3b6f32f4ca390f4c2f48e48cd251bfdd5dbcc71"
score = 60
quality = 85
@@ -306970,8 +307382,8 @@ rule SIGNATURE_BASE_SUSP_Qakbot_Uninstaller_FBI_Aug23
date = "2023-08-31"
modified = "2023-12-05"
reference = "https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_qakbot_uninstaller.yar#L16-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_qakbot_uninstaller.yar#L16-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0ce963190502709edec9434e6a64cb9db7c5553113b686afc56a516350d76baa"
score = 60
quality = 85
@@ -306998,8 +307410,8 @@ rule SIGNATURE_BASE_CN_Tools_Xbat : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L10-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L10-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a7005acda381a09803b860f04d4cae3fdb65d594"
logic_hash = "c6dae76bbda7b43eef348c61e1330405923baf724f1aa5d2b51132dde89248fe"
score = 75
@@ -307023,8 +307435,8 @@ rule SIGNATURE_BASE_CN_Tools_Temp : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L26-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L26-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c3327ef63b0ed64c4906e9940ef877c76ebaff58"
logic_hash = "05fd1cb3f7c8b96ccf824013c130a0b21f43724463f8658e23239d009be7f4fe"
score = 75
@@ -307050,8 +307462,8 @@ rule SIGNATURE_BASE_CN_Tools_Srss : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L44-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L44-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "092ab0797947692a247fe80b100fb4df0f9c37a0"
logic_hash = "e01fd60adc32be26b0940ecc127a17bfcfe2ebfcf6cefea76ba6adc61d3c18d4"
score = 75
@@ -307075,8 +307487,8 @@ rule SIGNATURE_BASE_Dll_Unreg : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L60-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L60-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d5e24ba86781c332d0c99dea62f42b14e893d17e"
logic_hash = "0e534e475a5b4338aa53bea09325dd63a3d451a13b46a70b5208cabd2deecabe"
score = 75
@@ -307100,8 +307512,8 @@ rule SIGNATURE_BASE_Dll_Reg : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L76-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L76-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cb8a92fe256a3e5b869f9564ecd1aa9c5c886e3f"
logic_hash = "db2032d5689f9fcfc446d5ebe8a6d28c6dbd8bcd1d93769ec969d76f8add4f9d"
score = 75
@@ -307125,8 +307537,8 @@ rule SIGNATURE_BASE_Sbin_Squid : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L92-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L92-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8b795a8085c3e6f3d764ebcfe6d59e26fdb91969"
logic_hash = "c440bcfda55f926354ea5e462fe1e6a0e9e9585bb1c1539c0aa0588405a46105"
score = 75
@@ -307152,8 +307564,8 @@ rule SIGNATURE_BASE_Sql1433_Creck : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L110-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L110-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "189c11a3b268789a3fbcfac3bd4e03cbfde87b1d"
logic_hash = "2d9ff5f130d625450e7de41832695839f0427a6186569280a224f20e89fe1d8a"
score = 75
@@ -307178,8 +307590,8 @@ rule SIGNATURE_BASE_Sql1433_Start : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktool_scripts.yar#L127-L145"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktool_scripts.yar#L127-L145"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bd4be10f4c3a982647b2da1a8fb2e19de34eaf01"
logic_hash = "b7dfc2b04e838fa3a71487287a50e183443eb62b69cd23494294f231b43baf2f"
score = 75
@@ -307207,8 +307619,8 @@ rule SIGNATURE_BASE_POSHSPY_Malware
date = "2017-07-15"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poshspy.yar#L11-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poshspy.yar#L11-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e1f8b502950d2f7600041b5492f529682b9f5f2863c36ad40618b5ed78a94567"
score = 75
quality = 85
@@ -307235,8 +307647,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharpsetthreadcontext : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/CSharpSetThreadContext"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L6-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L6-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fab70ce4bb1a00d8e8155ce7d859aa2f8d193dd40378a8fff0fdfb1c94f9a76"
score = 75
quality = 85
@@ -307259,8 +307671,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_DLL_Injection : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/ihack4falafel/DLL-Injection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L22-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L22-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a9ad0c7a68602214cf31d9b065b9b2c5f7eb616bcec0f3428e958c0f762282b2"
score = 75
quality = 85
@@ -307282,8 +307694,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Limeusb_Csharp : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/LimeUSB-Csharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L37-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L37-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd5b12c43046e56ebef78104fd7a9389476686bd4adca4964fc8b559432ae236"
score = 75
quality = 85
@@ -307305,8 +307717,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ladon : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/k8gege/Ladon"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L52-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L52-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a2c6d3bb2964847aaff4828bbd7b75301e287bcff3f27324bc7767c0f73820f"
score = 75
quality = 85
@@ -307328,8 +307740,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Whitelistevasion : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/khr0x40sh/WhiteListEvasion"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L67-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L67-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "38838b45c3c7359e49f890f5f7608e5a6026421e83b0ef7371c8558c571395a6"
score = 75
quality = 85
@@ -307351,8 +307763,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Downloader : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Lime-Downloader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L82-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L82-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8086f6be648bcb5535b98aafc5fd898dc975273eec3c19a54263f74bb7c0f629"
score = 75
quality = 85
@@ -307374,8 +307786,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Darkeye : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/K1ngSoul/DarkEye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L97-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L97-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7571ed93fd3ea690549ab35682b0073e1c2b9ac57e36394d35794aba7c50b79e"
score = 75
quality = 85
@@ -307397,8 +307809,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpkatz : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/b4rtik/SharpKatz"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L112-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L112-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8899192a8006bb31ce4277fc371a30b301ffc1a42030ca3a4059a2b53c889bae"
score = 75
quality = 85
@@ -307420,8 +307832,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Externalc2 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/ryhanson/ExternalC2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L127-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L127-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "81042972411ab82da8460f9e263614f563bc67e3ce585f1a955b565b066ee8c9"
score = 75
quality = 85
@@ -307444,8 +307856,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Povlsomware : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/povlteksttv/Povlsomware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L143-L156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L143-L156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f8e246080ffcaa73ad727d2d9a1f2b75f2d413b49dff0c3b50831a41e1f14a2f"
score = 75
quality = 85
@@ -307467,8 +307879,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Runshellcode : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/zerosum0x0/RunShellcode"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L158-L171"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L158-L171"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5df20e170651f32e41a905992d0bb52542638e2d0a56841db900b70e324c9afe"
score = 75
quality = 85
@@ -307490,8 +307902,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharploginprompt : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/shantanu561993/SharpLoginPrompt"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L173-L186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L173-L186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e8abbc67d568956bf98e733b1e98910d0501225d4a0dc0bec6be9b572fcc2b36"
score = 75
quality = 85
@@ -307513,8 +307925,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adamantium_Thief : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/LimerBoy/Adamantium-Thief"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L188-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L188-L201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "37303dd37952d08ca2f85d03b4a9a8d52a3c55870e1350bca7ac84749942dfd8"
score = 75
quality = 85
@@ -307536,8 +307948,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Psbypassclm : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/padovah4ck/PSByPassCLM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L203-L216"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L203-L216"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2646ff961b5fc94035fae0b7e5afedc054dfcfe710701dbf9ba17674c2bb6c8"
score = 75
quality = 85
@@ -307559,8 +307971,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Physmem2Profit : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/FSecureLABS/physmem2profit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L218-L231"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L218-L231"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57e6159bc047c372bb7fa9ac0f77183fe06fe3f41b83039f8b0185f2743cc774"
score = 75
quality = 85
@@ -307582,8 +307994,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Noamci : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/med0x2e/NoAmci"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L233-L246"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L233-L246"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d934503bab7318930f958b1818037f00d3d5be7f5f89f3b519c5072bb4fee03"
score = 75
quality = 85
@@ -307605,8 +308017,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpblock : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/CCob/SharpBlock"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L248-L261"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L248-L261"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7bc689efc6f89ac685f1066da4e9735a0e2b985008679c51e14664cebdaebe4a"
score = 75
quality = 85
@@ -307628,8 +308040,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nopowershell : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/bitsadmin/nopowershell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L263-L276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L263-L276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e4088d451cdc939608fb82f0259d3b60ce8247dfd2f76de839681c9e3d60414"
score = 75
quality = 85
@@ -307651,8 +308063,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Limelogger : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/LimeLogger"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L278-L291"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L278-L291"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "58588726f5f548b9aa948eac6d752404aa43fed18ccd4340422a652b9b061c9b"
score = 75
quality = 85
@@ -307674,8 +308086,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aggressorscripts : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/harleyQu1nn/AggressorScripts"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L293-L306"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L293-L306"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5d84b6dea0290b901f1d911f341a2b15ab42cf9197775d9bb2f613f4baeb69d"
score = 75
quality = 85
@@ -307697,8 +308109,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gopher : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/EncodeGroup/Gopher"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L308-L321"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L308-L321"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "430727d064ae07a4ca4411ee78fe74c684ce21d287283467c1afb9795545003e"
score = 75
quality = 85
@@ -307720,8 +308132,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aviator : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Ch0pin/AVIator"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L323-L336"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L323-L336"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9101444f7d9306058a42b0325fefc0a088d1669932e4a6ba23b387829f01a097"
score = 75
quality = 85
@@ -307743,8 +308155,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Njcrypter : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/0xPh0enix/njCrypter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L338-L352"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L338-L352"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2e3c616b75e15ad082cf0871b7ef8e04f0c2a937000f4bea6927962451ac7f12"
score = 75
quality = 85
@@ -307767,8 +308179,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpminidump : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/b4rtik/SharpMiniDump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L354-L367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L354-L367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eea9a60c5d0acb1ffa7cbfec59f2a3f7f29b507fba2c3694480627c583d24c97"
score = 75
quality = 85
@@ -307790,8 +308202,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Cinarat : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/wearelegal/CinaRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L369-L383"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L369-L383"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d3e006450f3bd35d9d8b0d5c74470f555917d8b3583285ac3ac925ce2a83972b"
score = 75
quality = 85
@@ -307814,8 +308226,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Toxiceye : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/LimerBoy/ToxicEye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L385-L398"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L385-L398"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "58070408e4c08d20a3f37a2bf59f4b125ef4608e9ee3e7ed5fe1e26ad51b6c88"
score = 75
quality = 85
@@ -307837,8 +308249,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Disable_Windows_Defender : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Disable-Windows-Defender"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L400-L413"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L400-L413"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "65cc86433a3c4cb22ad54065b90010a0f3eb18ad8791c45343d103deea880195"
score = 75
quality = 85
@@ -307860,8 +308272,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvoke_Poc : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/dtrizna/DInvoke_PoC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L415-L428"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L415-L428"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51299abecf7244d150e7c148b5896cd64bcf5817a9a962013d6a986891bd321f"
score = 75
quality = 85
@@ -307883,8 +308295,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Reverseshell : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/chango77747/ReverseShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L430-L444"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L430-L444"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cf8220444b6ffe810451e4754f8561e80acd99f8b5fbb013e8eef488b3c4243e"
score = 75
quality = 85
@@ -307907,8 +308319,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpc2 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/SharpC2/SharpC2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L446-L464"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L446-L464"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5439cbe057d5735e3d35ac01966fc65ca0727e1c1c353564d38d1c20bb04484a"
score = 75
quality = 85
@@ -307935,8 +308347,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sneakyexec : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/HackingThings/SneakyExec"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L466-L479"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L466-L479"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb2d505666c4395c9e43607468332c7559807d4da063eb69b31638f2520fee0e"
score = 75
quality = 85
@@ -307958,8 +308370,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Urbanbishoplocal : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/slyd0g/UrbanBishopLocal"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L481-L494"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L481-L494"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd0ded2fbfbf0fb8c53928e3f1bc4425bfa6112b92b609f421d517f931814faa"
score = 75
quality = 85
@@ -307981,8 +308393,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshell : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/cobbr/SharpShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L496-L510"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L496-L510"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9d49e6a85514fb47bd6875372cbbc8fc1d30e8572ce6e5caa594da07f58d4c06"
score = 75
quality = 85
@@ -308005,8 +308417,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evilwmiprovider : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/sunnyc7/EvilWMIProvider"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L512-L525"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L512-L525"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "431aa788d1cd192803ad7a5cc66ea48b7a83d47e009c42280e3e77c6ffb8662c"
score = 75
quality = 85
@@ -308028,8 +308440,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gadgettojscript : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/med0x2e/GadgetToJScript"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L527-L541"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L527-L541"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b072024bc927eaff8bb81bc660dd55a126f9b78e5db591042137b59647631544"
score = 75
quality = 85
@@ -308052,8 +308464,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Azurecli_Extractor : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/0x09AL/AzureCLI-Extractor"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L543-L556"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L543-L556"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6c55a291ba3475a7c7faa2a0152c04b01066a3b3569a5fb052c092b08a8e75ae"
score = 75
quality = 85
@@ -308075,8 +308487,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_UAC_Escaper : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/UAC-Escaper"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L558-L571"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L558-L571"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8b7315970124c7997ca7d7d21e6c26ac9c905cdbc1ee009f7800b6bc98f9c3d4"
score = 75
quality = 85
@@ -308098,8 +308510,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Httpsbeaconshell : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/limbenjamin/HTTPSBeaconShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L573-L586"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L573-L586"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4e51832b9a5f7b82da2f11bcb34664b0a8d0308b0e823436f4339233c07213b3"
score = 75
quality = 85
@@ -308121,8 +308533,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Amsiscanbufferbypass : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/AmsiScanBufferBypass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L588-L601"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L588-L601"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "227b9878e11d1e14aa216cc9d46364cff727b1443f4c18f083971be8dd5e603c"
score = 75
quality = 85
@@ -308144,8 +308556,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellcodeloader : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Hzllaga/ShellcodeLoader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L603-L616"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L603-L616"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3461e21a0a0661be9830023d56ecdd0434ab9f32328118ad87b2216061851127"
score = 75
quality = 85
@@ -308167,8 +308579,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keystrokeapi : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/fabriciorissetto/KeystrokeAPI"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L618-L632"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L618-L632"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36690992d1e5f3df52ad3a3fc218335ee78ce5e1bf7433fa769c8ee618f00b9e"
score = 75
quality = 85
@@ -308191,8 +308603,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellcoderunner : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/antman1p/ShellCodeRunner"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L634-L648"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L634-L648"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fecb1562fe42fa512ab3dd932019fa9ba2c09d574e909361c3af9e190cd5db17"
score = 75
quality = 85
@@ -308215,8 +308627,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensivecsharp : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/diljith369/OffensiveCSharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L650-L674"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L650-L674"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64beb345845aeb7083a2c35d94fa433e95dd810b82c0cf392dd5e3de3bb5b110"
score = 75
quality = 85
@@ -308249,8 +308661,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_SHAPESHIFTER : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/matterpreter/SHAPESHIFTER"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L676-L689"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L676-L689"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87804b4f657dd838e969e41320d08455470611688f1624632df03868d204490d"
score = 75
quality = 85
@@ -308272,8 +308684,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evasor : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/cyberark/Evasor"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L691-L704"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L691-L704"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "883dcb8214c036d4a81ee09f97f206f19f24c6a6526437ba61145cb01cb2b1ba"
score = 75
quality = 85
@@ -308295,8 +308707,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stracciatella : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/mgeeky/Stracciatella"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L706-L719"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L706-L719"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ca28e325cd98f2c9793c434dfd57404e17ed80e57023095d877993a01ee718ee"
score = 75
quality = 85
@@ -308318,8 +308730,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Logger : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/xxczaki/logger"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L721-L734"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L721-L734"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf77dcb7fccad566e998df42e9a8248a117a8636500b80fe885d756cfa999f37"
score = 75
quality = 85
@@ -308341,8 +308753,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Internal_Monologue : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/eladshamir/Internal-Monologue"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L736-L750"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L736-L750"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "983273ebcba36e8a22d5bda8bdbba0e1fb31fb128a76a7b39aa012bc83873aff"
score = 75
quality = 85
@@ -308365,8 +308777,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_GRAT2 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/r3nhat/GRAT2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L752-L765"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L752-L765"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "535f24d46b317dc5c74779931deb92dd922a79cba4f48588763a3d717bbdec82"
score = 75
quality = 85
@@ -308388,8 +308800,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Powershdll : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/p3nt4/PowerShdll"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L767-L780"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L767-L780"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c2b4a2e3008605c35296d2064d4ab3dbb62230db57d1756f0c11e47a303c007"
score = 75
quality = 85
@@ -308411,8 +308823,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharpamsibypass : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/WayneJLee/CsharpAmsiBypass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L782-L795"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L782-L795"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "65daf297f51dd75ed3616504df96aea9b7a61aebd5a3b43c208f1709daedc193"
score = 75
quality = 85
@@ -308434,8 +308846,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hastyseries : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/obscuritylabs/HastySeries"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L797-L819"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L797-L819"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4987c7afbf339a6a21634eb4647a0b09bfa149d330b7fb2aea2467a25e629c62"
score = 75
quality = 85
@@ -308466,8 +308878,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dreamprotectorfree : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Paskowsky/DreamProtectorFree"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L821-L834"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L821-L834"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bd8a6373695b9ab69fdf9e7f4a65c2db4e7a5f6f04f6d308ec352322a396aa44"
score = 75
quality = 85
@@ -308489,8 +308901,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Redsharp : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/padovah4ck/RedSharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L836-L849"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L836-L849"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b751bedba84e8fc253686a7acd33e46a96140f2903f99ce1df6b4932d475bf30"
score = 75
quality = 85
@@ -308512,8 +308924,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_ESC : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NetSPI/ESC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L851-L865"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L851-L865"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a8244145b25260912c8b1d2968fe33fb8497762a6d8f2bbb88a734346990d55"
score = 75
quality = 85
@@ -308536,8 +308948,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharp_Loader : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Csharp-Loader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L867-L880"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L867-L880"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa1a176ce3dbf6ae43d921822d2ab1689a4bf74077fa2a9aa72534ab3cfa3ecc"
score = 75
quality = 85
@@ -308559,8 +308971,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Bantam : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/gellin/bantam"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L882-L895"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L882-L895"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2dce37cd31fa359658519bd50fbb335fc6fd82af5e78a4d86d173d3628e0951f"
score = 75
quality = 85
@@ -308582,8 +308994,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharptask : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/jnqpblc/SharpTask"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L897-L910"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L897-L910"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c3f4ddf4ea9389e01611880a47f2a199938e9a5e0f05df4e7f772f7a9acedc61"
score = 75
quality = 85
@@ -308605,8 +309017,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsplague : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/RITRedteam/WindowsPlague"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L912-L925"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L912-L925"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01ad0621f2bb129fd963093b65cd054bc2a2e185f21041c779b02b1e63475a1c"
score = 75
quality = 85
@@ -308628,8 +309040,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Misc_Csharp : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/jnqpblc/Misc-CSharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L927-L941"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L927-L941"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "32893d4396842c3df3756d7090a1e86bf73c5ad2476aab5d6c53db8bdae9c31a"
score = 75
quality = 85
@@ -308652,8 +309064,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpspray : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/jnqpblc/SharpSpray"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L943-L956"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L943-L956"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "15ad567589656894f0da6ee56c26f48868936db015d0b41c04ccd6fd56f5753e"
score = 75
quality = 85
@@ -308675,8 +309087,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Obfuscator : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/3xpl01tc0d3r/Obfuscator"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L958-L971"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L958-L971"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "523ce9e83bd6cd7152d86fe77a441a3f721d79f8df45c4041e47cae4b15673d5"
score = 75
quality = 85
@@ -308698,8 +309110,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Safetykatz : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/SafetyKatz"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L973-L986"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L973-L986"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "08b1e8ee951140dc6ac07f2646e0bf84bb22bea9948d231e1ba8d4cf0a28a2e8"
score = 75
quality = 85
@@ -308721,8 +309133,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dropless_Malware : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Dropless-Malware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L988-L1001"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L988-L1001"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "833b7758aea58d3065c2c3153f0ab21b7b6a54f7e7083655f2a52c2861080f7d"
score = 75
quality = 85
@@ -308744,8 +309156,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_UAC_Silentclean : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/EncodeGroup/UAC-SilentClean"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1003-L1016"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1003-L1016"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "32d331148578923e7f5017ce874f9daa234a759ea5a87cbddc1e111834acf920"
score = 75
quality = 85
@@ -308767,8 +309179,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Desktopgrabber : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/DesktopGrabber"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1018-L1031"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1018-L1031"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1937fa6b9e5af3c12a2eef6356aed2c93e6534db492ebc7a8955c4cac240a840"
score = 75
quality = 85
@@ -308790,8 +309202,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wsmanager : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/guillaC/wsManager"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1033-L1046"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1033-L1046"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbcdcf8c4895263b881f45f54df01b6a6a3d76cf1be195475217ccffa9eedfed"
score = 75
quality = 85
@@ -308813,8 +309225,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Uglyexe : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/fashionproof/UglyEXe"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1048-L1061"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1048-L1061"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "caf7c8ae7060822e0014710e521020e5d502eedb505165374b7600b11dea7bad"
score = 75
quality = 85
@@ -308836,8 +309248,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdump : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/SharpDump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1063-L1076"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1063-L1076"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "95217122df1b56132e7774c10c0e993d914cdf8e2463f949cfbab59cb0d99ca4"
score = 75
quality = 85
@@ -308859,8 +309271,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Educationalrat : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/securesean/EducationalRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1078-L1091"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1078-L1091"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c46fee5ff948537fb1defe636f3987b3de52b2e37a1130b4b425c6645d74b11b"
score = 75
quality = 85
@@ -308882,8 +309294,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stealth_Kid_RAT : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/ctsecurity/Stealth-Kid-RAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1093-L1107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1093-L1107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a885a48053d501273fc8043e990166558458239781feb9e09f972c52d57e8da"
score = 75
quality = 85
@@ -308906,8 +309318,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcradle : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/anthemtotheego/SharpCradle"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1109-L1122"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1109-L1122"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4213877aaf5606c9e5f3f38a1f057f8068e0fa062a5f1eb4389d83c6032df6c3"
score = 75
quality = 85
@@ -308929,8 +309341,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Bypassuac : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/cnsimo/BypassUAC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1124-L1138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1124-L1138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05dbd4d443664735a10bd48dbbda4edf7ba3756c9dd3f53cb25e066e8f5f1b61"
score = 75
quality = 85
@@ -308953,8 +309365,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hanzoinjection : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/P0cL4bs/hanzoInjection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1140-L1153"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1140-L1153"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "692e5288fffb8eb65b6f84017c31bb3d5d7320c141cd5a60eef6d9482385bb88"
score = 75
quality = 85
@@ -308976,8 +309388,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Clr_Meterpreter : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/OJ/clr-meterpreter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1155-L1173"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1155-L1173"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d48897457c5f3ea7a9c24a24ab63207c3841bc3ac444d1c42987cb291f05941"
score = 75
quality = 85
@@ -309004,8 +309416,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_BYTAGE : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/KNIF/BYTAGE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1175-L1188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1175-L1188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d295501a64515a68bbd9a3c7f0f5ca0bbf59df5f6c91dd66d2ce6e744ce3fc1"
score = 75
quality = 85
@@ -309027,8 +309439,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Multios_Reverseshell : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/belane/MultiOS_ReverseShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1190-L1203"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1190-L1203"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0b7f881aee1097dcbbd39a832073aada103b23ebc5b167052e9483083fec02d"
score = 75
quality = 85
@@ -309050,8 +309462,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hidefromamsi : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/0r13lc0ch4v1/HideFromAMSI"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1205-L1218"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1205-L1218"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05fccd4c7346c1ac1830984f945f5d37ca3e44a479287d681dfdb06d200764f1"
score = 75
quality = 85
@@ -309073,8 +309485,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnetavbypass_Master : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/lockfale/DotNetAVBypass-Master"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1220-L1233"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1220-L1233"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3382613db4970475922fb7db70b6ce4f9c247f083a2164b86ba9e81a770e0e36"
score = 75
quality = 85
@@ -309096,8 +309508,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdpapi : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/SharpDPAPI"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1235-L1249"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1235-L1249"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "70f40bc48eeba3f835a280e7e2ce06b2a16179be9914d5c2548c820b02f4c837"
score = 75
quality = 85
@@ -309120,8 +309532,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Telegra_Csharp_C2 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/sf197/Telegra_Csharp_C2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1251-L1264"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1251-L1264"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ebdec8d1781ffc106f93f3686eb96e6b79810fbb0c7b1eb7cbbb161397298adc"
score = 75
quality = 85
@@ -309143,8 +309555,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcompile : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/SpiderLabs/SharpCompile"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1266-L1279"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1266-L1279"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8b46bf3017f336dc669b6c81a339953cc8931df49283b67172f45d1715ef422"
score = 75
quality = 85
@@ -309166,8 +309578,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Carbuncle : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/checkymander/Carbuncle"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1281-L1294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1281-L1294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f792c3ed1f62915635dc9090cc608475701d1a4ec60810946336a5d72280af48"
score = 75
quality = 85
@@ -309189,8 +309601,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ossfiletool : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/B1eed/OSSFileTool"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1296-L1309"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1296-L1309"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0dda05d0a53babdf83a2edf9ac0ed21954c059baa73963c79fb840c737865df1"
score = 75
quality = 85
@@ -309212,8 +309624,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rubeus : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/Rubeus"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1311-L1324"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1311-L1324"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d2df79b86b2c1eb4721ee9b6fce920db3e48f9cf96fa693876a6d7d8dad54e6"
score = 75
quality = 85
@@ -309235,8 +309647,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Simple_Loader : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/cribdragg3r/Simple-Loader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1326-L1339"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1326-L1339"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0dff8268f2c0c0764736727c78c648567b42cd3e177a7b73aa47a5afdf2f6d4a"
score = 75
quality = 85
@@ -309258,8 +309670,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Minidump : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/3xpl01tc0d3r/Minidump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1341-L1354"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1341-L1354"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "798c1c569b224442c2f7b98254062e8cd3b008cb6d7aefef3063d9d57dbfbaee"
score = 75
quality = 85
@@ -309281,8 +309693,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbypassuac : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/FatRodzianko/SharpBypassUAC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1356-L1369"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1356-L1369"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa9aae20fc35bba3b88e32f03e832579ee48d03303e789a13949a859a6da1a3d"
score = 75
quality = 85
@@ -309304,8 +309716,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharppack : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Lexus89/SharpPack"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1371-L1391"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1371-L1391"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "43701a68c6bbb5fc1217f9b47096dcc87d2b1ffa9399ba50df9f7e99cec2c0d8"
score = 75
quality = 85
@@ -309334,8 +309746,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Salsa_Tools : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Hackplayers/Salsa-tools"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1393-L1407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1393-L1407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "086108496c5ff6df15a26453da7f0922c29132fd4136cca9a02c21afc9c55ad5"
score = 75
quality = 85
@@ -309358,8 +309770,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsdefender_Payload_Downloader : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/notkohlrexo/WindowsDefender-Payload-Downloader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1409-L1422"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1409-L1422"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "587784216f3cf47e291219e08dc2b38bd43b11519d612eaccc631539ecc27c60"
score = 75
quality = 85
@@ -309381,8 +309793,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Privilege_Escalation : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Mrakovic-ORG/Privilege_Escalation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1424-L1437"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1424-L1437"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18f5d4f917e1e3f0902ab50d6ae2c249782c65d0fc1ed4bc4d06ffae4d286598"
score = 75
quality = 85
@@ -309404,8 +309816,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Marauder : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/maraudershell/Marauder"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1439-L1452"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1439-L1452"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b1a14c6dd80beedd1f385f3b85cec44a443020a76d4da03ea3a53e1c7c0a7b82"
score = 75
quality = 85
@@ -309427,8 +309839,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_AV_Evasion_Tool : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/1y0n/AV_Evasion_Tool"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1454-L1468"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1454-L1468"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9962ed855d43e12ecfcb38337e20db714315d0ec9d83f74d115765a973939b5c"
score = 75
quality = 85
@@ -309451,8 +309863,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Fenrir : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/nccgroup/Fenrir"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1470-L1483"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1470-L1483"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b62914aea33db4027c62ecf57854d20942197d1b9212245d1932c0a6b80fe5f"
score = 75
quality = 85
@@ -309474,8 +309886,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stormkitty : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/LimerBoy/StormKitty"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1485-L1499"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1485-L1499"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e346a56a555fe8fae6d5f3704a39b97e82de79160da93cba7646eb7d6a98d5a8"
score = 75
quality = 85
@@ -309498,8 +309910,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Crypter_Runtime_AV_S_Bypass : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/netreverse/Crypter-Runtime-AV-s-bypass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1501-L1514"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1501-L1514"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4427fdd90b88576b05bc47c0a24a6daa92e066868e3c738007bfcf9c29058b2e"
score = 75
quality = 85
@@ -309521,8 +309933,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Runasuser : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/atthacks/RunAsUser"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1516-L1529"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1516-L1529"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8ac64be85ae1a55c3390dace5e43580453568758a712bdca0a5e81817d0a7fb0"
score = 75
quality = 85
@@ -309544,8 +309956,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hwidbypass : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/yunseok/HWIDbypass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1531-L1544"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1531-L1544"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b19d3560fdf5bfbfd3c4fb434474cdde5efa42de611fb97e76312664b8cedb7"
score = 75
quality = 85
@@ -309567,8 +309979,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Xoredreflectivedll : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/r3nhat/XORedReflectiveDLL"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1546-L1560"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1546-L1560"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "92df3b5c8d1b531dd4b4d04ba53aa6ae5ebf9d1f6869a0d46cd972b082fa1b9f"
score = 75
quality = 85
@@ -309591,8 +310003,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Suite : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/FuzzySecurity/Sharp-Suite"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1562-L1596"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1562-L1596"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cffb4eae9fe3f2034fb03defcd0e0f3f1abaaa2638b137bdfdf67d071e055d42"
score = 75
quality = 83
@@ -309634,8 +310046,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rat_Shell : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/stphivos/rat-shell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1598-L1612"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1598-L1612"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d88c891393c914b4b1520bbdb575e78740f21bd361fe4187fdd08aeed708540"
score = 75
quality = 85
@@ -309658,8 +310070,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnet_Gargoyle : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/countercept/dotnet-gargoyle"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1614-L1629"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1614-L1629"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c7ad2c6c775ed6355dd93b06e31e04916277564301b45fe13b69d3e25dcd7bad"
score = 75
quality = 85
@@ -309683,8 +310095,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aresskit : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/BlackVikingPro/aresskit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1631-L1644"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1631-L1644"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3f7c2cb5dee0d77f70ea1fe231e498d1a16c11f92a8b930c9a603fa64a54cec0"
score = 75
quality = 85
@@ -309706,8 +310118,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_DLL_Injector : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/tmthrgd/DLL-Injector"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1646-L1660"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1646-L1660"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fe92cb643d8ddbc0d8d09a88e90655965001375d05c799d6c2437e6c94b26c7a"
score = 75
quality = 85
@@ -309730,8 +310142,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Trufflesnout : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/dsnezhkov/TruffleSnout"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1662-L1675"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1662-L1675"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "03b340ccf4b314ec5d3c33e83e5a47b55e935a8e55acbd6bd9daba43443d53a1"
score = 75
quality = 85
@@ -309753,8 +310165,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Anti_Analysis : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Anti-Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1677-L1690"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1677-L1690"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a4141b376afbf36a7a9aa340ea5514b85dd6b0fab003554bae06c0240c98a79"
score = 75
quality = 85
@@ -309776,8 +310188,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Backnet : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/valsov/BackNet"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1692-L1708"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1692-L1708"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "82ab970de2e27e711c502903cc2ede47da296df3ea346c870698c920a4ece282"
score = 75
quality = 85
@@ -309802,8 +310214,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Allthethings : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/johnjohnsp1/AllTheThings"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1710-L1723"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1710-L1723"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4a562e4db2477be34fa4ccf2c83afafc7aafead3a9eae434b4bc0a5ea6430f7"
score = 75
quality = 85
@@ -309825,8 +310237,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Addreferencedotredteam : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/ceramicskate0/AddReferenceDotRedTeam"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1725-L1738"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1725-L1738"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec7e0c39db13d212ff9aac4ec8d7d9b4274f3a404997f9291dcbfeaf311f31b4"
score = 75
quality = 85
@@ -309848,8 +310260,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Crypter : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Lime-Crypter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1740-L1753"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1740-L1753"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab4243f5e4efcadc9d1a9a34bdb4d5aedcf500accf4cb3681a73015c7f3f6900"
score = 75
quality = 85
@@ -309872,8 +310284,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browserghost : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/QAX-A-Team/BrowserGhost"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1755-L1770"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1755-L1770"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "448177aae4b0b2f17faefb22599649b7264c85e3af96b1d78bab6ada891b7a82"
score = 75
quality = 85
@@ -309895,8 +310307,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshot : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/tothi/SharpShot"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1772-L1785"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1772-L1785"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "65bbe20eb2aac648648b828c176e418648ebdc6372d287e4bc3b0d3edf233e86"
score = 75
quality = 85
@@ -309918,8 +310330,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensive__NET : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/mrjamiebowman/Offensive-.NET"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1787-L1800"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1787-L1800"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dddbee2e6d1cd4046f91192fe26841cc6c359dd9188d472c8b2acca691c15a34"
score = 75
quality = 85
@@ -309941,8 +310353,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ruralbishop : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/RuralBishop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1802-L1815"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1802-L1815"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8dfa8652507851305da814b1410a7854be2c1c78cac325881118829be3456776"
score = 75
quality = 85
@@ -309964,8 +310376,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Deviceguardbypasses : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/tyranid/DeviceGuardBypasses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1817-L1835"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1817-L1835"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aff1a0236c532d5822a440f1d9a0a0265b422ebe0b53d799d53e838aef5f64ad"
score = 75
quality = 85
@@ -309992,8 +310404,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_AMSI_Handler : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/two06/AMSI_Handler"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1837-L1853"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1837-L1853"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b27157331b3b9f6897134172f7dd9198fad7747c12d1020cb3e2d924c2910ce"
score = 75
quality = 85
@@ -310018,8 +310430,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_RAT_Telegramspybot : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/SebastianEPH/RAT.TelegramSpyBot"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1855-L1868"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1855-L1868"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9fc671ef600548d962a2d5ab12ba3111ed19e83ef96d2d536eb343bb8fb4b0d2"
score = 75
quality = 85
@@ -310041,8 +310453,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Thehacktoolboxteek : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/teeknofil/TheHackToolBoxTeek"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1870-L1889"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1870-L1889"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f18d6be2789371f3db649d0df3fc31a2e97604b399873c9843c1e08c981be0da"
score = 75
quality = 85
@@ -310070,8 +310482,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Usbtrojan : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/mashed-potatoes/USBTrojan"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1891-L1904"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1891-L1904"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2280803c42311b8b78a51f0917d9fb4cdd8ca427ce2361372914e5922a1a0b68"
score = 75
quality = 85
@@ -310093,8 +310505,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_IIS_Backdoor : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/WBGlIl/IIS_backdoor"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1906-L1920"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1906-L1920"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "61fcba7e59ac005db140d8eee1d8a1fd4ce8cd18c069053270e0195ee9d63ccc"
score = 75
quality = 85
@@ -310117,8 +310529,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellgen : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/jasondrawdy/ShellGen"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1922-L1935"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1922-L1935"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "80c7291653e6cb5d7ef4d69390f7508cd95149d92b59aa3b5c8e6e0fe3723bfe"
score = 75
quality = 85
@@ -310140,8 +310552,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Mass_RAT : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Mass-RAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1937-L1952"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1937-L1952"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "53ef9b1d44e6497bafe0982f2e6be65240fcf5684a7b5a6c32a704ab3b7e085c"
score = 75
quality = 85
@@ -310165,8 +310577,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browser_Externalc2 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/mdsecactivebreach/Browser-ExternalC2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1954-L1967"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1954-L1967"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a0027775fb2a06d01cfe30c85ce03e11cf43976abe9bf7b2c61895a55d26404"
score = 75
quality = 85
@@ -310188,8 +310600,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensivepowershelltasking : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/leechristensen/OffensivePowerShellTasking"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1969-L1983"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1969-L1983"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21d7192eaefeeed030b1ef1be29b54c12826914dc6f0945789f3690a39bee217"
score = 75
quality = 85
@@ -310212,8 +310624,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dohc2 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/SpiderLabs/DoHC2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L1985-L1998"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L1985-L1998"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1601c438c4359d3daa1b5b3cc36a82e049a5ed379ec7a52cdd4a9bca83518dd3"
score = 75
quality = 85
@@ -310235,8 +310647,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Syscallpoc : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/SolomonSklash/SyscallPOC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2000-L2014"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2000-L2014"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a12628052d5c1043b3aae0bedb62908a35cb27871e329f84b0fc22e29149f89e"
score = 75
quality = 85
@@ -310259,8 +310671,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Pen_Test_Tools : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/awillard1/Pen-Test-Tools"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2016-L2040"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2016-L2040"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dc124d65fd724a2e73c708925f44fd87dcd067c121f2875a15ed790c84405899"
score = 50
quality = 85
@@ -310293,8 +310705,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_The_Collection : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Tlgyt/The-Collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2042-L2059"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2042-L2059"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8e28d972aaf44caff35bf982788a6e9b69d0acce4b11c8cfa00c65466412305"
score = 75
quality = 85
@@ -310320,8 +310732,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Change_Lockscreen : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/nccgroup/Change-Lockscreen"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2061-L2074"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2061-L2074"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b3cd265c6ccdae529a52c3609610f0e633f0112180afd63a5d9892e78d12ef1"
score = 75
quality = 85
@@ -310343,8 +310755,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_LOLBITS : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/Kudaes/LOLBITS"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2076-L2089"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2076-L2089"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa5978a49940cef63308ae228607eff22d19ea05373b2c4a3a293074af422b20"
score = 75
quality = 85
@@ -310366,8 +310778,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keylogger : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/BlackVikingPro/Keylogger"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2091-L2104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2091-L2104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "490fb06375b32c70041754e8855cc1d26b76531d24a58bb0b719a998fdb809d6"
score = 75
quality = 85
@@ -310389,8 +310801,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_1337 : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/neofito/CVE-2020-1337"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2106-L2119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2106-L2119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05d557a3592845030880c3b87d8134565c2858db89218e1c38edbb025b945d72"
score = 75
quality = 85
@@ -310412,8 +310824,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharplogger : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/SharpLogger"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2121-L2134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2121-L2134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9f63dc6bf41b6a062e80b6726c86bbeb7db68e319a78d1bd0187eef234a1c090"
score = 75
quality = 85
@@ -310435,8 +310847,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Asyncrat_C_Sharp : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2136-L2159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2136-L2159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac6319ecfbfc2ddb096b8674a9b494d9460181ebaa2b32ee337d46f6dd33f21d"
score = 75
quality = 85
@@ -310468,8 +310880,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Darkfender : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/0xyg3n/DarkFender"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2161-L2174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2161-L2174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2afa4ff5719cb5b3a53b45a880e08e2cac6df8bb1ff053ee290ad6b025f9a6b5"
score = 75
quality = 85
@@ -310491,8 +310903,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Minerdropper : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/DylanAlloy/MinerDropper"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2194-L2208"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2194-L2208"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a604745a0d95c54be0d1b183486aad0751aee825574500fbff6380571565a18"
score = 75
quality = 85
@@ -310515,8 +310927,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdomainspray : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/HunnicCyber/SharpDomainSpray"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2210-L2223"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2210-L2223"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da8a964691758e8179199b5725b0811a5b37de964f6a5fa01d6adac286bc544a"
score = 75
quality = 85
@@ -310538,8 +310950,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ispykeylogger : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/mwsrc/iSpyKeylogger"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2225-L2241"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2225-L2241"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c0b0a8d53efc5e922f73eec7550e6927f19aaef950921fde95b7bd651adeec7"
score = 75
quality = 85
@@ -310564,8 +310976,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Solarflare : FILE
date = "2020-12-15"
modified = "2025-08-15"
reference = "https://github.com/mubix/solarflare"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2243-L2256"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2243-L2256"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9968c4f65672e98ec1ced26e2344e9b12141e3ea7e58be650d077089c9f6bd1c"
score = 75
quality = 85
@@ -310587,8 +310999,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Snaffler : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/SnaffCon/Snaffler"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2258-L2272"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2258-L2272"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a99f8012e45bbc7b689c49d2f6b5e86918b3984ce211fc4b459b6297d75c233a"
score = 75
quality = 85
@@ -310611,8 +311023,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshares : FILE
date = "2020-12-13"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/SharpShares/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2274-L2287"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2274-L2287"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "09151f0ee360aaa74ebd0fe809ee45135705475a8559f78762ea80e261d173f3"
score = 75
quality = 85
@@ -310634,8 +311046,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpedrchecker : FILE
date = "2020-12-18"
modified = "2025-08-15"
reference = "https://github.com/PwnDexter/SharpEDRChecker"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2289-L2302"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2289-L2302"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a5a192bb5aedf801465760fd362e0917c7a68c97058c82d0954ce44d3632c43"
score = 75
quality = 85
@@ -310657,8 +311069,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcliphistory : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/FSecureLABS/SharpClipHistory"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2304-L2317"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2304-L2317"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18558f9c446847d2021c3f2a99315c490fc26b1c585dd8a7a0ba4470be8d1e45"
score = 75
quality = 85
@@ -310680,8 +311092,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpgpo_Remoteaccesspolicies : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/FSecureLABS/SharpGPO-RemoteAccessPolicies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2319-L2332"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2319-L2332"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e2e3168f733ce8a3e6129e4f2faa6a90a47f6cfc683c840032c0323170720a1b"
score = 75
quality = 85
@@ -310703,8 +311115,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Absinthe : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/cameronhotchkies/Absinthe"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2334-L2347"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2334-L2347"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "54040db5bdcfc711a26401d082693471c3f98fc043a550d1253f72a2d2611ae4"
score = 75
quality = 85
@@ -310726,8 +311138,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Exploitremotingservice : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/tyranid/ExploitRemotingService"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2349-L2364"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2349-L2364"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b22513722be15f582d06c23fb6db53722c0edf2f89f17e28ca067f431ffd4616"
score = 75
quality = 85
@@ -310751,8 +311163,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Xploit : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/shargon/Xploit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2366-L2389"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2366-L2389"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b622acce9ff8186266c69d4ca097902027f5ca652408bfa4ec36fa145e14737"
score = 75
quality = 85
@@ -310784,8 +311196,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poc : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/thezdi/PoC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2391-L2404"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2391-L2404"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f3001a60ce4b6415de2cb035ab56023cd2ee5f4c73e745d87409e5fef1fc9e8a"
score = 75
quality = 85
@@ -310807,8 +311219,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpgpoabuse : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/FSecureLABS/SharpGPOAbuse"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2406-L2419"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2406-L2419"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "683be1b4cee3ba705146f62cdc36c99ce5e4711cd38aec8103584321afd934f1"
score = 75
quality = 85
@@ -310830,8 +311242,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Watson : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/Watson"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2421-L2434"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2421-L2434"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0fa1d96e9c9fdd612f092dbdcde980956cf4bf24b384991d77737af43637bb34"
score = 75
quality = 85
@@ -310853,8 +311265,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Standin : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/FuzzySecurity/StandIn"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2436-L2449"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2436-L2449"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db008e841cef47916e06167661b3825d1272357a347f522ccea25cc887438480"
score = 75
quality = 85
@@ -310876,8 +311288,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Azure_Password_Harvesting : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/guardicore/azure_password_harvesting"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2451-L2464"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2451-L2464"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eac946e4110f9e7fdcc69ca562ed37a5e77216a325ccd11e29ec7348c2dd12d4"
score = 75
quality = 85
@@ -310899,8 +311311,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Powerops : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/fdiskyou/PowerOPS"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2466-L2479"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2466-L2479"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7afb5a5c5eaaba574f31d2041ec2e23f969508bac76aeb58a98714b06b8e6ae7"
score = 75
quality = 85
@@ -310922,8 +311334,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Random_Csharptools : FILE
date = "2020-12-21"
modified = "2025-08-15"
reference = "https://github.com/xorrior/Random-CSharpTools"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2481-L2500"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2481-L2500"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "633cfdc2f1950f36474e15cb186fc4673e7cbc9417fdbee61409b14be94bc6cb"
score = 75
quality = 85
@@ -310951,8 +311363,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_0668 : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/RedCursorSecurityConsulting/CVE-2020-0668"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2502-L2515"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2502-L2515"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac81e20fa9e5a4f701172d3e68c016b33e5cbda6053505d46f761337fb374161"
score = 75
quality = 85
@@ -310974,8 +311386,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsrpcclients : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/tyranid/WindowsRpcClients"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2517-L2536"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2517-L2536"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2e99c98514bde102450b119cda3cc3c20d7680de5ccbbf64124b719fb8333e8d"
score = 75
quality = 85
@@ -311003,8 +311415,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpfruit : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rvrsh3ll/SharpFruit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2538-L2551"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2538-L2551"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da59a7c8fb038171a560d337a49f33a28a2ea88e4c7b08df12eaeb85906c0753"
score = 75
quality = 85
@@ -311026,8 +311438,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwitness : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/SharpWitness"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2553-L2566"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2553-L2566"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a9bc18362347f55b77ec275ad377da9e72ac8a65cab06a867ae55b61b69e7cd"
score = 75
quality = 85
@@ -311049,8 +311461,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rexcrypter : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/syrex1013/RexCrypter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2568-L2581"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2568-L2581"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fc8bd8eaa3561431bc8886de74b1d569d5fa1f2de7f866146669b4e918a3bf30"
score = 75
quality = 85
@@ -311072,8 +311484,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpersist : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/fireeye/SharPersist"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2583-L2596"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2583-L2596"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "265f42a83973cacb82d4ff12db210ad6cb10265acc38724ed895dc772cf7855e"
score = 75
quality = 85
@@ -311095,8 +311507,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2019_1253 : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/padovah4ck/CVE-2019-1253"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2598-L2611"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2598-L2611"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f365dcec83696032370192d95312999d3baa950379472b99af17687a501dfa9c"
score = 75
quality = 85
@@ -311118,8 +311530,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Scout : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/jaredhaight/scout"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2613-L2626"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2613-L2626"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b677eb07dde231e1d6d542aaafcc0350ce51a66c5396949dd0f1d41311a822b5"
score = 75
quality = 85
@@ -311141,8 +311553,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Grouper2 : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/l0ss/Grouper2/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2628-L2641"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2628-L2641"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b89180f81c4231ea03bb49631b0931b2b7e4ff9e97f44798dd50f6fa4d12b75f"
score = 75
quality = 85
@@ -311164,8 +311576,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Casperstager : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/ustayready/CasperStager"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2643-L2657"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2643-L2657"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "556dd774b6ba38371951ca416133573b0539d699671200e3accfe5bc6fbc979d"
score = 75
quality = 85
@@ -311188,8 +311600,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tellmeyoursecrets : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xbadjuju/TellMeYourSecrets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2659-L2672"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2659-L2672"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b606c11986ff26d279db58c088633f39eddb41c96c2510f7738cfcef5ff4941f"
score = 75
quality = 85
@@ -311211,8 +311623,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpexcel4_DCOM : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rvrsh3ll/SharpExcel4-DCOM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2674-L2687"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2674-L2687"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "278eeabdfa26eec5f9e6d2fba093b4698a9813813f644b65e4e28791b600a5dc"
score = 75
quality = 85
@@ -311234,8 +311646,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshooter : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/mdsecactivebreach/SharpShooter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2689-L2702"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2689-L2702"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79a63f9a24b94327b5b720c415143977c7fba088930dd94f6f2f2784770d182d"
score = 75
quality = 85
@@ -311257,8 +311669,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nomsbuild : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rvrsh3ll/NoMSBuild"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2704-L2718"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2704-L2718"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "df8bfecf2f983975a4885cbabc79d2b42c1281bdd918aa0fc9fa50ef75bbfe5d"
score = 75
quality = 85
@@ -311281,8 +311693,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Teleshadow2 : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/ParsingTeam/TeleShadow2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2720-L2734"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2720-L2734"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "df4f26856b5ee348393ddb41e53bdfc8e2bed58ed9fc7b4f758cd1746431d85c"
score = 75
quality = 85
@@ -311305,8 +311717,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Badpotato : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/BeichenDream/BadPotato"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2736-L2749"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2736-L2749"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b78b623666279dab22c263a5a925fc665646ddcc24d1638ebe54bad2ccd5ed4c"
score = 75
quality = 85
@@ -311328,8 +311740,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lethalhta : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/codewhitesec/LethalHTA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2751-L2765"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2751-L2765"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ebcf9df0cdbab82ee2eea25479058366651746990b32e5af7cbf4da7dae8fafe"
score = 75
quality = 85
@@ -311352,8 +311764,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpstat : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/Raikia/SharpStat"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2767-L2780"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2767-L2780"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b163520c47d593244a66ee64071147824486bde4174a5276972a3329b0271a73"
score = 75
quality = 85
@@ -311375,8 +311787,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sneakyservice : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/malcomvetter/SneakyService"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2782-L2795"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2782-L2795"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3f9e4a9666875e8b70ced55924f7dae661e9be6e033bafe4efc1614fb65a7f08"
score = 75
quality = 85
@@ -311398,8 +311810,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpexec : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/anthemtotheego/SharpExec"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2797-L2810"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2797-L2810"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "099c18601efc20cb50e7e463755ebda5898cce5d4a0253216a72018337da07f4"
score = 75
quality = 85
@@ -311421,8 +311833,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcom : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rvrsh3ll/SharpCOM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2812-L2825"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2812-L2825"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f409d4390fbf8eea8b288e02fbe75d4ecf338a239d8015511f4a9979a1e8a7df"
score = 75
quality = 85
@@ -311444,8 +311856,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Inception : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/two06/Inception"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2827-L2840"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2827-L2840"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "846dfe525380eae42905a3adfbfc56f6c0e6de8abfa4f92e5f02889448dbcc29"
score = 75
quality = 85
@@ -311468,8 +311880,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwmi_1 : FILE
modified = "2025-08-15"
old_rule_name = "HKTL_NET_GUID_sharpwmi"
reference = "https://github.com/QAX-A-Team/sharpwmi"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2842-L2856"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2842-L2856"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "295315b876579ee0d2eb60a44e4be643c143ec1331b155faf0ba61ab016df07f"
score = 75
quality = 85
@@ -311491,8 +311903,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2019_1064 : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/RythmStick/CVE-2019-1064"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2858-L2871"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2858-L2871"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5f72f2569d7e3c1ee6fcd742e22d56331bcbf130b9f2bbc63fbc1504c6597e57"
score = 75
quality = 85
@@ -311514,8 +311926,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tokenvator : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xbadjuju/Tokenvator"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2873-L2886"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2873-L2886"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "45e75eee8ece293a35ac385311994cf8b23fd4f38d84bf53bd724e03ec092e4e"
score = 75
quality = 85
@@ -311537,8 +311949,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wheresmyimplant : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xbadjuju/WheresMyImplant"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2888-L2901"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2888-L2901"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e25816823669753dc475c059320634203e9f9450c320baac3af0d6c996a17264"
score = 75
quality = 85
@@ -311560,8 +311972,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Naga : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/byt3bl33d3r/Naga"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2903-L2917"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2903-L2917"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c579546957c1b05d5fff7ad914d4b6de22ccf216bda92972abd66b0dae89895b"
score = 75
quality = 85
@@ -311584,8 +311996,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbox : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/P1CKLES/SharpBox"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2919-L2932"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2919-L2932"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a52663ffad8b36d8e6be74c341fb26205b9605df35530b19ab2f4a4c454eb16"
score = 75
quality = 85
@@ -311607,8 +312019,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rundotnetdll32 : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xbadjuju/rundotnetdll32"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2934-L2947"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2934-L2947"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d0a0fa8604eaca14e2fc8545c5b008d26ef1a09f3d792b62549d76fb2d5155d1"
score = 75
quality = 85
@@ -311630,8 +312042,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Antidebug : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/malcomvetter/AntiDebug"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2949-L2962"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2949-L2962"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b665c72e191cc42307f6eecbf0a9ea9238da886e8d5d73b2d569cda2dabe2b1a"
score = 75
quality = 85
@@ -311653,8 +312065,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvisibleregistry : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/NVISO-BE/DInvisibleRegistry"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2964-L2977"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2964-L2977"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7703b24ca72770547d76ebfb8b94b5d13d9d7fa1c65cc8e2ffbf8eca30c1f8d0"
score = 75
quality = 85
@@ -311676,8 +312088,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tikitorch : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/TikiTorch"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L2979-L2998"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L2979-L2998"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "394b4e7ecb7333e7d0944690276de6d942dfa949ba04d28d5576da639a5489bc"
score = 75
quality = 85
@@ -311705,8 +312117,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hivejack : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/Viralmaniar/HiveJack"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3000-L3013"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3000-L3013"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46eb7b01deb14eb7a9e1b59f04844b442a47a5c3545fa9925448349ef50e317e"
score = 75
quality = 85
@@ -311728,8 +312140,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Decryptautologon : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/securesean/DecryptAutoLogon"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3015-L3028"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3015-L3028"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "122f265f812e81aef554c1907c8397ac4ad03ff85f53254806abe36049c9b746"
score = 75
quality = 85
@@ -311751,8 +312163,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Unstoppableservice : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/malcomvetter/UnstoppableService"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3030-L3043"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3030-L3043"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad88047730485852c1d051f168b762da18a85242acf0850204dd5fc86b313390"
score = 75
quality = 85
@@ -311775,8 +312187,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwmi_2 : FILE
modified = "2025-08-15"
old_rule_name = "HKTL_NET_GUID_SharpWMI"
reference = "https://github.com/GhostPack/SharpWMI"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3045-L3059"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3045-L3059"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "968eddc046e0629fed50d77c3b6c55a6d88d4fa68f05bab77f4b43bea6ad62fc"
score = 75
quality = 85
@@ -311798,8 +312210,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ewstoolkit : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/EWSToolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3061-L3074"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3061-L3074"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8e10bc2bc8dc0b526f919eed141660555334b97f528d3a74c5b91db05394fad"
score = 75
quality = 85
@@ -311821,8 +312233,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sweetpotato : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/CCob/SweetPotato"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3076-L3090"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3076-L3090"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36430e0c2874aed1d86e061f9413c16bbb4527d0d04dfb8993214920083cc30a"
score = 75
quality = 85
@@ -311845,8 +312257,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memscan : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/nccgroup/memscan"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3092-L3105"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3092-L3105"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9885512853fc46cc680b70ab26b40d4e51393b1f0b744565d4a4aa063cb78440"
score = 75
quality = 85
@@ -311868,8 +312280,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpstay : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xthirteen/SharpStay"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3107-L3120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3107-L3120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "91fe0fd4bea7678df8bdb0948a0952e01b6588e07836d535f5aaa3700294d838"
score = 75
quality = 85
@@ -311891,8 +312303,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharplocker : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/Pickfordmatt/SharpLocker"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3122-L3135"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3122-L3135"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "030b7a87042ce70c9de6031d0e03f07e508563f4ca2da4d6dc80e87f8bf483de"
score = 75
quality = 85
@@ -311914,8 +312326,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sauroneye : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/vivami/SauronEye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3137-L3151"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3137-L3151"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "feeda6aec173cb13209559dc3a156bdc3d4be6e14cbe52ffb2e1bb7bf652441a"
score = 75
quality = 85
@@ -311938,8 +312350,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sitrep : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/mdsecactivebreach/sitrep"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3153-L3166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3153-L3166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "113e3a23c3f8258707f9d0c1baa143b3599e5da10928f275fca908c3a57f76e8"
score = 75
quality = 85
@@ -311961,8 +312373,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpclipboard : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/slyd0g/SharpClipboard"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3168-L3181"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3168-L3181"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5070ae56bb7f5df31e915104ce42e18dbf86b93a327c49dabddcfbd141d468ac"
score = 75
quality = 85
@@ -311984,8 +312396,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcookiemonster : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/m0rv4i/SharpCookieMonster"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3183-L3196"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3183-L3196"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1aac6d1c4e1d28805ec7e61ee00d105795ce355dce6238981b22b6f7cf9d4e29"
score = 75
quality = 85
@@ -312007,8 +312419,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_P0Wnedshell : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/Cn33liz/p0wnedShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3198-L3211"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3198-L3211"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7c6d8dbcd1ff31a9b34c36b4db2867f0b9e3fac98c7039d2a51bfe5a45afcc71"
score = 75
quality = 85
@@ -312030,8 +312442,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpmove : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xthirteen/SharpMove"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3213-L3226"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3213-L3226"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4980a9b197479b2514e12b78aa5a3bf9825772f8578d3abd219607e39af7e470"
score = 75
quality = 85
@@ -312053,8 +312465,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_C_Sharp_R_A_T_Client : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3228-L3241"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3228-L3241"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a090996b8453fb41483888f433da57340a6509221439ffd8f17e546424686c55"
score = 75
quality = 85
@@ -312076,8 +312488,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpprinter : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rvrsh3ll/SharpPrinter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3243-L3256"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3243-L3256"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "86eb7194039aa8bb89f77041215a3421bb35acd790aa769156298f30a124e9b3"
score = 75
quality = 85
@@ -312099,8 +312511,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evilfoca : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/ElevenPaths/EvilFOCA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3258-L3271"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3258-L3271"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f903e2552bdb75a985065e9b78229b56c8005041cf3a75be355192684582caee"
score = 75
quality = 85
@@ -312122,8 +312534,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poshc2_Misc : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/nettitude/PoshC2_Misc"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3273-L3287"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3273-L3287"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ad0da62428f8412c748418b44d943a143191bbe789394ffc7b21658f87c27b9"
score = 75
quality = 85
@@ -312146,8 +312558,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpire : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xbadjuju/Sharpire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3289-L3302"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3289-L3302"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c53b3205e58257292e34526ea4fd0e0550bbdcf4039f94d268a313ae28733182"
score = 75
quality = 85
@@ -312169,8 +312581,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Smbexec : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/checkymander/Sharp-SMBExec"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3304-L3317"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3304-L3317"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d6938d7492904a202e80525ff8f1b95c19bd65b1450f2f7e4271ab01f2e25a50"
score = 75
quality = 85
@@ -312192,8 +312604,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Misctools : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/rasta-mouse/MiscTools"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3319-L3336"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3319-L3336"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ffa89aeac49c1652618def1b63506915ec6a364708eb805ef2d9abe710111edf"
score = 75
quality = 85
@@ -312219,8 +312631,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memorymapper : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/jasondrawdy/MemoryMapper"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3338-L3351"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3338-L3351"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "691aae2ac0c6dec88c64fd1195f67e34235514037c54ebd1f1ac04d92aa3bbb1"
score = 75
quality = 85
@@ -312242,8 +312654,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Vanillarat : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/DannyTheSloth/VanillaRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3353-L3367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3353-L3367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e3dd2e631b06201fa3065ebf10c1bb258839106443228af7f07706530a3070d"
score = 75
quality = 85
@@ -312266,8 +312678,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Unmanagedpowershell : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/leechristensen/UnmanagedPowerShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3369-L3382"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3369-L3382"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "027b0dcbbacaafe6709e18a29b0c001f17f14128648cb64afdcf946804aa8796"
score = 75
quality = 85
@@ -312289,8 +312701,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Quasar : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/quasar/Quasar"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3384-L3398"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3384-L3398"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51eed0545b985c20db7aae64251a0e7513cb352f2ff76f64d7697d2767f95db2"
score = 75
quality = 85
@@ -312313,8 +312725,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpadidnsdump : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/b4rtik/SharpAdidnsdump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3400-L3413"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3400-L3413"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "edda1bb7a0a1702941fa35b38120f7e9ae64b6188a47e63a0939a864980b6281"
score = 75
quality = 85
@@ -312336,8 +312748,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnettojscript : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/tyranid/DotNetToJScript"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3415-L3428"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3415-L3428"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "07f220695607b5aa6cda9045c3bc1e434828cb5835154710969666482dbe09c4"
score = 75
quality = 85
@@ -312359,8 +312771,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Inferno : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/LimerBoy/Inferno"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3430-L3443"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3430-L3443"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6e286b28bdc490d16892926ba95227d39aebb151067896e740d497024c526c0e"
score = 75
quality = 85
@@ -312382,8 +312794,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsearch : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/SharpSearch"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3445-L3458"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3445-L3458"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a383fd8e4ec8fa9f1fbc01bdeb3d5b1e32ec825a24c1eaad6c42e86ac682530"
score = 75
quality = 85
@@ -312405,8 +312817,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsecdump : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/G0ldenGunSec/SharpSecDump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3460-L3473"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3460-L3473"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "749130efbcdbd068bf4711cc5e4960eb97a3ae2ddadde2beb0ff707429495484"
score = 75
quality = 85
@@ -312428,8 +312840,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Net_Gpppassword : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/outflanknl/Net-GPPPassword"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3475-L3488"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3475-L3488"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46ae3156e5428c40278b124b7206b68922f955a297077df3288722c154d09fba"
score = 75
quality = 85
@@ -312451,8 +312863,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Filesearcher : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/NVISO-BE/FileSearcher"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3490-L3503"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3490-L3503"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b72d3a7104ca7718d3d490149483a5d2d30790fb6d2b00b10c69da43c491e577"
score = 75
quality = 85
@@ -312474,8 +312886,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adfsdump : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/fireeye/ADFSDump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3505-L3518"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3505-L3518"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3735495d2c3a0b6f9de278014d5450f3d2e78dda9c04ede614550c75a05b43d2"
score = 75
quality = 85
@@ -312497,8 +312909,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharprdp : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/0xthirteen/SharpRDP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3520-L3533"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3520-L3533"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "96a5d82e8d03b6242d69cbd5bca2fcc3d4403e7a51099a37dcf9091a0bd53b6e"
score = 75
quality = 85
@@ -312520,8 +312932,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcall : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/jhalon/SharpCall"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3535-L3548"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3535-L3548"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b4a8943e4fc07f41ce87d64266fd56af9912832b688f21769f4fe5a8152703b"
score = 75
quality = 85
@@ -312543,8 +312955,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ysoserial_Net : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/pwntester/ysoserial.net"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3550-L3564"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3550-L3564"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d775864610e2e60faa3570746aa7a689bd719b02c3a47f43a2be097e4a81c5a"
score = 75
quality = 85
@@ -312567,8 +312979,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Managedinjection : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/malcomvetter/ManagedInjection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3566-L3581"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3566-L3581"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eac722f30fea497f98d75293514e0f6f4dd17263c7377211605b1ab2f13ddf2f"
score = 75
quality = 85
@@ -312592,8 +313004,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsocks : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/nettitude/SharpSocks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3583-L3597"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3583-L3597"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "477adf09ee9d04888ee5e352c11e95f855c433588771138ebb5970cae7aa044f"
score = 75
quality = 85
@@ -312616,8 +313028,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Wmiexec : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/checkymander/Sharp-WMIExec"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3599-L3612"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3599-L3612"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "df683be102decfc65209195d0d2e640985dd7e7cf040fb074fb10c8749e98614"
score = 75
quality = 85
@@ -312639,8 +313051,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keethief : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/KeeThief"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3614-L3632"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3614-L3632"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f91aeb1862b803ae44c398a71e6c6ed0017d28206deffa39e4e0bca8faae6701"
score = 75
quality = 85
@@ -312666,8 +313078,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Fakelogonscreen : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/bitsadmin/fakelogonscreen"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3634-L3647"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3634-L3647"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "93353997e52fda3cebb03c2c63afc16ea477d3d5d4a7cf8dee26940ccffecd7a"
score = 75
quality = 85
@@ -312689,8 +313101,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poshsecframework : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/PoshSec/PoshSecFramework"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3649-L3663"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3649-L3663"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6af81da2f23a0ad87d918e4ecb5869e8113b03e175c114e553856c4eabfacb71"
score = 75
quality = 85
@@ -312713,8 +313125,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpattack : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/jaredhaight/SharpAttack"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3665-L3678"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3665-L3678"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb2f706a8f91c0702472663d5c5672b0e0a9afa775668706377899b36bdb684c"
score = 75
quality = 85
@@ -312736,8 +313148,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Altman : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/keepwn/Altman"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3680-L3710"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3680-L3710"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4d7046ac7a0deebb33a33995f4c2b9c6b65d4821262d55aecd8e00379ba93b00"
score = 75
quality = 85
@@ -312776,8 +313188,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browserpass : FILE
date = "2020-12-28"
modified = "2025-08-15"
reference = "https://github.com/jabiel/BrowserPass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3712-L3725"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3712-L3725"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ce5f5eaa71fd7358d99743e56a8518c1a852faa39c4a7d1888e0a218e9e7a8ef"
score = 75
quality = 85
@@ -312799,8 +313211,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Mythic : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/its-a-feature/Mythic"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3727-L3741"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3727-L3741"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d3b942e110bbf181ecbda5d4b3c2f7775e8e9b4860722238fe686c36422d456"
score = 75
quality = 85
@@ -312823,8 +313235,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nuages : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/p3nt4/Nuages"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3743-L3756"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3743-L3756"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0d7d89449a6a21bd118ace6a7062ff8d1fa356cf2421cc8c53f2da3719e52fb"
score = 75
quality = 85
@@ -312846,8 +313258,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsniper : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/HunnicCyber/SharpSniper"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3758-L3771"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3758-L3771"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "52ae4a89b9cca9bee19e904617ed8c78857a9cee58d691f337fd4a736798aa1e"
score = 75
quality = 85
@@ -312869,8 +313281,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphound3 : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/BloodHoundAD/SharpHound3"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3773-L3786"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3773-L3786"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9de8457f59133adb09df0c40ece45331ac716fd56d58bd37a40ce7f1d0a53378"
score = 75
quality = 85
@@ -312892,8 +313304,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Blocketw : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/Soledge/BlockEtw"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3788-L3801"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3788-L3801"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8953751277594d4075907e8371764d02307209a732bb05d7cfec8141e23c7765"
score = 75
quality = 85
@@ -312915,8 +313327,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwifigrabber : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/r3nhat/SharpWifiGrabber"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3803-L3816"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3803-L3816"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6984510cbc43987fee53e5b164d973f56ecdd682d9263dc7cf560ab8728769d9"
score = 75
quality = 85
@@ -312938,8 +313350,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpmapexec : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/cube0x0/SharpMapExec"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3818-L3831"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3818-L3831"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cc155390b8c739b7c96f45b79a8a078128528d6c7d070161d67484880c51a714"
score = 75
quality = 85
@@ -312961,8 +313373,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_K8Fly : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/zzwlpx/k8fly"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3833-L3846"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3833-L3846"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99fb07cefac5572180f5f66e9ebce39b8d17c3a2acc56dd8fea426452127be5a"
score = 75
quality = 85
@@ -312984,8 +313396,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stealer : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/malwares/Stealer"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3848-L3863"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3848-L3863"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "37f829449b4f8a9524400d9409b985fab2ff70024a88fdd96ba391956a3398e3"
score = 75
quality = 85
@@ -313009,8 +313421,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Porttran : FILE
date = "2020-12-29"
modified = "2025-08-15"
reference = "https://github.com/k8gege/PortTran"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3865-L3879"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3865-L3879"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f8417a677e88bd923236855d6734cbf3db864c7e3ea60a1e500554fc5946f76a"
score = 75
quality = 85
@@ -313033,8 +313445,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gray_Keylogger_2 : FILE
date = "2020-12-30"
modified = "2025-08-15"
reference = "https://github.com/graysuit/gray-keylogger-2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3882-L3896"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3882-L3896"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "92ab6b703064beeab4ef6811732ee76d187958bf4b16f70fa062a7a71ecfb289"
score = 75
quality = 85
@@ -313057,8 +313469,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Miner : FILE
date = "2020-12-30"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Lime-Miner"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3898-L3911"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3898-L3911"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b7f810efd907477736f40b9537d1ad99896e28c89bd571244256c385c387bfa"
score = 75
quality = 85
@@ -313080,8 +313492,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Blacknet : FILE
date = "2020-12-30"
modified = "2025-08-15"
reference = "https://github.com/BlackHacker511/BlackNET"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3913-L3929"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3913-L3929"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e3c6e6e50888c942d541ad893b34c65f784614de7576e9a752822c433753d55"
score = 75
quality = 85
@@ -313106,8 +313518,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Plasmarat : FILE
date = "2020-12-30"
modified = "2025-08-15"
reference = "https://github.com/mwsrc/PlasmaRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3931-L3945"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3931-L3945"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "78d0da86cdef86b06fca37fb378297df26ca792ab6069e87c19c7b075687b07d"
score = 75
quality = 85
@@ -313130,8 +313542,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_RAT : FILE
date = "2020-12-30"
modified = "2025-08-15"
reference = "https://github.com/NYAN-x-CAT/Lime-RAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3947-L3980"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3947-L3980"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eee41a29dc6b336c14abedaad767b8a0a529917bbc9096829114f302ed93f53c"
score = 75
quality = 83
@@ -313173,8 +313585,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Njrat : FILE
date = "2020-12-30"
modified = "2025-08-15"
reference = "https://github.com/mwsrc/njRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L3982-L4000"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L3982-L4000"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fc54c34e2d908e617781ffe8b4c5538304830cfec317ed2eab4157f72bbbf059"
score = 75
quality = 85
@@ -313201,8 +313613,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Manager : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/TheWover/Manager"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4002-L4016"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4002-L4016"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3783108ecfa26ee1a8d0ecfced9e601a41a159777d56a237ae82ad7860b45d5f"
score = 75
quality = 85
@@ -313225,8 +313637,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Neo_Confuserex : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/XenocodeRCE/neo-ConfuserEx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4018-L4031"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4018-L4031"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c916b5443d5df0d58020aec6f3576e3d9cec50fa00b764d86ec7f3a49d0a8d93"
score = 75
quality = 85
@@ -313248,8 +313660,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpallowedtoact : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/pkb1s/SharpAllowedToAct"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4033-L4046"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4033-L4046"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "688c1e5944a96b3cc40deb3c3949da0391e9dbde8c78bcc05a1f48817ae7a0d4"
score = 75
quality = 85
@@ -313271,8 +313683,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Supersqlinjectionv1 : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/shack2/SuperSQLInjectionV1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4048-L4061"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4048-L4061"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cc4d7ac59d1092c357e0c1ac23eab1618a712cf846a65097c283ef62cfcb0c7d"
score = 75
quality = 85
@@ -313294,8 +313706,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adsearch : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/tomcarver16/ADSearch"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4063-L4076"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4063-L4076"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d925d212b9474078cb3e8694048de22e56de94b33839647c187f3254149bf4ff"
score = 75
quality = 85
@@ -313317,8 +313729,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Privilege_Escalation_Awesome_Scripts_Suite : F
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4078-L4091"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4078-L4091"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fdaa169213f31229973956cba064128ea6d256e339a8e3eb42cc9798ddf007f"
score = 75
quality = 85
@@ -313340,8 +313752,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_1206_POC : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/ZecOps/CVE-2020-1206-POC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4093-L4108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4093-L4108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26511510a1075457c8f133001fac18c8b44c997bd368b9336751bca714ec6ec3"
score = 75
quality = 85
@@ -313365,8 +313777,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvoke : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/TheWover/DInvoke"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4110-L4123"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4110-L4123"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4e7479d36ce78332d2224f16bc2f3059baa418f3035bca8b1ae1e5053dd4d3c3"
score = 75
quality = 85
@@ -313388,8 +313800,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpchisel : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/shantanu561993/SharpChisel"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4125-L4138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4125-L4138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2efa0f3757bf93a677d1faea14a71d2e63f45de99b7c9e55a951e6c401f6bd8"
score = 75
quality = 85
@@ -313411,8 +313823,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpscribbles : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/V1V1/SharpScribbles"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4140-L4154"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4140-L4154"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4cff3fb3540fa1e189c71584889d07111ccc4a340c78011213819f206631446"
score = 75
quality = 85
@@ -313435,8 +313847,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpreg : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/jnqpblc/SharpReg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4156-L4169"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4156-L4169"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d483e590310d69df4a0267ae3091067deb8698526dd8069862a944a6b1faed05"
score = 75
quality = 85
@@ -313458,8 +313870,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memevm : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/TobitoFatitoRE/MemeVM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4171-L4186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4171-L4186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "88f4b9d0b3050ad676a54a58ea8f6a02fb07041db404c9d84f25fdda6ff3df4a"
score = 75
quality = 85
@@ -313483,8 +313895,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdir : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/jnqpblc/SharpDir"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4188-L4201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4188-L4201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a98ee516931d08d82fb28749130be7d8007a8ac2935fd6007bae27820e216a92"
score = 75
quality = 85
@@ -313506,8 +313918,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Atyourservice : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/mitchmoser/AtYourService"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4203-L4216"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4203-L4216"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c15c466ff048af2818cf9b59794786ba6d11f70d7dee5ef5ee5f050a9b547790"
score = 75
quality = 85
@@ -313529,8 +313941,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lockless : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/LockLess"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4218-L4231"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4218-L4231"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57e09a929cc90c399068fb00ddd00c462df34d285d51273aedf27220a0647a38"
score = 75
quality = 85
@@ -313552,8 +313964,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Easynet : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/TheWover/EasyNet"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4233-L4248"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4233-L4248"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "75f69a226391fc6da86c6995295addbefe0a7e1a9ff972f211174a845816061f"
score = 75
quality = 85
@@ -313577,8 +313989,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbyebear : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/S3cur3Th1sSh1t/SharpByeBear"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4250-L4264"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4250-L4264"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f39d756b6e0b8f9037d862bdfa9b14fc2eeddf0eafad805892b8b02410f78c63"
score = 75
quality = 85
@@ -313601,8 +314013,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphide : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/outflanknl/SharpHide"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4266-L4279"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4266-L4279"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "62264aafeafe98ce23e7c03ce75be750ab95d77d3523c0748bdcb2f50d0c04cb"
score = 75
quality = 85
@@ -313624,8 +314036,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsvc : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/jnqpblc/SharpSvc"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4281-L4294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4281-L4294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb91c4cd858a49f5cf437d3d1fb173afa7fe44442d41ea8533797007003c35d4"
score = 75
quality = 85
@@ -313647,8 +314059,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcrasheventlog : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/slyd0g/SharpCrashEventLog"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4296-L4309"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4296-L4309"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f53cfa44168a3ed81370ebb61153b6fab521801ffef33ace23aa8ed3376688eb"
score = 75
quality = 85
@@ -313670,8 +314082,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnettojscript_Languagemodebreakout : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/FuzzySecurity/DotNetToJScript-LanguageModeBreakout"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4311-L4324"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4311-L4324"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "de83b8138f49fe6aced5d9ebe77104f780496630f35550fbf0244429a2cb4917"
score = 75
quality = 85
@@ -313693,8 +314105,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpermission : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/mitchmoser/SharPermission"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4326-L4339"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4326-L4339"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "061a7ba9fb838b59a96e480356309af0c4b02d3ba3f2e83944c8dd98b739f6b6"
score = 75
quality = 85
@@ -313716,8 +314128,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Registrystrikesback : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/mdsecactivebreach/RegistryStrikesBack"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4341-L4354"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4341-L4354"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e2aa9ddf6cbf35cb636e35c18159468ec98eb2c30078c2a1a2a635d14599959"
score = 75
quality = 85
@@ -313739,8 +314151,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Clonevault : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/mdsecactivebreach/CloneVault"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4356-L4369"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4356-L4369"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "830802635e6fc9e364ec574bc9f04b062100c46bfbed7029f437c0392ce983bc"
score = 75
quality = 85
@@ -313762,8 +314174,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Donut : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/TheWover/donut"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4371-L4387"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4371-L4387"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aae1ca872f60ddc6919938e55d98d27bf88fb382e8d47c06cfc3d3e795ce9f2a"
score = 75
quality = 85
@@ -313788,8 +314200,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphandler : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/jfmaes/SharpHandler"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4389-L4403"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4389-L4403"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3aee0d00306603786fdcf828dc2b1a2faed6c8e651b56eb1985c1b640966da20"
score = 75
quality = 85
@@ -313812,8 +314224,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Driver_Template : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/FuzzySecurity/Driver-Template"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4405-L4418"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4405-L4418"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d8e59b58b7d9d15b9bbafd70a2e303e2b275f9a81fc66ea60b1ffd4a4601207"
score = 75
quality = 85
@@ -313835,8 +314247,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nashavm : FILE
date = "2021-01-21"
modified = "2025-08-15"
reference = "https://github.com/Mrakovic-ORG/NashaVM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4420-L4433"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4420-L4433"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b472d072c39e35c476fa9f0fbca8bf0125ca9359f2e6aac7da58f66ea1b11ed6"
score = 75
quality = 85
@@ -313858,8 +314270,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsqlpwn : FILE
date = "2022-11-21"
modified = "2025-08-15"
reference = "https://github.com/lefayjey/SharpSQLPwn.git"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4435-L4448"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4435-L4448"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9210d12c7a8d5973e33aa7bb559ce1c744fd7a810979bec37f95d731c3b50ac"
score = 75
quality = 85
@@ -313881,8 +314293,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Group3R : FILE
date = "2022-11-21"
modified = "2025-08-15"
reference = "https://github.com/Group3r/Group3r.git"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4450-L4464"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4450-L4464"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "898569553257991c3776835ec10d5fae697e55bca9c14667ff72c079a095bbf1"
score = 75
quality = 85
@@ -313905,8 +314317,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tokenstomp : FILE
date = "2022-11-21"
modified = "2025-08-15"
reference = "https://github.com/MartinIngesen/TokenStomp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4466-L4479"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4466-L4479"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "931950e70ecfd3e87e535b32bd8af43d70b36670d5e0142e2fb95ed92c85fbd9"
score = 75
quality = 85
@@ -313928,8 +314340,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Krbrelay : FILE
date = "2022-11-21"
modified = "2025-08-15"
reference = "https://github.com/cube0x0/KrbRelay"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4481-L4495"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4481-L4495"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5f8a3f6ba7ba5fa59cdc52337f92256257ec0994ae16fce074d70ad5afa3bc6"
score = 75
quality = 85
@@ -313952,8 +314364,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sqlrecon : FILE
date = "2023-01-20"
modified = "2025-08-15"
reference = "https://github.com/skahwah/SQLRecon"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4497-L4510"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4497-L4510"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d1cf5a34a09ed323aeee69080e2f046b613f18294328529a4cca1c49c14da575"
score = 75
quality = 85
@@ -313975,8 +314387,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Certify : FILE
date = "2023-03-06"
modified = "2025-08-11"
reference = "https://github.com/GhostPack/Certify"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4512-L4527"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4512-L4527"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "da585a8d4985082873cb86204d546d3f53668e034c61e42d247b11e92b5e8fc3"
logic_hash = "cc31eb8f11f8c48d8c6d34c343c273ac085fdac214ffc7521d26b4a19edd0c4c"
score = 75
@@ -314000,8 +314412,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aladdin : FILE
date = "2023-03-13"
modified = "2025-08-15"
reference = "https://github.com/nettitude/Aladdin"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4529-L4544"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4529-L4544"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e038ea5b2caed819df725e454ad31ba00b2b1b356875eecd73f2b8a0908c2e33"
score = 75
quality = 85
@@ -314025,8 +314437,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpldaprelayscan : FILE
date = "2023-03-15"
modified = "2025-08-15"
reference = "https://github.com/klezVirus/SharpLdapRelayScan"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4546-L4559"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4546-L4559"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d0b9573ee9893225c5621d02f99f67296193d93a42390125611fe0560bc95fa9"
score = 75
quality = 85
@@ -314048,8 +314460,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ldapsigncheck : FILE
date = "2023-03-15"
modified = "2025-08-15"
reference = "https://github.com/cube0x0/LdapSignCheck"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4561-L4574"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4561-L4574"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ffeee319b4161611e3e792aaec2e74c8e368d69c7f5ba9738105f536590099e8"
score = 75
quality = 85
@@ -314071,8 +314483,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsccm : FILE
date = "2023-03-15"
modified = "2025-08-15"
reference = "https://github.com/Mayyhem/SharpSCCM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4576-L4590"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4576-L4590"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a6650a1a2ad710b85363ea04d66f2467b835bc7bd1097404238f67e07cc3f719"
score = 75
quality = 85
@@ -314095,8 +314507,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Koh : FILE
date = "2023-03-18"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/Koh"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4592-L4605"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4592-L4605"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dbb36a1a8f559d10152d14459509408b14f3dc52a685d81f3a3d5e936f5e2a66"
score = 75
quality = 85
@@ -314118,8 +314530,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Forgecert : FILE
date = "2023-03-18"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/ForgeCert"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4607-L4620"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4607-L4620"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4cb79315afc5aae2b35a1d171e8cff34304534a8970b51831568d34135e5c5e6"
score = 75
quality = 85
@@ -314141,8 +314553,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Crassus : FILE
date = "2023-03-18"
modified = "2025-08-15"
reference = "https://github.com/vu-ls/Crassus"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4622-L4635"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4622-L4635"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c6442a8bd4737f0a874c388c74a632bea29c0c8b8c7cc132ad4f145d7a73446b"
score = 75
quality = 85
@@ -314164,8 +314576,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Restrictedadmin : FILE
date = "2023-03-18"
modified = "2025-08-15"
reference = "https://github.com/GhostPack/RestrictedAdmin"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4637-L4650"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4637-L4650"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "876d0a89429c3e504696a63056b154acacdfa44fddba23298c2432accb71dfd2"
score = 75
quality = 85
@@ -314187,8 +314599,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_P2P : FILE
date = "2023-03-19"
modified = "2025-08-15"
reference = "https://github.com/miroslavpejic85/p2p"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4652-L4665"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4652-L4665"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5cdbf5555f4a0dbcbd206708e8678d69ed64f20f734425becd5809396fcfa4b4"
score = 75
quality = 85
@@ -314210,8 +314622,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwsus : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/nettitude/SharpWSUS"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4667-L4680"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4667-L4680"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e42a5341d03da8b7efedb6bb71b2d908881a7b0df9101e8ad56984a3372915fe"
score = 75
quality = 85
@@ -314233,8 +314645,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpimpersonation : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/S3cur3Th1sSh1t/SharpImpersonation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4682-L4695"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4682-L4695"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fd989607bb22f903ad85905ae4fe9f84aa429f75cedd482a318d8cb6c37af19"
score = 75
quality = 85
@@ -314256,8 +314668,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcloud : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/chrismaddalena/SharpCloud"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4697-L4710"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4697-L4710"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b57f9577edcc15aef82f4fb7ceaf33bce73ae5e9d94b33152da49663a9a8f0c9"
score = 75
quality = 85
@@ -314279,8 +314691,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpssdp : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/rvrsh3ll/SharpSSDP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4712-L4725"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4712-L4725"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3bb849d481b4db321374e084c5bc83fef683fab5f70a429d79d72988f77d8403"
score = 75
quality = 85
@@ -314302,8 +314714,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wiretap : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/WireTap"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4727-L4740"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4727-L4740"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8dfe01e827fca5b6a2abb847b1615bf71c9d98ea7213b02aa94bb8691d085ac5"
score = 75
quality = 85
@@ -314325,8 +314737,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Kittylitter : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/KittyLitter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4742-L4757"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4742-L4757"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e0cfb39be4d51d2a929712e4f82851b9cafb46643e1403cd4ea8414624a0a2b6"
score = 75
quality = 85
@@ -314350,8 +314762,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpview : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/tevora-threat/SharpView"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4759-L4772"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4759-L4772"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b87f7c5c4d72a5d9d0f493720388f4328dc519677cc8cc218c4f0f95cc970a1e"
score = 75
quality = 85
@@ -314373,8 +314785,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Farmer : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/mdsecactivebreach/Farmer"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4774-L4790"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4774-L4790"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3e8559dd84fdc698c47acdf19a3f28fe094c96a36d645422f69ad905df5b2263"
score = 75
quality = 85
@@ -314399,8 +314811,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aesshellcodeinjector : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/san3ncrypt3d/AESShellCodeInjector"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4792-L4805"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4792-L4805"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "38858c4e5f13eea32d47178a9221a35be92c9fbb408a542a712ce9b708591e42"
score = 75
quality = 85
@@ -314422,8 +314834,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpchromium : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/djhohnstein/SharpChromium"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4807-L4820"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4807-L4820"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f675d60987e5791550dff9cccc00109a2e30971de12c7f4c77288cf34122f7f2"
score = 75
quality = 85
@@ -314445,8 +314857,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Get_RBCD_Threaded : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/FatRodzianko/Get-RBCD-Threaded"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4822-L4835"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4822-L4835"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a3cb7097f5fd5a2e5eac5ace774ea4e7f845989ee953f5aa140b0e05f3d04380"
score = 75
quality = 85
@@ -314468,8 +314880,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Whisker : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/eladshamir/Whisker"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4837-L4850"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4837-L4850"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d0e0436f83b5e4c4e2e7ef7237d5769a901f35b0462d5396bb5e398a72176dd"
score = 75
quality = 85
@@ -314491,8 +314903,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shadowspray : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/Dec0ne/ShadowSpray"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4852-L4865"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4852-L4865"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d45c8c20a782dbcb80db5c990ce02f6227e40a8b6d9875b1158735c5a53d4771"
score = 75
quality = 85
@@ -314514,8 +314926,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Malsccm : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/nettitude/MalSCCM"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4867-L4880"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4867-L4880"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "064835e594c8e28903e5e18aa63c8bda53e74ddb3b8eda813ac62c7677b4e3fc"
score = 75
quality = 85
@@ -314537,8 +314949,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Spoolsample : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/leechristensen/SpoolSample"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4882-L4895"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4882-L4895"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8633b34f478b3d581f9403909d2ee20e7049d3ea02ecaf4fcb5dd61909681ba4"
score = 75
quality = 85
@@ -314560,8 +314972,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpoxidresolver : FILE
date = "2023-03-22"
modified = "2025-08-15"
reference = "https://github.com/S3cur3Th1sSh1t/SharpOxidResolver"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4897-L4910"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4897-L4910"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "168d2d817fecdb9a457af26668f6e543556901151b025d322a4cfd63106cafed"
score = 75
quality = 85
@@ -314583,8 +314995,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcat : FILE
date = "2023-11-30"
modified = "2025-08-18"
reference = "https://github.com/theart42/Sharpcat"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4912-L4924"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4912-L4924"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "143757610d66c5d7bbba96ef810d518f38ad8ea0e924be23aa59e8c514154fe0"
score = 75
quality = 83
@@ -314606,8 +315018,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpnamedpipepth : FILE
date = "2023-11-30"
modified = "2025-08-18"
reference = "https://github.com/S3cur3Th1sSh1t/SharpNamedPipePTH"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4926-L4938"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4926-L4938"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "437a8a41073174e86f642717537bdeeb5343cc8683c95477a52d6801a46aac21"
score = 75
quality = 83
@@ -314629,8 +315041,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharptokenfinder : FILE
date = "2023-12-06"
modified = "2025-08-18"
reference = "https://github.com/HuskyHacks/SharpTokenFinder"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4940-L4952"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4940-L4952"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f9681a13b094b6e05cab69f0684d52e3bb3b465cfcdb1c83a890c9c8fda79169"
score = 75
quality = 83
@@ -314652,8 +315064,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharprodc : FILE
date = "2023-12-06"
modified = "2025-08-18"
reference = "https://github.com/wh0amitz/SharpRODC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4954-L4966"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4954-L4966"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d24237804509d2bf241f7310843591608a9d7e8abb38eb324aa5909995ebfaf"
score = 75
quality = 83
@@ -314675,8 +315087,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gmsapasswordreader : FILE
date = "2023-12-06"
modified = "2025-08-18"
reference = "https://github.com/rvazarkar/GMSAPasswordReader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4968-L4980"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4968-L4980"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8db260b15b8b8158e5f66268b9086b456386af017e4351025ea27b9f994e5bf5"
score = 75
quality = 83
@@ -314698,8 +315110,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsharefinder : FILE
date = "2023-12-19"
modified = "2025-08-18"
reference = "https://github.com/mvelazc0/SharpShareFinder"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4982-L4994"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4982-L4994"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "72b2c6c9f4da68ba8e9656ff2d9da962f9d791f031c1d7fb74d74ddd17ba49de"
score = 75
quality = 83
@@ -314721,8 +315133,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Postdump : FILE
date = "2023-12-19"
modified = "2025-08-18"
reference = "https://github.com/YOLOP0wn/POSTDump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_guids.yar#L4997-L5009"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_guids.yar#L4997-L5009"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e5bbef2fe7122855d7e5300ebf78631149e60b08793a4a21a4ac8b337f4bee60"
score = 75
quality = 83
@@ -314744,8 +315156,8 @@ rule SIGNATURE_BASE_Mimipenguin_SH
date = "2017-04-01"
modified = "2023-12-05"
reference = "https://github.com/huntergregal/mimipenguin"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimipenguin.yar#L8-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimipenguin.yar#L8-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d9827e7adfe667a4a46e23854cac3b63949abcde5709045f0fe65e7b5704265"
score = 75
quality = 85
@@ -314769,8 +315181,8 @@ rule SIGNATURE_BASE_Mimipenguin_1 : FILE
date = "2017-07-08"
modified = "2023-12-05"
reference = "https://github.com/huntergregal/mimipenguin"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimipenguin.yar#L34-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimipenguin.yar#L34-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "60a7b64eee9e2adfbc65fb5762f18e2abc4a35f9368ad704754870b5e8311391"
score = 75
quality = 85
@@ -314796,8 +315208,8 @@ rule SIGNATURE_BASE_Mimipenguin_2 : FILE
date = "2017-07-08"
modified = "2023-12-05"
reference = "https://github.com/huntergregal/mimipenguin"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimipenguin.yar#L52-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimipenguin.yar#L52-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "53a1f47ef9c94ef6bffbc9d7b9f3a8e0a7fb132c0936ea27e6be775cf99792a0"
score = 75
quality = 85
@@ -314824,8 +315236,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Rc4_Win_Feb24 : FILE
date = "2024-02-13"
modified = "2025-03-20"
reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lockbit4_rc4_win_feb24.yar#L1-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lockbit4_rc4_win_feb24.yar#L1-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "062311f136d83f64497fd81297360cd4"
logic_hash = "85e8087f875c45ce39b7014fc0737dc86f1e18d4643fdbb0a80d18feff774680"
score = 100
@@ -314851,8 +315263,8 @@ rule SIGNATURE_BASE_NTLM_Dump_Output
date = "2015-10-01"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/generic_dumps.yar#L17-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/generic_dumps.yar#L17-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "154de926d27d38b38a4ed2c14b9122213fd1deb4115ef3bb77366db0818c7572"
score = 75
quality = 85
@@ -314875,8 +315287,8 @@ rule SIGNATURE_BASE_Gsecdump_Password_Dump_File : FILE
date = "2018-03-06"
modified = "2023-12-05"
reference = "https://t.co/OLIj1yVJ4m"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/generic_dumps.yar#L32-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/generic_dumps.yar#L32-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "483ad5217cbc065bd2f791c473b9a2455fddc4e0123268a8d37c64d92dd78c43"
score = 65
quality = 85
@@ -314898,8 +315310,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_Ntdsdit : T1003_003 FILE
date = "2020-08-10"
modified = "2023-12-05"
reference = "https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/generic_dumps.yar#L47-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/generic_dumps.yar#L47-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "371e30f50d96c884bd55ffc10d049d0ada881304746564a99dec0e8efad87602"
score = 50
quality = 85
@@ -314920,8 +315332,8 @@ rule SIGNATURE_BASE_Poseidongroup_Malware : FILE
date = "2016-02-09"
modified = "2023-01-27"
reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poseidon_group.yar#L8-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poseidon_group.yar#L8-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "315d540f2d2cb7b55e1a069cef8dd2eeceabcea4a428b33cf520a0f23d3819ea"
score = 85
quality = 85
@@ -314967,8 +315379,8 @@ rule SIGNATURE_BASE_Poseidongroup_Maldoc_1 : FILE
date = "2016-02-09"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poseidon_group.yar#L50-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poseidon_group.yar#L50-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0983526d7f0640e5765ded6be6c9e64869172a02c20023f8a006396ff358999b"
logic_hash = "0d8c255f56bb33b6a720c98727127c07a2d77245b18da381706a40339bebd20b"
score = 80
@@ -314991,8 +315403,8 @@ rule SIGNATURE_BASE_Poseidongroup_Maldoc_2 : FILE
date = "2016-02-09"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poseidon_group.yar#L66-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poseidon_group.yar#L66-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c35077a4980336a2c50cade322861dc02f92f7617115420eebe7c882c2f620b"
score = 70
quality = 85
@@ -315024,8 +315436,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_WIN_PS1_Badsuccessor_May25 : FILE
date = "2025-05-22"
modified = "2025-05-22"
reference = "https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/hktl_badsuccessor_helper_may25.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/hktl_badsuccessor_helper_may25.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a023bced4aec2b2c601088367766f42a3fcf36053c7eb92985cc7468c7cd6cb0"
score = 75
quality = 85
@@ -315048,8 +315460,8 @@ rule SIGNATURE_BASE_Invoke_Smbexec : FILE
date = "2017-06-14"
modified = "2023-12-05"
reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_invoke_thehash.yar#L12-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_invoke_thehash.yar#L12-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cc9feb7d4eadfc470aabf18d82c884f454ebcdd37f3ca6b0ee4b3634cd9e33ae"
score = 75
quality = 85
@@ -315076,8 +315488,8 @@ rule SIGNATURE_BASE_Invoke_Wmiexec_Gen_1
date = "2017-06-14"
modified = "2023-12-05"
reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_invoke_thehash.yar#L32-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_invoke_thehash.yar#L32-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12aeba5255527a337c49f1c4d1dc506a13ea02da69a8fc509c77bcb07c2135c8"
score = 75
quality = 85
@@ -315106,8 +315518,8 @@ rule SIGNATURE_BASE_Invoke_Smbexec_Invoke_Wmiexec_1
date = "2017-06-14"
modified = "2023-12-05"
reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_invoke_thehash.yar#L53-L70"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_invoke_thehash.yar#L53-L70"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "feb2973cd7e2c221cd91ec543f1d943cf1b5d5d18fe74c8f7e58341f76f95b51"
score = 75
quality = 85
@@ -315134,8 +315546,8 @@ rule SIGNATURE_BASE_Invoke_Wmiexec_Gen
date = "2017-06-14"
modified = "2023-12-05"
reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_invoke_thehash.yar#L72-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_invoke_thehash.yar#L72-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1ee79b7ea576adb71bde903756cda7af22e55eee9c4c3964cc9edc8930083fa2"
score = 75
quality = 85
@@ -315163,11 +315575,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Cacti_Commandinjection_CVE_2022_46169_Dec22_1 : CVE
date = "2022-12-27"
modified = "2023-12-05"
reference = "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2022_46169_cacti.yar#L1-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2022_46169_cacti.yar#L1-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ccd3b830deb5c5d65519274c4c528203a2a14a177382334da87e288174e2cfe"
score = 70
- quality = 60
+ quality = 85
tags = "CVE-2022-46169"
strings:
@@ -315185,8 +315597,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_03_Clientuploader_Dec21 : FILE
date = "2021-12-23"
modified = "2021-12-24"
reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stealer_cisa_ar22_277a.yar#L4-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stealer_cisa_ar22_277a.yar#L4-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "76f552b2416ae2426b73a321485f34a611c2a3c1ca35791bc9f1834072dc28be"
score = 80
quality = 85
@@ -315213,8 +315625,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_01_APPSTORAGE_Dec21 : APPSTORAGE FILE
date = "2021-12-23"
modified = "2021-12-24"
reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stealer_cisa_ar22_277a.yar#L25-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stealer_cisa_ar22_277a.yar#L25-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6a46bc4efa1f22d9fc65d946dbaa7b94de6074e65c228373bb6001f152d5b603"
score = 80
quality = 85
@@ -315243,8 +315655,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_02_Clientuploader_Dec21 : FILE
date = "2021-12-23"
modified = "2021-12-24"
reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stealer_cisa_ar22_277a.yar#L48-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stealer_cisa_ar22_277a.yar#L48-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f9f82b4577568d0bd60bac0d3132ed7ffcb338f508a8689f3126f3d2440432ef"
score = 80
quality = 81
@@ -315271,8 +315683,8 @@ rule SIGNATURE_BASE_Cobaltgang_PDF_Metadata_Rev_A
date = "2018-10-25"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_cobalt_gang_pdf.yar#L1-L12"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_cobalt_gang_pdf.yar#L1-L12"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8020ccff761b49d98e18cd5cb3c0695956a88e86a0958bfba1a19b7e3e629bb9"
score = 75
quality = 85
@@ -315294,8 +315706,8 @@ rule SIGNATURE_BASE_Kaspermalware_Oct17_1 : FILE
date = "2017-10-24"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kasper_oct17.yar#L13-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kasper_oct17.yar#L13-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "15758407fb3039f1453f13d579d7df9525645e4717078f6b1fa482ab335e3a56"
score = 75
quality = 85
@@ -315319,8 +315731,8 @@ rule SIGNATURE_BASE_APT_MAL_DNS_Hijacking_Campaign_AA19_024A : FILE
date = "2019-01-25"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/AA19-024A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_aa19_024a.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_aa19_024a.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8e9ec132df6cf6a89f6694682292feec0f3a762c2df6b1dc8180d9ab68e7183b"
score = 75
quality = 85
@@ -315347,8 +315759,8 @@ rule SIGNATURE_BASE_SUSP_MAL_EXFIL_Stealer_Output_Characteristics_Sep22_1 : FILE
date = "2022-09-17"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1570965878480719873"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_stealer_exfil_zip.yar#L2-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_stealer_exfil_zip.yar#L2-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "197bb4b837cdd635f9340547b10a90c3a2a17f0113076c5ccbc0a91b7ae18eeb"
score = 70
quality = 85
@@ -315383,8 +315795,8 @@ rule SIGNATURE_BASE_MAL_XMR_Miner_May19_1 : HIGHVOL FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L15-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L15-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "85a65fd2355850b7f5261ad41091e181562938356ba3dae7d867f7ac8922a16e"
score = 85
quality = 85
@@ -315410,8 +315822,8 @@ rule SIGNATURE_BASE_HKTL_CN_Prochook_May19_1 : FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L38-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L38-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "de55990c130702a05e96ee769707a81ce0ec58a515d75a9a99b20265ce3db682"
score = 75
quality = 85
@@ -315430,8 +315842,8 @@ rule SIGNATURE_BASE_SUSP_PDB_CN_Threat_Actor_May19_1 : FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L52-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L52-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "adcfe3d4bc6fcaf6be4f70c91fb2150bfa2d61f1ba84f96a0bf0c39ed0380b6a"
score = 65
quality = 85
@@ -315454,8 +315866,8 @@ rule SIGNATURE_BASE_MAL_Ramnit_May19_1 : FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L67-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L67-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51d574f457c37eba3c29f869e03244b9471be6f6c8319aa0ddfad34be748eb53"
score = 75
quality = 85
@@ -315474,8 +315886,8 @@ rule SIGNATURE_BASE_MAL_Parite_Malware_May19_1 : FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L80-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L80-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b458b05178f18be1e936c1b42bbd91c739f288570fca759b85f1bb143899f1a8"
score = 80
quality = 85
@@ -315504,8 +315916,8 @@ rule SIGNATURE_BASE_MAL_Parite_Malware_May19_2 : FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L102-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L102-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "060a26ed6679b7038f1a89385220ad9112d3102023ea9d141332077f79bbe728"
score = 75
quality = 85
@@ -315527,8 +315939,8 @@ rule SIGNATURE_BASE_EXPL_Strings_CVE_POC_May19_1 : FILE
date = "2019-05-31"
modified = "2023-12-05"
reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nansh0u.yar#L120-L136"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nansh0u.yar#L120-L136"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b470e9f5716130d810e519abb8d4e1058b5a806d59ddae53a40cac5597fbb874"
score = 80
quality = 85
@@ -315553,8 +315965,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_A : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L10-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L10-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d71e6640be1b10790d49c084b9ba248e35a6a56dfe9c5a3f219a209024ebec27"
score = 80
quality = 85
@@ -315592,8 +316004,8 @@ rule SIGNATURE_BASE_Sality_Malware_Oct16 : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L48-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L48-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5bf14bbb0a7298a7bc896029c4b92ef9adf24307e4d05dcf86a518b266d1c2a8"
score = 80
quality = 85
@@ -315617,8 +316029,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_C : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L65-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L65-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f212ef700e77c82954d997beef1157835da38330b583d02df418e10b6c182ee"
score = 80
quality = 85
@@ -315642,8 +316054,8 @@ rule SIGNATURE_BASE_Bladabindi_Malware_B64 : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L91-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L91-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "081a6361e29fc231f1467b837c51a39b8cccf8caa20844b22d469ce2bbd0c7fb"
score = 75
quality = 85
@@ -315670,8 +316082,8 @@ rule SIGNATURE_BASE_Dorkbot_Injector_Malware : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L110-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L110-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36138520b0d39dc311b8e9355d1d1c215908a5fe1c01eec76c689f7e74a84303"
score = 75
quality = 85
@@ -315700,8 +316112,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_D : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L131-L150"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L131-L150"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "78cde422987d2aff64967b86b6cf9279c112a2bfb713a2ea40fe952379d2e326"
score = 75
quality = 85
@@ -315729,8 +316141,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_E : FILE
date = "2016-10-08"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_set_oct16.yar#L152-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_set_oct16.yar#L152-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2040a8cee840560a5aa6065df17206c0313d85b2d11ce482baab05c492360f35"
score = 75
quality = 85
@@ -315756,8 +316168,8 @@ rule SIGNATURE_BASE_Pupy_Backdoor : FILE
date = "2017-08-11"
modified = "2023-12-05"
reference = "https://github.com/n1nj4sec/pupy-binaries"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_pupy_rat.yar#L13-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_pupy_rat.yar#L13-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b12376c9cddc71f584314b07fb29fac189349b526c6d5028f475fa3984401ae"
score = 75
quality = 85
@@ -315796,8 +316208,8 @@ rule SIGNATURE_BASE_Hkdoor_Backdoor_Dll : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hkdoor.yar#L11-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hkdoor.yar#L11-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77901d1f2d6c53161c79b50ef20eeb424bf1b8b32906302ca10f3c4b82a58e2a"
score = 75
quality = 85
@@ -315822,8 +316234,8 @@ rule SIGNATURE_BASE_Hkdoor_Backdoor : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hkdoor.yar#L32-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hkdoor.yar#L32-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3fc71c971bf0908e044e3e0ec3f266b8dfaae33bcfbf1b10619375fc7b5e7f5e"
score = 75
quality = 85
@@ -315852,8 +316264,8 @@ rule SIGNATURE_BASE_Hkdoor_Dropper : FILE
date = "2018-01-01"
modified = "2023-01-07"
reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hkdoor.yar#L53-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hkdoor.yar#L53-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "521836ff95142d276152687f7c36e8f503f168f101976022431efd13a6adf7e4"
score = 75
quality = 85
@@ -315881,8 +316293,8 @@ rule SIGNATURE_BASE_Hkdoor_Driver : FILE
date = "2018-01-01"
modified = "2023-01-07"
reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hkdoor.yar#L81-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hkdoor.yar#L81-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "68ac505d67af5361f096529697e621c83a4628f21c213fcea6652905f87ebe00"
score = 75
quality = 83
@@ -315907,8 +316319,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Csharp
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L2-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L2-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e77fcd2ac0c21db54563b15466962a775a5e8ef73cedb3af5cd00d5b0d615e4c"
score = 75
quality = 85
@@ -315936,8 +316348,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Powershell_Dropper
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L24-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L24-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "19f56e69685ae8c13b9dd884f8322915835c16e2c6313f01f9fa447218419108"
score = 75
quality = 85
@@ -315960,8 +316372,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Powershell_B64Encoded
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L40-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L40-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bcf9a75dbbf90044db76c56ffd07971d4252b0e75d73abf402ca4fadbfb59767"
score = 75
quality = 85
@@ -315982,11 +316394,11 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Py
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L54-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L54-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b6eba750c96501aae1d86eef458d3e80de665efc7ce9d5aff842bc44363bad2"
score = 75
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -316013,8 +316425,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Py_B64Encoded
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L77-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L77-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "279fb27637d9b62b484283f778215d042de9fb83110a233e048452e921c540ee"
score = 75
quality = 85
@@ -316035,8 +316447,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Keylogger_Py
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L91-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L91-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2dc2ce153d559d795f302f5ca4a9ef9e6e5c54762472e38e6f4a26ef8a28a184"
score = 75
quality = 85
@@ -316061,8 +316473,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Keylogger_File
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L109-L121"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L109-L121"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d2d677b69eaf31843e8352bfe040c9e5a8d423d17900e022b769d28789f2d98"
score = 75
quality = 85
@@ -316083,8 +316495,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Csharp
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L123-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L123-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1201ee45df78cf3aec4b4bbb59cb7e4a70af6928895bb7c968ef02075a963405"
score = 75
quality = 85
@@ -316111,8 +316523,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Powershell_B64Encoded
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L143-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L143-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77315f0fc8387fa87892fc8fcea1f6e8a95560049aaa9a87519859020d0a7a3e"
score = 75
quality = 85
@@ -316134,8 +316546,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Powershell_Dropper
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L157-L168"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L157-L168"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "640c9e52f3cf3df4e954177624e6fba4bab80a2c9442b718fe90e8577dafbbd6"
score = 75
quality = 85
@@ -316156,8 +316568,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Injector_Bin
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L170-L193"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L170-L193"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8cd4e3c87c6d80b39069f7a94e512e3f7b739c21f6fd70c2a79829c5a04f32f"
score = 75
quality = 85
@@ -316189,8 +316601,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Timeliner_Bin
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L195-L213"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L195-L213"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c3a8cddc34134faaab93ee0df0086604e4a7b031530dd65e2e8dab705483305b"
score = 75
quality = 85
@@ -316217,8 +316629,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Checkadmin_Bin
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L215-L232"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L215-L232"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "784ec960ce2733aebc404ee5c09bb852eb45553ad167db292d05b82feedbd5a6"
score = 75
quality = 85
@@ -316244,8 +316656,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Getos_Py
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L234-L295"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L234-L295"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2535c01b703c0fcba43e771832db8cd969e4a4b112ef28e4ddfeac6491ba604c"
score = 75
quality = 85
@@ -316308,8 +316720,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Info_Vbs
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L297-L316"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L297-L316"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e37f8768c7920b8c3d9fdd6bb3a4e748c47a6c06a8aaed01655355ef3d8c3457"
score = 75
quality = 85
@@ -316337,8 +316749,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Console_Jsp
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L318-L335"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L318-L335"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e70c15ef10b63a011edbcedc773a8e2917fd915c3ecc273c3bf2b78eb10fc570"
score = 75
quality = 85
@@ -316364,8 +316776,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Index_Jsp
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L337-L353"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L337-L353"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "870dad9fb5456f8edbd9f3c2d0b8764cf1143399626ce4df53c93919bcb1a0cb"
score = 75
quality = 85
@@ -316390,8 +316802,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Ver_Jsp
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L355-L372"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L355-L372"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ada6de4b07a76e79bb17793cda2b51f96554a35992a73f59c360487638ae3be3"
score = 75
quality = 85
@@ -316417,8 +316829,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Webinfo
date = "2019-12-20"
modified = "2023-12-05"
reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_op_wocao.yar#L374-L394"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_op_wocao.yar#L374-L394"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "711737a56067f24f422cc7d5aeba4389741fe18a0e66f2715fce626c3b6aef19"
score = 75
quality = 85
@@ -316446,8 +316858,8 @@ rule SIGNATURE_BASE_Crunchrat : FILE
date = "2017-11-03"
modified = "2023-12-05"
reference = "https://github.com/t3ntman/CrunchRAT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_crunchrat.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_crunchrat.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e29cfe6dd2ca69b1a8cd0cb36f7513dd9befd392906225196991dc62fcc80870"
score = 75
quality = 85
@@ -316477,8 +316889,8 @@ rule SIGNATURE_BASE_Win_Privesc_Gp3Finder_V4_0 : FILE
date = "2016-06-02"
modified = "2023-12-05"
reference = "http://grimhacker.com/2015/04/10/gp3finder-group-policy-preference-password-finder/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_win_privesc.yar#L10-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_win_privesc.yar#L10-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d5618315ae5293ce1aea18d255d08bb007f39a466021fb636605684433da158"
score = 80
quality = 60
@@ -316503,8 +316915,8 @@ rule SIGNATURE_BASE_Win_Privesc_Folderperm
date = "2016-06-02"
modified = "2023-12-05"
reference = "http://www.greyhathacker.net/?p=738"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_win_privesc.yar#L28-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_win_privesc.yar#L28-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "899fda75e4c6d9f588767e5170dbd30241a492ba89f7cc1b0ad4adb2fcd173cb"
score = 80
quality = 85
@@ -316529,8 +316941,8 @@ rule SIGNATURE_BASE_Win_Privesc_Adaclscan4_3
date = "2016-06-02"
modified = "2023-12-05"
reference = "https://adaclscan.codeplex.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_win_privesc.yar#L46-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_win_privesc.yar#L46-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ca657e5c4172d240f46a890fc112ee89d5bdf9e35e7d412332ee11bdaf166215"
score = 60
quality = 85
@@ -316556,8 +316968,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_1 : FILE
date = "2018-07-28"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_darkhydrus.yar#L13-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_darkhydrus.yar#L13-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c39f2e6b37e6422984275f45a2917891c3b482d137dbbfd6293088c2f2dacc3"
score = 75
quality = 85
@@ -316580,8 +316992,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_2 : FILE
date = "2018-07-28"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_darkhydrus.yar#L31-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_darkhydrus.yar#L31-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e967fec69ad1cbb46a63ee520594e7d6f2445a400510a9864dbd6d4c6e092737"
score = 75
quality = 85
@@ -316609,8 +317021,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_3 : FILE
date = "2018-07-28"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_darkhydrus.yar#L50-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_darkhydrus.yar#L50-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f3425322846e6064ec2576ad4e73061fbec3e4400de54d05fe07b8ad2a31f92"
score = 75
quality = 85
@@ -316635,8 +317047,8 @@ rule SIGNATURE_BASE_HKTL_Unlicensed_Cobaltstrike_EICAR_Jul18_5 : FILE
date = "2018-07-28"
modified = "2021-06-17"
reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_darkhydrus.yar#L69-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_darkhydrus.yar#L69-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d066f22e01f9ca3a33c669552046a5ab8dd9e579236974b1c468ba9644498951"
score = 75
quality = 85
@@ -316661,8 +317073,8 @@ rule SIGNATURE_BASE_Crime_Win64_Backdoor_Bazarbackdoor1 : FILE
date = "2020-04-24"
modified = "2023-12-05"
reference = "https://twitter.com/pancak3lullz/status/1252303608747565057"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_bazarbackdoor.yar#L1-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_bazarbackdoor.yar#L1-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "becb6ebc3a1be061b4f602cc188b172f59bfb6342605af68d8b38009d589f57e"
score = 75
quality = 85
@@ -316686,8 +317098,8 @@ rule SIGNATURE_BASE_Ce_Enfal_Cmstar_Debug_Msg : FILE
date = "2015-05-10"
modified = "2023-12-05"
reference = "http://goo.gl/JucrP9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_cmstar.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_cmstar.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9b9cc7e2a2481b0472721e6b87f1eba4faf2d419d1e2c115a91ab7e7e6fc7f7c"
logic_hash = "31251b7ce33eb561aeb7405514df83dc1e00fdf184e3deeaa48505407d9567a0"
score = 75
@@ -316715,8 +317127,8 @@ rule SIGNATURE_BASE_VULN_PHP_Hack_Backdoored_Zlib_Zerodium_Mar21_1 : FILE
date = "2021-03-29"
modified = "2023-12-05"
reference = "https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_php_zlib_backdoor.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_php_zlib_backdoor.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "74bfd9e12cb7671cde953d361a2adeb9388edd9b2aab0f9ce04dce0d433561dc"
score = 75
quality = 85
@@ -316738,8 +317150,8 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_40444_Document_Rels_XML : CVE_2021_40444 FILE
date = "2021-09-10"
modified = "2023-12-05"
reference = "https://twitter.com/AlteredBytes/status/1435811407249952772"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_40444.yar#L6-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_40444.yar#L6-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b05c3b33c3cab2c9109d808ed197758bc987f07beee77e1f61094715e0c1a1e7"
score = 75
quality = 85
@@ -316764,8 +317176,8 @@ rule SIGNATURE_BASE_EXPL_MAL_Maldoc_OBFUSCT_MHTML_Sep21_1 : CVE_2021_40444 FILE
date = "2021-09-18"
modified = "2023-12-05"
reference = "https://twitter.com/decalage2/status/1438946225190014984?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_40444.yar#L27-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_40444.yar#L27-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
logic_hash = "11a73572970d2d85d308330119a2c5243f2848ae78a861decdb0cdbde0d9d1c2"
score = 90
@@ -316788,13 +317200,13 @@ rule SIGNATURE_BASE_EXPL_XML_Encoded_CVE_2021_40444 : CVE_2021_40444 FILE
date = "2021-09-18"
modified = "2021-09-19"
reference = "https://twitter.com/sudosev/status/1439205606129377282"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_40444.yar#L44-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_40444.yar#L44-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e"
hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
logic_hash = "feaeadd8e7e262f191ea0c2f85377531208262e5ac19d6706703e62cf8b4ec90"
score = 70
- quality = 60
+ quality = 85
tags = "CVE-2021-40444, FILE"
strings:
@@ -316814,8 +317226,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Indiators_XML_Officedoc_Sep21_1 : WINDOWS CVE FI
date = "2021-09-18"
modified = "2023-12-05"
reference = "https://twitter.com/sudosev/status/1439205606129377282"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_40444.yar#L64-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_40444.yar#L64-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e"
hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
logic_hash = "fc8f0dd02460ab8f8cc6717c66eba51e6ed74881a48e92fd0bf978467dfb40e3"
@@ -316840,8 +317252,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Indiators_XML_Officedoc_Sep21_2 : WINDOWS CVE FI
date = "2021-09-18"
modified = "2023-12-05"
reference = "https://twitter.com/sudosev/status/1439205606129377282"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_40444.yar#L83-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_40444.yar#L83-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "82c70e0f0b72a57302e5853cc53ae18dbb0bc8dabdfd27b473a7664b2fc5e874"
score = 65
quality = 85
@@ -316865,11 +317277,11 @@ rule SIGNATURE_BASE_Trojan_ISMRAT_Gen : FILE
date = "2017-05-04"
modified = "2023-12-05"
reference = "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/ism-rat/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ism_rat.yar#L9-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ism_rat.yar#L9-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c4d26f79b8110e92a5e427de303eca6eaf79765a4c9cc437864dc5160ef2e343"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
hash1 = "146a112cb01cd4b8e06d36304f6bdf7b"
hash2 = "fa3dbe37108b752c38bf5870b5862ce5"
@@ -316893,8 +317305,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Notable_Strings : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L6-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L6-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fdd3a1de9d178370fcc66dbca4628d7bedfbc002bca9e463e11cb444302900ea"
score = 75
quality = 85
@@ -316928,8 +317340,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Module_Initialisation : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L39-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L39-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8bde37f642cf07e323beabaacd5c62f8422b451777fc1fc4a6bdf474db49de12"
score = 75
quality = 85
@@ -316953,8 +317365,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Modified_Install_Upgrade : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L57-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L57-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "69b89dbaf3e2661f376ff1be7c19e96c82bf84fd572fea422c109f8afdd1e5aa"
score = 75
quality = 85
@@ -316987,8 +317399,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Core_Command_Check : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L90-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L90-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71c9da1f0e9e64be87293c985f2a4a59a6c87ffd127ce5104ebe95a0ccb316af"
score = 50
quality = 85
@@ -317011,8 +317423,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Config_Identifiers : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L106-L126"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L106-L126"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6fa39442d717a69dd6f31a4bb2e5865c3f16156ce24a2b419d95ed751bb0d8ee"
score = 75
quality = 85
@@ -317037,8 +317449,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Handle_Mod_0Xf_Command : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L128-L150"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L128-L150"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6e3eebe404c8cd24e1e16eb3c881b1eda78ba6b365bf89c2557329e6f89396ac"
score = 75
quality = 85
@@ -317065,8 +317477,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Default_Config_Values : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L152-L174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L152-L174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "180993057c110c0c0327b673c6d6e251534012de51cf6475838691e0942a1aa8"
score = 75
quality = 85
@@ -317093,8 +317505,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Handle_Mod_0X51_Command : FILE
date = "2022-02-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_cyclops_blink.yar#L176-L200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_cyclops_blink.yar#L176-L200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a68f4a5f5b7a45819e9a198881aa41b75a65181b63788c8b824b339bfd6fc67"
score = 75
quality = 85
@@ -317123,11 +317535,11 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_31166_Accept_Encoding_May21_1 : CVE_2021_31166
date = "2021-05-21"
modified = "2023-12-05"
reference = "https://github.com/0vercl0k/CVE-2021-31166"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2021_31166.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2021_31166.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5bb5b4093a7abe9d4297a4c047803b92f7c08f56f15b0f7bd163203ae47e026d"
score = 70
- quality = 60
+ quality = 85
tags = "CVE-2021-31166"
strings:
@@ -317145,8 +317557,8 @@ rule SIGNATURE_BASE_Whosthere_Alt : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L10-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L10-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9b4c3691872ca5adf6d312b04190c6e14dd9cbe10e94c0dd3ee874f82db897de"
logic_hash = "ef7bccb8f63034b885cfaec27663c9b038cd9b1811b4f25a9eae28640dac248b"
score = 80
@@ -317176,8 +317588,8 @@ rule SIGNATURE_BASE_Iam_Alt_Iam_Alt : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L33-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L33-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2ea662ef58142d9e340553ce50d95c1b7a405672acdfd476403a565bdd0cfb90"
logic_hash = "acd4dae57e8394d4ce2f3dfb44706ea35c3d684ab34fd0c707b6aeedd816280a"
score = 80
@@ -317207,8 +317619,8 @@ rule SIGNATURE_BASE_Genhash_Genhash : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L56-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L56-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "113df11063f8634f0d2a28e0b0e3c2b1f952ef95bad217fd46abff189be5373f"
logic_hash = "fe1ebe7ea94351610e0042eab020d155cbab26d790477909467c9b5a827fb6d6"
score = 80
@@ -317235,8 +317647,8 @@ rule SIGNATURE_BASE_Iam_Iamdll : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L76-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L76-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "892de92f71941f7b9e550de00a57767beb7abe1171562e29428b84988cee6602"
logic_hash = "ef7c66d2e1204a43921b6701812ea8a7bfa8e39e24d9396c95b725a4a4171010"
score = 80
@@ -317261,8 +317673,8 @@ rule SIGNATURE_BASE_Iam_Iam : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L94-L114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L94-L114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8a8fcce649259f1b670bb1d996f0d06f6649baa8eed60db79b2c16ad22d14231"
logic_hash = "f170f6f71b81a674a269ddd441c77a43afbbfe2870e1d0c4101abd2e58bff0b0"
score = 80
@@ -317291,8 +317703,8 @@ rule SIGNATURE_BASE_Whosthere_Alt_Pth : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L116-L134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L116-L134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fbfc8e1bc69348721f06e96ff76ae92f3551f33ed3868808efdb670430ae8bd0"
logic_hash = "137b0dae105f97b5d4352d16e52144e72306e61be57c5d93df77ad3f5808018e"
score = 80
@@ -317319,8 +317731,8 @@ rule SIGNATURE_BASE_Whosthere : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_passthehashtoolkit.yar#L136-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_passthehashtoolkit.yar#L136-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d7a82204d3e511cf5af58eabdd6e9757c5dd243f9aca3999dc0e5d1603b1fa37"
logic_hash = "a13c8a1fc66381b040d6449fe9655191d7a1762da0dc70789cd497fb68fb2a55"
score = 80
@@ -317348,8 +317760,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Msdt_Execution_May22 : CVE_2022_30190 FILE
date = "2022-05-31"
modified = "2025-03-21"
reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L2-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L2-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b8a061de4210d23e58b5190a300ee331273fc98f357156a0bb1d79f9f2b49b1"
score = 65
quality = 85
@@ -317383,8 +317795,8 @@ rule SIGNATURE_BASE_SUSP_Doc_Wordxmlrels_May22 : CVE_2022_30190 FILE
date = "2022-05-30"
modified = "2022-06-20"
reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L38-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L38-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0"
logic_hash = "c9846f8c2c1724792de14ab4de0064f951a8faaf01cc27d873e600f29d59c842"
score = 70
@@ -317411,8 +317823,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Externalresource_May22 : CVE_2022_30190 FILE
date = "2022-05-30"
modified = "2022-05-31"
reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L62-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L62-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c841e0c1ff78bf8dade5f573a7452b16a7f447cfc19417704b727684a8f3d3ff"
score = 70
quality = 85
@@ -317434,11 +317846,11 @@ rule SIGNATURE_BASE_EXPL_Follina_CVE_2022_30190_Msdt_Msprotocoluri_May22 : CVE_2
date = "2022-05-30"
modified = "2022-07-18"
reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L80-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L80-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d56820737951f97606749c74025589e6a8ecbe70cfff069492368b2ba8528a7d"
score = 80
- quality = 60
+ quality = 85
tags = "CVE-2022-30190, FILE"
hash1 = "4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784"
hash2 = "778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07"
@@ -317459,8 +317871,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Ole2Link_Jun22 : FILE
date = "2022-06-01"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L100-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L100-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4abc20e5130b59639e20bd6b8ad759af18eb284f46e99a5cc6b4f16f09456a68"
logic_hash = "36cb711399197c694ac4fa4fd49cd5d587a830e152a138c81851b8e16301803d"
score = 75
@@ -317492,8 +317904,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Ole2Link_EMAIL_Jun22 : FILE
date = "2022-06-01"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L133-L192"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L133-L192"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4abc20e5130b59639e20bd6b8ad759af18eb284f46e99a5cc6b4f16f09456a68"
logic_hash = "fcbb3e32762f8c67b5b226e8095b767d630f8c118521a82fc22f9a3cc272b794"
score = 75
@@ -317547,8 +317959,8 @@ rule SIGNATURE_BASE_SUSP_DOC_RTF_Externalresource_EMAIL_Jun22 : CVE_2022_30190 F
date = "2022-06-01"
modified = "2025-03-21"
reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L194-L220"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L194-L220"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73e76bd80f77640c0d8d47ebb7903eb9cc23336fbe653e7d008cae6a0de7c45b"
score = 70
quality = 85
@@ -317577,8 +317989,8 @@ rule SIGNATURE_BASE_SUSP_Msdt_Artefact_Jun22_2 : CVE_2022_30190 FILE
date = "2022-06-01"
modified = "2022-07-29"
reference = "https://twitter.com/nas_bench/status/1531718490494844928"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L222-L241"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L222-L241"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e18f6405f0411128335336e65dda4ed2b6be6e9ad47b94646ececf0479fbe967"
score = 75
quality = 85
@@ -317602,8 +318014,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Follina_Jun22 : CVE_2022_30190 FILE
date = "2022-06-02"
modified = "2025-03-21"
reference = "https://twitter.com/gossithedog/status/1531650897905950727"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_doc_follina.yar#L243-L261"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_doc_follina.yar#L243-L261"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b63bb266b968987b2b5a83c9429e96acbd57e12178e4f5fd5894b23d1aaa237"
score = 75
quality = 85
@@ -317627,8 +318039,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Suspicious_Folders_Jan25 : FILE
date = "2025-01-24"
modified = "2025-03-20"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mixed_open_source_export.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mixed_open_source_export.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "776adb706e165389d0abdf8d6f719f6db1ec6d2f3d9d96e1c4a5f2b55e482c31"
score = 65
quality = 85
@@ -317650,8 +318062,8 @@ rule SIGNATURE_BASE_MAL_ME_Rawdisk_Agent_Jan20_1 : FILE
date = "2020-01-02"
modified = "2022-12-21"
reference = "Saudi National Cybersecurity Authority - Destructive Attack DUSTMAN"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dustman.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dustman.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "90345b8358d72b6616c6277222fb1091cb3a88b844391ac3766e7d1ee1192fbe"
score = 65
quality = 85
@@ -317680,8 +318092,8 @@ rule SIGNATURE_BASE_MAL_ME_Rawdisk_Agent_Jan20_2 : FILE
date = "2020-01-02"
modified = "2022-12-21"
reference = "https://twitter.com/jfslowik/status/1212501454549741568?s=09"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dustman.yar#L26-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dustman.yar#L26-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73e4a88b749e3b2654e9021290932d2e556c29cfa772785b23bebad9f3a3f90a"
score = 65
quality = 85
@@ -317711,8 +318123,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_WIN_Snake_Malware_May23_1 : MEMORY
date = "2023-05-10"
modified = "2025-03-21"
reference = "https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_ru_snake_may23.yar#L17-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_ru_snake_may23.yar#L17-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7cff7152259bb17a9b72b91f0fbef220aad2f35a1d2758d7225316a9896bf845"
score = 70
quality = 71
@@ -317742,8 +318154,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_Snake_Indicators_May23_1
date = "2023-05-10"
modified = "2025-03-21"
reference = "https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_ru_snake_may23.yar#L45-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_ru_snake_may23.yar#L45-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb7a4ad2ee0868f17b6235f070e4c03e2394e3c252253f334b29ad26116b09e5"
score = 85
quality = 35
@@ -317787,8 +318199,8 @@ rule SIGNATURE_BASE_STUXSHOP_Config
date = "2019-04-09"
modified = "2023-12-05"
reference = "https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxshop.yar#L2-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxshop.yar#L2-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579"
logic_hash = "9dd57f8b4e25a53dcf54dc75a1bb26675c7dd04dbb4d96286bcc0a6527a21782"
score = 75
@@ -317821,8 +318233,8 @@ rule SIGNATURE_BASE_STUXSHOP_Oscheck
date = "2019-04-09"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxshop.yar#L32-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxshop.yar#L32-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579"
logic_hash = "3dca26e622289c2d244e3af035e892455a47daa67dbe0c6fad29d9f7403cbc6b"
score = 75
@@ -317849,8 +318261,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Metasploitpayload : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L10-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L10-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1399818f71544245a7b689a7eb4da794b10814590e4c5f545fc28237ffa3d0f6"
score = 75
quality = 85
@@ -317874,8 +318286,8 @@ rule SIGNATURE_BASE_Empire_Exploit_Jenkins : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L26-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L26-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "caf65814a1aeb0e14ec6430f7d5692b9c090bdc0d453566f0b0abd703f74bac7"
score = 75
quality = 85
@@ -317900,8 +318312,8 @@ rule SIGNATURE_BASE_Empire_Get_Securitypackages : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L43-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L43-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d63fdcc6713d2f7645b16cf3e79a6e951c7751a10bfa0e2853def47ea9547d2"
score = 75
quality = 85
@@ -317925,8 +318337,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Powerdump : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L59-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L59-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e460d015be54a88d0eb5741a9c32cf6d7a410e0beb5356402af0dd19d1b4c6f2"
score = 75
quality = 85
@@ -317951,8 +318363,8 @@ rule SIGNATURE_BASE_Empire_Install_SSP : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L76-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L76-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf0966d0141d4606983f267face635ef5fddbc73282f02f0a0ae6fcf89f2e6dc"
score = 75
quality = 85
@@ -317975,8 +318387,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Shellcodemsil : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L91-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L91-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb556fb8b558145e7e981ab3c3ccfb2656512498b917c705e53bc5b9f3650155"
score = 75
quality = 85
@@ -318002,8 +318414,8 @@ rule SIGNATURE_BASE_HKTL_Empire_Powerup : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L109-L122"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L109-L122"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d55674866a1a14d4f4c2b5529e47e005ca4b433383bf112af6da41d7f84afdb7"
score = 75
quality = 85
@@ -318026,8 +318438,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Mimikatz_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L124-L138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L124-L138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a28297025b9b0178ab437996ffd3e0c28526f1edaf61db659093fe41a356cf40"
score = 75
quality = 85
@@ -318051,8 +318463,8 @@ rule SIGNATURE_BASE_Empire_Get_Gpppassword : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L140-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L140-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c879e50805e8b89fc8f3a7c7da2c8e906c89f210ab74194daca6b0ba2d312ba"
score = 75
quality = 85
@@ -318077,8 +318489,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Smbscanner : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L157-L171"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L157-L171"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5feb32dd0fc5271256dc4a088b9b02b591dbe584759db7ee4f5a6c99f42c3c0c"
score = 75
quality = 85
@@ -318102,8 +318514,8 @@ rule SIGNATURE_BASE_Empire_Exploit_Jboss : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L173-L190"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L173-L190"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0eef14c3966745a0f2b7eb404eed122a11eea2fb82884ebd2087b3ab90bff93"
score = 75
quality = 85
@@ -318130,8 +318542,8 @@ rule SIGNATURE_BASE_Empire_Dumpcredstore : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L192-L207"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L192-L207"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7136920e531d7ab621e743c5c89c0d817fe453108878e3c808814ca48ad57fb3"
score = 75
quality = 85
@@ -318156,8 +318568,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Egresscheck : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L209-L222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L209-L222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "693564e0bd98ebd03cd433d8ba1003051a5cf6b1f0c05d3c5a4682e6d667327e"
score = 75
quality = 85
@@ -318180,8 +318592,8 @@ rule SIGNATURE_BASE_Empire_Reflectivepick_X64_Orig : FILE
date = "2016-11-05"
modified = "2022-12-21"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L224-L240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L224-L240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a87c5f1da9c490887cba5e9837ca40ac92b63d8c36b682f4be770ac061b5acdf"
score = 75
quality = 85
@@ -318205,8 +318617,8 @@ rule SIGNATURE_BASE_Empire_Out_Minidump : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L242-L256"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L242-L256"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ce4ac95ac942a2ad758b1d9034e6ec50d25d195ba1c2ae95a90a7490708e485"
score = 75
quality = 85
@@ -318230,8 +318642,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Psexec : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L258-L273"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L258-L273"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "86af63a3be5b4940966932b129edbe4cca5ac1a31d120ba44fdca739e9c97ad4"
score = 75
quality = 85
@@ -318256,8 +318668,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Postexfil : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L275-L289"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L275-L289"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "74602d1c4986e6392df8845e0ed713499aa3b93c64e9d68e95f9dbaf60fe4299"
score = 75
quality = 85
@@ -318281,8 +318693,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Smbautobrute : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L291-L305"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L291-L305"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd87a5d3a710017953c8c19862e4daee25de0e57175cab8246eea6d067fcb4d1"
score = 75
quality = 85
@@ -318306,8 +318718,8 @@ rule SIGNATURE_BASE_Empire_Get_Keystrokes : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L307-L320"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L307-L320"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "710e1bbf517c6683bd3082786e605cb8e6a52460f9c96609610e5ab38800dc79"
score = 75
quality = 85
@@ -318330,8 +318742,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Dllinjection : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L322-L335"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L322-L335"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "450ca96dd7c80275d7e4eaf07a7229e27530c373b8d79af5be8f4a741daef448"
score = 75
quality = 85
@@ -318354,8 +318766,8 @@ rule SIGNATURE_BASE_Empire_Keepassconfig : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L337-L350"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L337-L350"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "044c8a326ee6cc74a918e6c28100032bfd2fb396ddab8683ab11e00f9370ab2a"
score = 75
quality = 85
@@ -318378,8 +318790,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Sshcommand : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L352-L367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L352-L367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3749c3d58335cb08bff66fe3126fc4977261576a9fbedbd7da673e3921364850"
score = 75
quality = 85
@@ -318404,8 +318816,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen1 : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L371-L390"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L371-L390"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "074423d30c5ef419d1ca9433477d8a896086cec84eb939270ce51d3965b6b1a2"
score = 75
quality = 85
@@ -318434,8 +318846,8 @@ rule SIGNATURE_BASE_Empire_Powerup_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L392-L407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L392-L407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4086b057b46cac85bb871d2d4363d4ae4c99a160e5c9625e4d41e3df55fece2d"
score = 75
quality = 85
@@ -318460,8 +318872,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen2 : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L409-L428"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L409-L428"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e3cb63d0c3278ee4d04cb4b1d6ebe817fb3da97d25e2581f95bd43ecd5142b30"
score = 75
quality = 85
@@ -318490,8 +318902,8 @@ rule SIGNATURE_BASE_Empire_Agent_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L430-L447"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L430-L447"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed8aee7ac6c1d93b21cc1aa5c3c18df1566692c63a010715a3aae65e18fffa60"
score = 75
quality = 85
@@ -318518,8 +318930,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen3 : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L449-L467"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L449-L467"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "933fe27c54e90806a21082b4d2e4cbb3491374e48834a64c0d6a520c537d145e"
score = 75
quality = 85
@@ -318547,8 +318959,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Inveighrelay_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L469-L484"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L469-L484"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "183a0afa9233e380471ddfa8f85e6c6555d69c785c9a4e8791e19432b6849558"
score = 75
quality = 85
@@ -318573,8 +318985,8 @@ rule SIGNATURE_BASE_Empire_Keepassconfig_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L486-L500"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L486-L500"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "986f299d2b6e2ec47acae09d8a25b6c45caf83c964208c594433308cd11ad264"
score = 75
quality = 85
@@ -318598,8 +319010,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Portscan_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L502-L517"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L502-L517"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05e786dc42ee5ec56197803577d104595ad6554e028b7633b2f7fdf55a63e27c"
score = 75
quality = 85
@@ -318624,8 +319036,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen4 : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L519-L545"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L519-L545"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "314574a463f9cc772702d5e3358f5280b2805298fedb89c14786518a4832d63b"
score = 75
quality = 85
@@ -318661,8 +319073,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Credentialinjection_Invoke_Mimikatz_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L547-L563"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L547-L563"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3210b4407c3209a20d74c8c5af66077cc9b902912ae49253883b7acd87eef1f9"
score = 75
quality = 60
@@ -318688,8 +319100,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Gen : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L565-L582"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L565-L582"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "11d00ea1f40d34cfd3417db337a01eca39b0e77049f74f0c591cd1d388a8d194"
score = 75
quality = 85
@@ -318716,8 +319128,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen5 : FILE
date = "2016-11-05"
modified = "2023-12-05"
reference = "https://github.com/adaptivethreat/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_empire.yar#L584-L601"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_empire.yar#L584-L601"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "115fffabb09ed00ab46c6f980c3a7727070a303cafa900cc1ce04e3999b6b70e"
score = 75
quality = 85
@@ -318744,8 +319156,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell : FILE
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "977ee0fdf0e92ccea6b71fea7b2c7aed2965c6966d8af86230ccb0f95b286694"
score = 70
quality = 85
@@ -318771,8 +319183,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Ziparchivefile
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L30-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L30-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c15e7022f45ec211ba635d6cd31bab16f4fb0d3038fb19d5765e0f751c14a826"
score = 80
quality = 85
@@ -318793,8 +319205,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Perlnetworkscript : FILE
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L44-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L44-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b170c07a005e737c8069f2cc63f869d4d3ff6593b3bfca5bcaf02d7808da6852"
score = 90
quality = 85
@@ -318819,8 +319231,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Sqldumpfile
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L64-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L64-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c34abcada22fdf462fd66cc2da18ab9e54215defc6f7a7a95b5a80d1155a2ffe"
score = 90
quality = 85
@@ -318841,8 +319253,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_Key
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L78-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L78-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "056503a2c240a641cd2292a30ab1090e3a358cb4d57dca83b836ecb1bc62ed6b"
score = 80
quality = 85
@@ -318863,8 +319275,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_Name_Encrypted
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L92-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L92-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f65d59381403534a2c2f39d66c7c62bf1540eafc9aad1ad73de1809e91c42446"
score = 80
quality = 85
@@ -318885,11 +319297,11 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_File_Plaintext
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L106-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L106-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "536327d5216372a3fd2f4dad0a21be2778ce2930212daf0a8628ecbdab49b46e"
score = 80
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -318907,8 +319319,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_File_Ciphertext
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L120-L132"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L120-L132"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9dc7ee5b0a218a2b5be652e137fa090c944c3ddb0f699f521a72896668210813"
score = 80
quality = 85
@@ -318929,8 +319341,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Socket_Path
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L134-L146"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L134-L146"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8c049b5a7b508ca0f160d166f3c726e4a23a2c5b3105d075d7bf7a301a1c58f6"
score = 80
quality = 85
@@ -318951,8 +319363,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Task_Names
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L148-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L148-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "193482da1e2b9509fa9c65d46edc56057f7b5d44b7408d918d4a9cbb60736dab"
score = 80
quality = 85
@@ -318980,8 +319392,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Struct
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L169-L185"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L169-L185"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "312d0598fa85837f94023036468fcae50e8b2de532430a944befa8090afe79f6"
score = 80
quality = 85
@@ -319006,8 +319418,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Strings_Typo
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L187-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L187-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "65e6de743eb9fc742674c7e54eef8a376963a6fd4380bacd03fe6f92d4235920"
score = 80
quality = 85
@@ -319031,8 +319443,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Strings
date = "2021-02-15"
modified = "2024-05-25"
reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_centreon.yar#L204-L232"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_centreon.yar#L204-L232"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9d2790e60184ed973b2735263d0a997f32af0beacc9ea8ef65926fe6507011d5"
score = 80
quality = 85
@@ -319065,8 +319477,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Unknown_Jun25 : FILE
date = "2025-06-19"
modified = "2025-07-01"
reference = "https://x.com/cyb3rops/status/1935707307805134975"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_wipers_jun25.yar#L2-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_wipers_jun25.yar#L2-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64569f65814d63e55ea938e3dd9bd359da4597328887bdacf37bb5545ea32424"
score = 75
quality = 35
@@ -319090,8 +319502,8 @@ rule SIGNATURE_BASE_SUSP_LNX_SH_Disk_Wiper_Script_Jun25 : FILE
date = "2025-06-19"
modified = "2025-07-01"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_wipers_jun25.yar#L23-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_wipers_jun25.yar#L23-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99a0a393c2a636c10195c7ad85f3b282a30ba05fbc0f0db7fc04b0f79fbc6760"
score = 65
quality = 85
@@ -319115,8 +319527,8 @@ rule SIGNATURE_BASE_SUSP_PY_Pyinstaller_Swiper_Jun25 : FILE
date = "2025-06-19"
modified = "2025-07-01"
reference = "https://x.com/cyb3rops/status/1935707307805134975"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_wipers_jun25.yar#L41-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_wipers_jun25.yar#L41-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "824bdda031336b2d9a60b09bfa36e68a2e03159b217c9c25dd708df454144e1e"
score = 65
quality = 85
@@ -319141,8 +319553,8 @@ rule SIGNATURE_BASE_APT_MAL_IR_Druidfly_Wiper_Jun25 : FILE
date = "2025-06-21"
modified = "2025-07-01"
reference = "https://x.com/threatintel/status/1936049254432231444"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_wipers_jun25.yar#L61-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_wipers_jun25.yar#L61-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9d3872506b03ea03a2c3cd7304c6b2d9dfafa04a29e19dc9be4924eaaa5db2d6"
score = 80
quality = 85
@@ -319170,8 +319582,8 @@ rule SIGNATURE_BASE_Goldeneye_Ransomware_XLS : FILE
date = "2016-12-06"
modified = "2023-12-05"
reference = "https://goo.gl/jp2SkT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_goldeneye.yar#L10-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_goldeneye.yar#L10-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "827c1d1c0f9c3ebd77413de7e1db5e29d05f2ece6676c79a79f6c1ff2788f42b"
score = 75
quality = 85
@@ -319195,8 +319607,8 @@ rule SIGNATURE_BASE_Goldeneyeransomware_Dropper_Malformedzoomit : FILE
date = "2016-12-06"
modified = "2023-12-05"
reference = "https://goo.gl/jp2SkT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_goldeneye.yar#L26-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_goldeneye.yar#L26-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c18405a272c9210973e3184b8267306919cba8795b12d5982a9e3e8f748f9782"
score = 75
quality = 85
@@ -319221,8 +319633,8 @@ rule SIGNATURE_BASE_APT_Donotteam_Ytyframework : APT DONOTTEAM WINDOWS FILE
date = "2018-08-03"
modified = "2023-12-05"
reference = "https://labs.bitdefender.com/2017/09/ehdevel-the-story-of-a-continuously-improving-advanced-threat-creation-toolkit/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_donotteam_ytyframework.yar#L3-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_donotteam_ytyframework.yar#L3-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1e0c1b97925e1ed90562d2c68971e038d8506b354dd6c1d2bcc252d2a48bc31c"
logic_hash = "8e2841fd4550f12d88fb451a893f1ba41f0d3c123d9c195fe97366202376ef61"
score = 75
@@ -319265,8 +319677,8 @@ rule SIGNATURE_BASE_VUL_Jquery_Fileupload_CVE_2018_9206 : CVE_2018_9206
date = "2018-10-19"
modified = "2023-12-05"
reference = "https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_jquery_fileupload_cve_2018_9206.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_jquery_fileupload_cve_2018_9206.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ef7cc13130c60ece346802cb6efec96065f84407fb84b89703628fdf32c0ee53"
score = 75
quality = 85
@@ -319289,8 +319701,8 @@ rule SIGNATURE_BASE_HKTL_FRP_Apr20_1
date = "2020-04-07"
modified = "2022-11-03"
reference = "https://github.com/fatedier/frp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_frp_proxy.yar#L2-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_frp_proxy.yar#L2-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21f91fd99aed8b62d804504889c41ca77567fd345cf4ea0ef00161eefa9324a7"
score = 70
quality = 85
@@ -319317,8 +319729,8 @@ rule SIGNATURE_BASE_HKTL_FRP_INI_Apr20_1 : FILE
date = "2020-04-07"
modified = "2023-12-05"
reference = "Chinese Hacktools OpenDir"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_frp_proxy.yar#L24-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_frp_proxy.yar#L24-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cc997dc876d7a49292b62a0fb4ff12b34dacacfd8a1b90226d6a9aee303cacdf"
score = 60
quality = 85
@@ -319345,8 +319757,8 @@ rule SIGNATURE_BASE_Visualdiscovery_Lonovo_Superfish_SSL_Hijack : FILE
date = "2015-02-19"
modified = "2023-12-05"
reference = "https://twitter.com/4nc4p/status/568325493558272000"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/threat_lenovo_superfish.yar#L4-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/threat_lenovo_superfish.yar#L4-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f156a51dccafe32467b64251507928b1c7a1b04595063aa66aa69da6c4cc4fc"
score = 75
quality = 85
@@ -319374,8 +319786,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Cudacrt : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "www.kudelskisecurity.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sphinx_moth.yar#L9-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sphinx_moth.yar#L9-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ae7ff3d5ffd29de80ce5dcccde9af04d2537a279fe35f6e94257d59a462ba6a0"
score = 75
quality = 85
@@ -319401,8 +319813,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_H2T : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "www.kudelskisecurity.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sphinx_moth.yar#L28-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sphinx_moth.yar#L28-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7aca260d415de84cf432b18385db6a9768a036e3bd0a9aa8ded4a1bfcad26d0c"
score = 75
quality = 85
@@ -319428,8 +319840,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Iastor32 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "www.kudelskisecurity.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sphinx_moth.yar#L47-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sphinx_moth.yar#L47-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "056949677654a88fb430c988939006dacfefdabbe12824936a01e5aabbb73441"
score = 75
quality = 85
@@ -319451,8 +319863,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Kerberos32 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "www.kudelskisecurity.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sphinx_moth.yar#L61-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sphinx_moth.yar#L61-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b672c9b9b0ffffd8f243832ea217bfc10b08026c71d297ee1047ca999fb829c"
score = 75
quality = 85
@@ -319485,8 +319897,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Kerberos64 : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "www.kudelskisecurity.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sphinx_moth.yar#L87-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sphinx_moth.yar#L87-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "13aeb72fcd0f5fd6e73464a90787c756c50569f9eae48945e4ff90d8f9073585"
score = 75
quality = 85
@@ -319513,8 +319925,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Nvcplex : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "www.kudelskisecurity.com"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sphinx_moth.yar#L106-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sphinx_moth.yar#L106-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2f851c0ab8c4a426b00addfbe0da7ceebb08e93014efcb11d64247d14fec909b"
score = 75
quality = 85
@@ -319538,8 +319950,8 @@ rule SIGNATURE_BASE_HKTL_Sentinelone_Remotepotato0_Privesc : FILE
date = "2021-04-26"
modified = "2023-12-05"
reference = "https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_remote_potato0.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_remote_potato0.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f3a3a917908af6260f40b217f966750a095140abb6bf85cf3a728725bc16996f"
score = 75
quality = 79
@@ -319564,8 +319976,8 @@ rule SIGNATURE_BASE_Office_OLE_DDE : FILE
date = "2017-10-12"
modified = "2023-12-05"
reference = "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_dde_in_office_docs.yar#L48-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_dde_in_office_docs.yar#L48-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d2f7dce166dc8ef8aba7e8eaafaf4d1bb34cdc1ce97d34125a65147cf5e08ac"
score = 50
quality = 60
@@ -319588,8 +320000,8 @@ rule SIGNATURE_BASE_APT_Malware_Commentcrew_Miniasp : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_miniasp.yar#L2-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_miniasp.yar#L2-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f382dd802f0332c99b1d33cf1dcd99ba7fad344a381152ebadfb69bc74c4e58f"
score = 75
quality = 85
@@ -319630,8 +320042,8 @@ rule SIGNATURE_BASE_VULN_Dell_BIOS_Update_Driver_Dbutil_May21 : CVE_2021_21551 F
date = "2021-05-05"
modified = "2023-12-05"
reference = "https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_dell_bios_upd_driver.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_dell_bios_upd_driver.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9cefb9fe28e818a3b0bc1c9ac570ddf2fac7ebf23408963656b7ec86d5bf3224"
score = 60
quality = 85
@@ -319657,8 +320069,8 @@ rule SIGNATURE_BASE_Gen_Excel_Xll_Addin_Suspicious : FILE
date = "2020-10-16"
modified = "2023-12-05"
reference = "https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_excel_xll_addin_suspicious.yar#L3-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_excel_xll_addin_suspicious.yar#L3-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8c3f00ef05b0b84e4c4d655d01eab6f6e67714619695fd1433726e5a940e530"
score = 65
quality = 85
@@ -319695,8 +320107,8 @@ rule SIGNATURE_BASE_Invoke_Osiris : FILE
date = "2017-03-27"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_ps_osiris.yar#L10-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_ps_osiris.yar#L10-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a93308d6595de647a96716df0799ec690d91b2fb87e0b4a2f47e6b8b52eed97"
score = 70
quality = 85
@@ -319720,8 +320132,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4fe1a1b09344cd84f981b193b480d23807893b59ad781868d82089a7306c042f"
score = 85
quality = 85
@@ -319745,8 +320157,8 @@ rule SIGNATURE_BASE_SUSP_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23
date = "2023-04-20"
modified = "2023-04-21"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L19-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L19-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ccb482a7634dc24fde03b5730bf28a9e028f8d5a9ad46ba9663d1b520264d8f4"
score = 75
quality = 85
@@ -319770,8 +320182,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_1 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L37-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L37-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "439a201e6a44a00a31fd13efc83a1acf858a52201e3ab48d5cf095bae1e48cf7"
score = 75
quality = 85
@@ -319798,8 +320210,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_2 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L57-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L57-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "62f74faa8f136f4dc63a4b703cffcb97b438cc4f180d5d127d1fc4b86d3cd1d1"
score = 75
quality = 85
@@ -319827,8 +320239,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_3 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L78-L96"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L78-L96"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c6441c961dcad0fe127514a918eaabd4"
logic_hash = "2109340edfb1891baef5bd92ba3c9da77f891341de9e8094060a649de62fade2"
score = 75
@@ -319855,8 +320267,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_4 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L98-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L98-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2a875c39a43ff054ed5a6cf2fa1f17c2adc189452582763db8ceddfa652abfbf"
score = 75
quality = 85
@@ -319885,8 +320297,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_5 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L120-L143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L120-L143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d43b8198ad224bee8d290dd7031d73f76a7d957a2e3b44d89e7aaf5f2c94c65"
score = 75
quality = 85
@@ -319918,8 +320330,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_6 : FILE
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L145-L164"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L145-L164"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d3b1e5f7a6b73fc4cdc5abe19a412130cde33c2d52c0ad78256b865e018e3794"
score = 75
quality = 85
@@ -319948,8 +320360,8 @@ rule SIGNATURE_BASE_SUSP_NK_MAL_M_Hunting_POOLRAT
modified = "2023-12-05"
old_rule_name = "APT_NK_MAL_M_Hunting_POOLRAT"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L166-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L166-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac8db844a9c4ed961930417809afb706ea948c4509a4be1eaeed77f09c86069d"
score = 70
quality = 83
@@ -319976,8 +320388,8 @@ rule SIGNATURE_BASE_APT_NK_Tradingtech_Forensicartifacts_Apr23_1 : FILE
date = "2023-04-20"
modified = "2023-04-21"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L204-L225"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L204-L225"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "50329427e56b70335a12f0dde87a36ac95838377482eebab334d252332fe481b"
score = 60
quality = 85
@@ -320004,8 +320416,8 @@ rule SIGNATURE_BASE_SUSP_TH_APT_UNC4736_Tradingtech_Cert_Apr23_1
date = "2023-04-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_tradingtech_apr23.yar#L227-L242"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_tradingtech_apr23.yar#L227-L242"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "47941828b3c18ed39eddacbc73e147651a9bd48e1a0f7b9847ff1d4c6fea6afd"
score = 65
quality = 85
@@ -320028,8 +320440,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Germanwiper : FILE
date = "2019-08-05"
modified = "2023-12-05"
reference = "https://twitter.com/r3c0nst/status/1158326526766657538"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_germanwiper.yar#L1-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_germanwiper.yar#L1-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dcb4f91006a893149a60e9708efb9de809f75c810bddfd2d90c8f6fffa0879ea"
score = 75
quality = 85
@@ -320061,8 +320473,8 @@ rule SIGNATURE_BASE_SUSP_Email_Suspicious_Onenote_Attachment_Jan23_1 : FILE
date = "2023-01-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_onenote_phish.yar#L2-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_onenote_phish.yar#L2-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c7c5fc86f1dbe54da2d3ff8f039c5e53c3d1f67c9271cb467b2318310f744f93"
score = 65
quality = 85
@@ -320100,8 +320512,8 @@ rule SIGNATURE_BASE_SUSP_Email_Suspicious_Onenote_Attachment_Jan23_2 : FILE
date = "2023-01-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_onenote_phish.yar#L41-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_onenote_phish.yar#L41-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb6f992ce186022f04613af3bf4df629b00d85eac151f8bbd4b8ef96e6892eab"
score = 65
quality = 85
@@ -320126,8 +320538,8 @@ rule SIGNATURE_BASE_SUSP_Onenote_Embedded_Filedatastoreobject_Type_Jan23_1 : FIL
date = "2023-01-27"
modified = "2023-02-27"
reference = "https://blog.didierstevens.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_onenote_phish.yar#L63-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_onenote_phish.yar#L63-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d91ca297ea96f80534085f174d335ffe961c569534f043c5c2ae8d6a9f7ac083"
score = 65
quality = 85
@@ -320177,8 +320589,8 @@ rule SIGNATURE_BASE_SUSP_Onenote_Embedded_Filedatastoreobject_Type_Jan23_2 : FIL
date = "2023-01-27"
modified = "2023-12-05"
reference = "https://blog.didierstevens.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_onenote_phish.yar#L108-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_onenote_phish.yar#L108-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bc07598570b6d4ebc5d14cedfed146c1ad309b8890bc0b9ee5f9ad645c1352e2"
score = 65
quality = 85
@@ -320201,8 +320613,8 @@ rule SIGNATURE_BASE_MAL_Floxif_Generic : FILE
date = "2018-05-11"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_floxif_flystudio.yar#L3-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_floxif_flystudio.yar#L3-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1996f717100d9f1abc2ed3f1e9d0c55daec09654c0f99987ddaea9e9f0d17008"
score = 80
quality = 85
@@ -320223,8 +320635,8 @@ rule SIGNATURE_BASE_MAL_CN_Flystudio_May18_1 : FILE
date = "2018-05-11"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_floxif_flystudio.yar#L21-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_floxif_flystudio.yar#L21-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d03f02a270d8664175b65398c01ec4f0ea182437b31847f9bf4181edb0c36bb"
score = 75
quality = 85
@@ -320249,8 +320661,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Wadhrama : FILE
date = "2019-04-07"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_mal_ransom_wadharma.yar#L3-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_mal_ransom_wadharma.yar#L3-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d78837ed7cb8914be0990859751cf64603ee5a5ad135541c60c6ae145046412"
score = 75
quality = 85
@@ -320269,8 +320681,8 @@ rule SIGNATURE_BASE_MAL_BACKORDER_LOADER_WIN_Go_Jan23 : LOADER GOLANG BACKORDER
date = "2025-01-23"
modified = "2025-03-20"
reference = "EclecticIQ"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_win_go_backorder_loader.yar#L1-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_win_go_backorder_loader.yar#L1-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "70c91ffdc866920a634b31bf4a070fb3c3f947fc9de22b783d6f47a097fec2d8"
logic_hash = "9e79ec9e58e02b7660383ff20957b95bc3c61ed3badc9af3d5829ebe5bf6bd7b"
score = 80
@@ -320300,8 +320712,8 @@ rule SIGNATURE_BASE_Cheshirecat_Sample2 : FILE
date = "2015-08-08"
modified = "2023-12-05"
reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cheshirecat.yar#L11-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cheshirecat.yar#L11-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8"
logic_hash = "4dd299cfe36545dba5ccac22d2eedc405f548fe5f976514d1cfa8238b472782c"
score = 70
@@ -320329,8 +320741,8 @@ rule SIGNATURE_BASE_Cheshirecat_Gen1 : FILE
date = "2015-08-08"
modified = "2023-12-05"
reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cheshirecat.yar#L35-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cheshirecat.yar#L35-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d1bbda9340bc2d2fcefd6bf9a3c30fe0b99c66fb978b3a4583f17c521cfcf4b0"
score = 90
quality = 85
@@ -320375,8 +320787,8 @@ rule SIGNATURE_BASE_Cheshirecat_Gen2 : FILE
date = "2015-08-08"
modified = "2023-12-05"
reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cheshirecat.yar#L76-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cheshirecat.yar#L76-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c5d6ce6cc09c416d3449f7f5fc09139ce9271b69d743832b4b2548682e4ddf1"
score = 70
quality = 85
@@ -320416,8 +320828,8 @@ rule SIGNATURE_BASE_BKDR_Snarasite_Oct17 : FILE
date = "2017-10-07"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_snarasite.yar#L3-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_snarasite.yar#L3-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79f49bce6de996d20b64476feb73987fdcd7555963ea1a596648d8702fbd2898"
score = 75
quality = 85
@@ -320437,8 +320849,8 @@ rule SIGNATURE_BASE_Powershell_Case_Anomaly : FILE
date = "2017-08-11"
modified = "2022-06-12"
reference = "https://twitter.com/danielhbohannon/status/905096106924761088"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_case_anomalies.yar#L11-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_case_anomalies.yar#L11-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbef94b899a2d22930ee0e8b3eac03c505db629d19a62ddd8f56482403dfa595"
score = 70
quality = 77
@@ -320480,8 +320892,8 @@ rule SIGNATURE_BASE_Wscriptshell_Case_Anomaly : FILE
date = "2017-09-11"
modified = "2022-06-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_case_anomalies.yar#L62-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_case_anomalies.yar#L62-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5c64e124186ae2eb974639627287fb27fe27eb2855342703e4a27a9c0fd62a91"
score = 60
quality = 83
@@ -320508,8 +320920,8 @@ rule SIGNATURE_BASE_KR_Target_Malware_Aug17 : FILE
date = "2017-08-23"
modified = "2023-12-05"
reference = "https://twitter.com/eyalsela/status/900250203097354240"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kr_malware.yar#L11-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kr_malware.yar#L11-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "47c3350b489b023687f05f55a09f0092456c87b4beeda563756a99ccd5091b09"
score = 75
quality = 85
@@ -320539,8 +320951,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Bypassuac : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L9-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L9-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ab0f900a6915b7497313977871a64c3658f3e6f73f11b03d2d33ca61305dc6a8"
logic_hash = "1697065405fa0e255cdd77fa39f53866118caf0bad6a3d72756590303610e7b6"
score = 70
@@ -320566,8 +320978,8 @@ rule SIGNATURE_BASE_Empire_Lib_Modules_Trollsploit_Message : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L28-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L28-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "71f2258177eb16eafabb110a9333faab30edacf67cb019d5eab3c12d095655d5"
logic_hash = "70b7d91395ae30131c1448511425abf32ddedf04632266454aa008330ff28222"
score = 70
@@ -320593,8 +321005,8 @@ rule SIGNATURE_BASE_Empire_Persistence : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L47-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L47-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ae8875f7fcb8b4de5cf9721a9f5a9f7782f7c436c86422060ecdc5181e31092f"
logic_hash = "3c398aa180b6f2225a25f9b1430e89991c7e391930e2be140e89c67da67b3614"
score = 70
@@ -320619,8 +321031,8 @@ rule SIGNATURE_BASE_Empire_Portscan : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L65-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L65-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b355efa1e7b3681b1402e22c58ce968795ef245fd08a0afb948d45c173e60b97"
logic_hash = "162ac4ccc8629a2d017831cdc6d1bf8d7a62b844bf68a0d61956b2f41a5e004b"
score = 70
@@ -320644,8 +321056,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Shellcode : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L82-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L82-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438"
logic_hash = "968a140f75aa17bd9aac243483cade931dc047854b65b2f61146492c2cf01ea5"
score = 70
@@ -320670,8 +321082,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Mimikatz : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L100-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L100-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c5481864b757837ecbc75997fa24978ffde3672b8a144a55478ba9a864a19466"
logic_hash = "3e16bed3dd7b36920cdf01507f35e38d004e3ce2f3301911a8ee4aedbae6c5c3"
score = 70
@@ -320696,8 +321108,8 @@ rule SIGNATURE_BASE_Empire_Lib_Modules_Credentials_Mimikatz_Pth : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L118-L133"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L118-L133"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6dee1cf931e02c5f3dc6889e879cc193325b39e18409dcdaf987b8bf7c459211"
logic_hash = "6989c2e50ce642e0300e1293f46cd36e5141274d1e7172a8312595bb515bede2"
score = 70
@@ -320721,8 +321133,8 @@ rule SIGNATURE_BASE_Empire_Write_Hijackdll : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L135-L151"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L135-L151"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "155fa7168e28f15bb34f67344f47234a866e2c63b3303422ff977540623c70bf"
logic_hash = "e01157fe4adaf647474292bfbbb8196c0b7e89433da52a386a8d9573ae543679"
score = 70
@@ -320747,8 +321159,8 @@ rule SIGNATURE_BASE_Empire_Skeleton_Key : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L153-L170"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L153-L170"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3d02f16dcc38faaf5e97e4c5dbddf761f2816004775e6af8826cde9e29bb750f"
logic_hash = "910451b2b2ed7cb5f7891d97d15e49da24b182adc903926f539fc4bfe589f2d5"
score = 70
@@ -320774,8 +321186,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Wmi : FILE
date = "2015-08-06"
modified = "2023-12-05"
reference = "https://github.com/PowerShellEmpire/Empire"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_empire.yar#L172-L188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_empire.yar#L172-L188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a914cb227f652734a91d3d39745ceeacaef7a8b5e89c1beedfd6d5f9b4615a1d"
logic_hash = "7179a22eec8eb9e59bf590e671e6849d5b960c58eb8fa591bc3b340d64f1d076"
score = 70
@@ -320800,11 +321212,11 @@ rule SIGNATURE_BASE_EXPL_Log4J_Callbackdomain_Iocs_Dec21_1 : CVE_2021_44228
date = "2021-12-12"
modified = "2025-03-29"
reference = "https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d5e60f91b715242c6f8ee806ab81d3e296ce1467cf2d065b053f33e3ae00f14"
score = 60
- quality = 60
+ quality = 85
tags = "CVE-2021-44228"
strings:
@@ -320822,8 +321234,8 @@ rule SIGNATURE_BASE_EXPL_JNDI_Exploit_Patterns_Dec21_1
date = "2021-12-12"
modified = "2025-03-29"
reference = "https://github.com/pimps/JNDI-Exploit-Kit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L16-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L16-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9442c8c4eee76539892752361657c86e80acc7990876e787317b042a4637f669"
score = 60
quality = 85
@@ -320864,8 +321276,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_JAVA_Exception_Dec21_1 : CVE_2021_
date = "2021-12-12"
modified = "2025-03-29"
reference = "https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L51-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L51-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "98eabec4ad2f5c4d22db9c3bebdc82c8dc6723599748360875fc7b613b1019ab"
score = 60
quality = 85
@@ -320888,8 +321300,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_Soft : FILE CVE_2021_44228
date = "2021-12-10"
modified = "2025-03-24"
reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L68-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L68-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "61a005060e2041afa5a9aa0b2a5e26cfc9a53cbafa78b15e4dd2c3b38127373a"
score = 50
quality = 85
@@ -320920,8 +321332,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_OBFUSC : CVE_2021_44228
date = "2021-12-12"
modified = "2021-12-13"
reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L94-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L94-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "00231db2ae83a89c187dbde1f2bc67fdaedcf1cbdf872afdcc374d2d0abee515"
score = 60
quality = 85
@@ -320950,11 +321362,11 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_Hard : FILE CVE_2021_44228
date = "2021-12-10"
modified = "2025-03-20"
reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L118-L140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L118-L140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a4fc285dd1680ebc8a1042eeb5fbba73b9e2df70678adf3163122d84405325e"
score = 65
- quality = 60
+ quality = 85
tags = "FILE, CVE-2021-44228"
strings:
@@ -320979,8 +321391,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Exploit_Indicators_Dec21 : CVE_2021_4422
date = "2021-12-10"
modified = "2021-12-13"
reference = "https://twitter.com/Reelix/status/1469327487243071493"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L142-L165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L142-L165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "703a83916c7279bcdc3cd61602472c2a3815140235be169f5b2063a547438c61"
score = 70
quality = 85
@@ -321007,11 +321419,11 @@ rule SIGNATURE_BASE_SUSP_Jdniexploit_Indicators_Dec21 : FILE
date = "2021-12-10"
modified = "2021-12-12"
reference = "https://github.com/flypig5211/JNDIExploit"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L167-L180"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L167-L180"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7886a67672001f0db72575d96d3a12341bfcdc49a9951e3d5e2a88ab46bf5a5d"
score = 70
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -321029,8 +321441,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_OBFUSC_Dec21_1 : CVE_2021_44228 FILE
date = "2021-12-11"
modified = "2022-11-08"
reference = "https://twitter.com/testanull/status/1469549425521348609"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L182-L211"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L182-L211"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d6ffb70da82fe16e7a76feb31c01aa3e0cfc5625cc0e2b237ec851c646550839"
score = 60
quality = 85
@@ -321059,8 +321471,8 @@ rule SIGNATURE_BASE_SUSP_Jdniexploit_Error_Indicators_Dec21_1
date = "2021-12-10"
modified = "2023-06-23"
reference = "https://twitter.com/marcioalm/status/1470361495405875200?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_log4j_cve_2021_44228.yar#L213-L226"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_log4j_cve_2021_44228.yar#L213-L226"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ab98814b2ed66b0bda875fecc0b09db82035d7edcdb0af65f815817ec8c6cc8"
score = 70
quality = 85
@@ -321081,8 +321493,8 @@ rule SIGNATURE_BASE_HKTL_Solarwinds_Credential_Stealer : FILE
date = "2021-01-20"
modified = "2023-12-05"
reference = "https://github.com/mubix/solarflare"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_solarwinds_credential_stealer.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_solarwinds_credential_stealer.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b2e5186464ed0bdd38fcd9f4ab294a7ba28bd829bf296584cbc32e2889037e4"
hash = "4adb69d4222c80d97f8d64e4d48b574908a518f8d504f24ce93a18b90bd506dc"
logic_hash = "ccf55ba7b66ff8d0f926999f3d68dc3b2fdc1c9ce15e1f08b75d003c62393312"
@@ -321116,8 +321528,8 @@ rule SIGNATURE_BASE_HKTL_EDR_Freeze_Sep25_2 : FILE
date = "2025-09-30"
modified = "2025-09-30"
reference = "https://github.com/TwoSevenOneT/EDR-Freeze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/hktl_edr_freeze_sep25.yar#L1-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/hktl_edr_freeze_sep25.yar#L1-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "735d56839f17ca98a0022e6044b8d0bc43201b48e3a64c7b671c417f62749643"
score = 80
quality = 85
@@ -321154,8 +321566,8 @@ rule SIGNATURE_BASE_Brc4_Shellcode
date = "2022-11-19"
modified = "2023-12-05"
reference = "https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit/blob/main/deprecated/brc4.yara"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/hktl_bruteratel_c4.yar#L263-L290"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/hktl_bruteratel_c4.yar#L263-L290"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2816eb0316cebc96569847c17eae3bc50b988b07aa471176a09695fcefc21ec"
score = 75
quality = 83
@@ -321190,8 +321602,8 @@ rule SIGNATURE_BASE_Crime_Win32_Parallax_Loader_1 : FILE
date = "2020-02-24"
modified = "2023-12-05"
reference = "https://twitter.com/VK_Intel/status/1227976106227224578"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_parallax_rat.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_parallax_rat.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1331e7b69fd9b14b5d2dae45b452b385e48018290d91de33a4f4a5ebcce4805b"
score = 75
quality = 85
@@ -321214,8 +321626,8 @@ rule SIGNATURE_BASE_Crime_Win32_Parallax_Payload_1 : FILE
date = "2020-02-24"
modified = "2023-12-05"
reference = "https://twitter.com/VK_Intel/status/1227976106227224578"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_parallax_rat.yar#L20-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_parallax_rat.yar#L20-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3a1718d7caea5bd6741dd39fc16f955e1d3c73a282d51eda5b63c3352404529e"
score = 75
quality = 85
@@ -321239,11 +321651,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Confluence_RCE_CVE_2021_26084_Sep21 : LOG CVE_2021_
date = "2021-09-01"
modified = "2023-12-05"
reference = "https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_26084_confluence_log.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_26084_confluence_log.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "04542570b4814efde3d96ba5be8b5f9fd6e3c51be09f0e8a1c4eba45bfd8f5ff"
score = 55
- quality = 60
+ quality = 85
tags = "LOG, CVE-2021-26084"
strings:
@@ -321270,8 +321682,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_1 : FILE
date = "2017-09-08"
modified = "2023-12-05"
reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rehashed_rat.yar#L13-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rehashed_rat.yar#L13-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "06a98e87d931bdea697a2cf3de604f03654f9aa2b3f2346e78ba92e492c0fc7c"
score = 75
quality = 85
@@ -321302,8 +321714,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_2 : FILE
date = "2017-09-08"
modified = "2023-12-05"
reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rehashed_rat.yar#L41-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rehashed_rat.yar#L41-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "96c4582981792eb5f8180c06a5fe824fd439cfa0ede294eccff3afa7d318a6e9"
score = 75
quality = 85
@@ -321332,8 +321744,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_3 : FILE
date = "2017-09-08"
modified = "2022-12-21"
reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rehashed_rat.yar#L69-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rehashed_rat.yar#L69-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46f21f11959f863c85a1cfac74a28ba86d5b9789fea5a428168d157c13cce022"
score = 75
quality = 85
@@ -321358,8 +321770,8 @@ rule SIGNATURE_BASE_Streamex_Shellcrew
date = "2017-02-09"
modified = "2023-12-05"
reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shellcrew_streamex.yar#L11-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shellcrew_streamex.yar#L11-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a82ff51c1dcd1ebe3d7acc96b46b0b79dcead9146204f060f5413c4c7b5286d3"
score = 80
quality = 85
@@ -321386,8 +321798,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1 : FILE
date = "2017-02-10"
modified = "2022-12-21"
reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shellcrew_streamex.yar#L40-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shellcrew_streamex.yar#L40-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4da0b8843de87e53243af40700afaab77120531af28dc311d9100bce6721650b"
score = 75
quality = 85
@@ -321415,8 +321827,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1_Msi : FILE
date = "2017-02-10"
modified = "2023-12-05"
reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shellcrew_streamex.yar#L61-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shellcrew_streamex.yar#L61-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa853dac58c067a88f1784ac4017fd558151e54ed10ceb32ab90c99e970460fe"
score = 75
quality = 85
@@ -321444,8 +321856,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1_Msi_Dll : FILE
date = "2017-02-10"
modified = "2023-12-05"
reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shellcrew_streamex.yar#L82-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shellcrew_streamex.yar#L82-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "087ac07a2bf822f7838ef46296150381cfc9af9b12b4023654023a779efc1db1"
score = 75
quality = 85
@@ -321471,8 +321883,8 @@ rule SIGNATURE_BASE_GRIZZLY_STEPPE_Malware_1 : FILE
date = "2016-12-29"
modified = "2023-12-05"
reference = "https://goo.gl/WVflzO"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d4a06fbf875ba2dbe64abcc21fab4eea1fe1b092498a09d9a310214562c1869e"
score = 75
quality = 85
@@ -321500,8 +321912,8 @@ rule SIGNATURE_BASE_GRIZZLY_STEPPE_Malware_2 : FILE
date = "2016-12-29"
modified = "2023-12-05"
reference = "https://goo.gl/WVflzO"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L30-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L30-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "134a76129ef2169ac60f21541ef51a223720badfad02f0822acc7fd6d49cf7e7"
score = 75
quality = 85
@@ -321530,8 +321942,8 @@ rule SIGNATURE_BASE_PAS_TOOL_PHP_WEB_KIT_Mod : FILE
date = "2016-12-29"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L52-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L52-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fab894d9609c1fca4a85457e6799d082dfd3eb9ca0564abc04a1a0dd07a7b546"
score = 75
quality = 85
@@ -321558,8 +321970,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Web_Kit_V3 : FILE
date = "2016-01-01"
modified = "2023-12-05"
reference = "https://github.com/wordfence/grizzly"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L76-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L76-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21bf0afcd3f8de813ddfe41ef32e45806e9f9d7d3b08ae7ce65017c35e32a868"
score = 75
quality = 85
@@ -321585,8 +321997,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Web_Kit_V4 : FILE
date = "2016-01-01"
modified = "2023-12-05"
reference = "https://github.com/wordfence/grizzly"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L97-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L97-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e2eaa0abd14f4dd08815c44797df707a08df1ea4e04ae69ba67d128a0fe4eff5"
score = 75
quality = 85
@@ -321611,8 +322023,8 @@ rule SIGNATURE_BASE_APT_APT29_Wellmess_Dotnet_Unique_Strings : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L120-L136"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L120-L136"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2285a264ffab59ab5a1eb4e2b9bcab9baf26750b6c551ee3094af56a4442ac41"
logic_hash = "90e8480aa50e18202007bcffdc8348290ad0ac0588c924b4f75ea425a6cae32d"
score = 75
@@ -321639,8 +322051,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Key_Schedule : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L138-L153"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L138-L153"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "d4f7ec82e51f1063b4d61302e5ff9268dd3233bb44269fc32cb57fb9240f96e2"
score = 75
@@ -321666,8 +322078,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Key_2B62 : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L155-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L155-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "39ad6de70883fbe0377379c3cab15962372793043ebbf4054efb7cee3aff9104"
score = 75
@@ -321689,8 +322101,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Directory_Enumeration_Output_Strings : FI
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L169-L183"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L169-L183"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "8f029269f5a383737f38af04b05a16a71af5453bffe83e04ac53191eaa49d3e7"
score = 75
@@ -321714,8 +322126,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Command_Elem_Cookie_Ga_Boundary_String :
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L185-L199"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L185-L199"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "65b31a12d8abb88fbb99fcc6b2707bec90e4edc35d0cf21903213eda5cacec88"
score = 75
@@ -321739,8 +322151,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Round_Function : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L201-L214"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L201-L214"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "c4979b7ec31581b43b6975be5d4b1bfa5562e5fe25bbb51bb7c388550ed80ac6"
score = 75
@@ -321763,8 +322175,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Add_Random_Commas_Spaces : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L216-L229"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L216-L229"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "046e222aabc9e596d9536702521b4729d990e1f327ded004ca984b73a8511a83"
score = 75
@@ -321787,8 +322199,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Modify_Alphabet_Custom_Encode : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L231-L243"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L231-L243"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "f0f5bcad52b0b15dc74a51973ef2752234bd12d677c846b2f96fe569d906ea3b"
score = 75
@@ -321811,8 +322223,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Custom_Encode_Decode : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L245-L274"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L245-L274"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "536147bda9603d68748010f9db260af732fe0865a601ae1104538933b19c519b"
score = 75
@@ -321851,8 +322263,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Remove_Chars_Comma_Space_Dot : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L276-L289"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L276-L289"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
logic_hash = "652607e0cfe6f5ad6ede169e28f63e8262fc37cbc7baa2525e52e79572d9a468"
score = 75
@@ -321876,8 +322288,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Disk_Enumeration_Strings : FILE
date = "2016-12-30"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_grizzly_steppe.yar#L291-L310"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_grizzly_steppe.yar#L291-L310"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a4b790ddffb3d2e6691dcacae08fb0bfa1ae56b6c73d70688b097ffa831af064"
logic_hash = "4a225b767dc922625c333aea866638bc5e239137592e46c17563b9cc380b0eea"
score = 75
@@ -321906,8 +322318,8 @@ rule SIGNATURE_BASE_Gen_Macro_Shellexecute_Action : FILE
date = "2019-01-08"
modified = "2023-12-05"
reference = "https://twitter.com/ItsReallyNick/status/1091170625698316288"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_macro_ShellExecute_action.yar#L1-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_macro_ShellExecute_action.yar#L1-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da40175579f7d76d10ad0188851f111ba5d875ce990b2940166dd28eac2a742d"
score = 75
quality = 85
@@ -321942,8 +322354,8 @@ rule SIGNATURE_BASE_MAL_WIN_Ralordv1_Apr25 : FILE
date = "2025-04-01"
modified = "2025-04-18"
reference = "https://ish.com.br/wp-content/uploads/2025/04/RALord-Novo-grupo-de-Ransomware-as-a-Service-1.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ralordv1_win_ap25.yar#L1-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ralordv1_win_ap25.yar#L1-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "be15f62d14d1cbe2aecce8396f4c6289"
logic_hash = "75d20cca5eb48109bbb3b0ab0ce2efb4f2d89bc1984df8c4fddf1f859d069750"
score = 80
@@ -321976,8 +322388,8 @@ rule SIGNATURE_BASE_MAL_Sharpshooter_Excel4 : FILE
date = "2020-03-27"
modified = "2023-12-05"
reference = "https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-xls/00b5dd7d-51ca-4938-b7b7-483fe0e5933b"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_Excel4Macro_Sharpshooter.yar#L1-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_Excel4Macro_Sharpshooter.yar#L1-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ccef64586d25ffcb2b28affc1f64319b936175c4911e7841a0e28ee6d6d4a02d"
logic_hash = "4aec8bb7ec8ce7ebd8228416133ea7eec995864aeec78c11548387d832b5fa65"
score = 70
@@ -322004,8 +322416,8 @@ rule SIGNATURE_BASE_SUSP_Excel4Macro_Autoopen : FILE
date = "2020-03-26"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_Excel4Macro_Sharpshooter.yar#L27-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_Excel4Macro_Sharpshooter.yar#L27-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f"
logic_hash = "074aab8e1d3b66e34e8e8d8e8489e1dfee1091df0424b22cd1bfd3cf904754e1"
score = 50
@@ -322032,8 +322444,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Customlokitools : FILE
date = "2017-03-15"
modified = "2017-03-22"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L11-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L11-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "14cce7e641d308c3a177a8abb5457019"
hash = "a3164d2bbc45fb1eef5fde7eb8b245ea"
hash = "dabee9a7ea0ddaf900ef1e3e166ffe8a"
@@ -322070,8 +322482,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Customsniffer
date = "2017-03-15"
modified = "2023-12-05"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L50-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L50-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7b86f40e861705d59f5206c482e1f2a5"
hash = "927426b558888ad680829bd34b0ad0e7"
logic_hash = "5ccf9035adc16393db4b3d461f7a20f86f538275d7806280a15508c15d9c805c"
@@ -322101,8 +322513,8 @@ rule SIGNATURE_BASE_Loki2Crypto
date = "2017-03-21"
modified = "2023-12-05"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L82-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L82-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "19fbd8cbfb12482e8020a887d6427315"
hash = "ea06b213d5924de65407e8931b1e4326"
hash = "14ecd5e6fc8e501037b54ca263896a11"
@@ -322129,8 +322541,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_De_Tool
date = "2017-03-27"
modified = "2017-03-27"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L111-L137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L111-L137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4bc7ed168fb78f0dc688ee2be20c9703"
hash = "8b56e8552a74133da4bc5939b5f74243"
logic_hash = "f658e1aa2ddb84fe3c1de7c7c00f2148d232cf2b3381c298420abfc382c02986"
@@ -322156,8 +322568,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Cle_Tool
date = "2017-03-27"
modified = "2017-03-27"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L140-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L140-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "647d7b711f7b4434145ea30d0ef207b0"
logic_hash = "a4bbd7be617b944a656fa58ca9ec6384f624c95250de6b8a6ba63e7c3387484c"
score = 75
@@ -322185,8 +322597,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Xk_Keylogger
date = "2017-03-27"
modified = "2017-03-27"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L170-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L170-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2acdef9c8e545f4ab217f529a7e4a3e74723b27ec89896f98639fd40792bcc8"
score = 75
quality = 35
@@ -322219,8 +322631,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Encrypted_Keylog : FILE
date = "2017-03-27"
modified = "2017-03-27"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_moonlightmaze.yar#L204-L222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_moonlightmaze.yar#L204-L222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "593f6f2148ddb52e2beee72a48135cd83f126edfdb263b471432d17273e536db"
score = 75
quality = 85
@@ -322242,8 +322654,8 @@ rule SIGNATURE_BASE_Ping_Command_In_EXE : FILE
date = "2016-11-03"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1ea24774471eade7b7c50f0eae520e2b30dbec693e162b83ab0074465f179372"
score = 60
quality = 85
@@ -322265,8 +322677,8 @@ rule SIGNATURE_BASE_Googlebot_Useragent : FILE
date = "2017-01-27"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L17-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L17-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa6cc3625d3740b91d7f1193cea0bdb621ae9445e42300123b01e322f715b976"
score = 65
quality = 85
@@ -322289,11 +322701,11 @@ rule SIGNATURE_BASE_Gen_Net_Localgroup_Administrators_Add_Command : FILE
date = "2017-07-08"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L34-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L34-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "af4d7c8586022583e2019bbdc3638704e1d237b25e3c214f3bc2db64c58c8bd3"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
@@ -322312,8 +322724,8 @@ rule SIGNATURE_BASE_Suspicious_Script_Running_From_HTTP
date = "2017-08-20"
modified = "2025-03-21"
reference = "https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L48-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L48-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49ead238b9153886ddbcfe37939628fd848283373e2807797d0849559ebecf6c"
score = 50
quality = 85
@@ -322338,8 +322750,8 @@ rule SIGNATURE_BASE_Reconcommands_In_File : FILE
date = "2017-12-11"
modified = "2025-03-21"
reference = "https://twitter.com/haroonmeer/status/939099379834658817"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L66-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L66-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73b4bcf76f42a6bf9c3d9dfe3f4e754ce2856e03a47cfd35388d47290209e65d"
score = 40
quality = 85
@@ -322368,8 +322780,8 @@ rule SIGNATURE_BASE_VBS_Dropper_Script_Dec17_1 : FILE
date = "2018-01-01"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L88-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L88-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f3c55bd6bf382891263887e46a794329c78bff87b7685088911261fc3b3b133d"
score = 80
quality = 85
@@ -322396,8 +322808,8 @@ rule SIGNATURE_BASE_SUSP_PDB_Strings_Keylogger_Backdoor : HIGHVOL FILE
date = "2018-03-23"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L109-L130"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L109-L130"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a842ff8cd8be98a2e37a81706a9c594e8bf1bcc6bd3cedfe4747cd52f6044f5"
score = 65
quality = 85
@@ -322426,8 +322838,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_Copyright_String_Anomaly_2 : FILE
date = "2018-05-11"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L132-L146"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L132-L146"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "60bc5d8d0853f474b81d2274a65977a12a481e4b669b38ae47a325eeb60d2735"
score = 60
quality = 85
@@ -322450,8 +322862,8 @@ rule SIGNATURE_BASE_SUSP_LNK_File_Appdata_Roaming : FILE
date = "2018-05-16"
modified = "2025-03-21"
reference = "https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L148-L168"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L148-L168"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e5c78d3fe3fcdbfb097f833fbb1e15ad1f79e63b330eaba754d8b5296b5165a"
score = 50
quality = 85
@@ -322476,8 +322888,8 @@ rule SIGNATURE_BASE_SUSP_LNK_File_Pathtraversal : FILE
date = "2018-05-16"
modified = "2025-03-21"
reference = "https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L170-L186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L170-L186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9935c454518abe7fd4ec4f09e36e4200ec7c9f3b3ad004e9b49d60c08f508236"
score = 40
quality = 85
@@ -322499,8 +322911,8 @@ rule SIGNATURE_BASE_SUSP_Script_Obfuscation_Char_Concat
date = "2018-10-04"
modified = "2025-03-21"
reference = "https://twitter.com/JaromirHorejsi/status/1047084277920411648"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L188-L200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L188-L200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "28b648e0e1c22fefa49a937f40bd4ed09c5d3894ff059979bad69e8bc98fcac2"
score = 65
quality = 85
@@ -322522,8 +322934,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_IEX_Download_Combo
date = "2018-10-04"
modified = "2025-03-21"
reference = "https://twitter.com/JaromirHorejsi/status/1047084277920411648"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L202-L218"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L202-L218"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a1507859354e0e0d9284befcf777c4d3883496eb96524a246a1df4f3a247aa9"
score = 65
quality = 85
@@ -322548,8 +322960,8 @@ rule SIGNATURE_BASE_SUSP_Win32Dll_String : FILE
date = "2018-10-24"
modified = "2025-03-21"
reference = "https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L220-L232"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L220-L232"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "514596e078483920cedf0091cd769d8462acfd39956c3ed3e12d630b02ebb7cc"
score = 65
quality = 85
@@ -322571,8 +322983,8 @@ rule SIGNATURE_BASE_SUSP_Modified_Systemexefilename_In_File : FILE
date = "2018-12-11"
modified = "2025-03-21"
reference = "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L234-L248"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L234-L248"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "45c01024c4e6a3563cd27d8a78e2236d49aa795d24f322774a14b4c7289830c4"
score = 65
quality = 85
@@ -322595,8 +323007,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Class_With_VBS_Content : FILE
date = "2019-01-03"
modified = "2025-03-20"
reference = "https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L250-L275"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L250-L275"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf325bbb6a448f977e4e661e4296c4145de9a809c79cee8538d660ecaff76e94"
score = 70
quality = 83
@@ -322623,8 +323035,8 @@ rule SIGNATURE_BASE_SUSP_RAR_With_PDF_Script_Obfuscation : FILE
date = "2019-04-06"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L277-L293"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L277-L293"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05e9fd7620a70a490548d4562c80497bcf888e493b8e1188e0a0e0c274e2a7e5"
score = 65
quality = 85
@@ -322650,8 +323062,8 @@ rule SIGNATURE_BASE_SUSP_Netsh_Portproxy_Command
date = "2019-04-20"
modified = "2025-03-21"
reference = "https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L295-L308"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L295-L308"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dbf82a908e77886af1c31c51f5f6684015cbcb22bf28876c2e1b0dd1ea5bd2b4"
score = 65
quality = 85
@@ -322673,8 +323085,8 @@ rule SIGNATURE_BASE_SUSP_Dropperbackdoor_Keywords : FILE
date = "2019-04-24"
modified = "2025-03-21"
reference = "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L310-L322"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L310-L322"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e83fa95bb2b9ac821d0a00af23834495066ad2cad38ef4f4dcc81aee75415d74"
score = 65
quality = 85
@@ -322696,11 +323108,11 @@ rule SIGNATURE_BASE_SUSP_SFX_Cmd : FILE
date = "2018-09-27"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L324-L336"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L324-L336"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "592de6a2165396c4ae8f494e26e56d0a759903b51167b1531b791897dce66868"
score = 65
- quality = 60
+ quality = 35
tags = "FILE"
hash1 = "965129e5d0c439df97624347534bc24168935e7a71b9ff950c86faae3baec403"
@@ -322719,8 +323131,8 @@ rule SIGNATURE_BASE_SUSP_XMRIG_Reference : FILE
date = "2019-06-20"
modified = "2025-03-21"
reference = "https://twitter.com/itaitevet/status/1141677424045953024"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L338-L350"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L338-L350"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c1e6f5fc390a8ada0688885bba7ed90372915deba5a5e7e5b0cd17ec450ce240"
score = 70
quality = 85
@@ -322741,8 +323153,8 @@ rule SIGNATURE_BASE_SUSP_Just_EICAR : FILE
date = "2019-03-24"
modified = "2025-03-21"
reference = "http://2016.eicar.org/85-0-Download.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L352-L365"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L352-L365"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a48fc3542fb07131fe0a2e25277009d21b9ca7c9e112873249e5b9c31511af79"
score = 40
quality = 85
@@ -322764,8 +323176,8 @@ rule SIGNATURE_BASE_SUSP_PDB_Path_Keywords : FILE
date = "2019-10-04"
modified = "2025-03-21"
reference = "https://twitter.com/stvemillertime/status/1179832666285326337?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L367-L393"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L367-L393"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "274b4b40190b8f7e3d123fad63e2bb6b2114a3dbef062791d442109cac149b08"
score = 65
quality = 85
@@ -322801,8 +323213,8 @@ rule SIGNATURE_BASE_SUSP_Disable_ETW_Jun20_1
date = "2020-06-06"
modified = "2025-03-21"
reference = "https://gist.github.com/Cyb3rWard0g/a4a115fd3ab518a0e593525a379adee3"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L395-L413"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L395-L413"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "182ad2512bcfbcd92d13380113b32982eb367e458019f07038a12f494dfbebb6"
score = 65
quality = 85
@@ -322829,8 +323241,8 @@ rule SIGNATURE_BASE_SUSP_PE_Discord_Attachment_Oct21_1 : FILE
date = "2021-10-12"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L415-L429"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L415-L429"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4d84ec50738f4c7aca8e77c3aabdcd77f3071733a2245a58283f070f2b220599"
score = 70
quality = 85
@@ -322851,8 +323263,8 @@ rule SIGNATURE_BASE_SUSP_Encoded_Discord_Attachment_Oct21_1 : FILE
date = "2021-10-12"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_suspicious_strings.yar#L431-L456"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_suspicious_strings.yar#L431-L456"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1ea5a83e91b5c5b4b8a1d507c365bc1583394c97a28b7d7a576f085854676769"
score = 70
quality = 85
@@ -322881,8 +323293,8 @@ rule SIGNATURE_BASE_MAL_Qakbotloader_Export_Section_Feb23 : FILE
date = "2023-02-17"
modified = "2023-12-05"
reference = "https://github.com/kevoreilly/CAPEv2/blob/master/LICENSE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_qbot_feb23.yar#L22-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_qbot_feb23.yar#L22-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a"
logic_hash = "0e40cd6acdbfb17670b414bd6f2ecdf1ae26ddd6a5d85931973b98963a43aba8"
score = 75
@@ -322906,8 +323318,8 @@ rule SIGNATURE_BASE_MAL_Payload_F5_BIG_IP_Exploitations_Jul20_1 : CVE_2020_5902
date = "2020-06-07"
modified = "2023-12-05"
reference = "https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_f5_bigip_expl_payloads.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_f5_bigip_expl_payloads.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a3651081bb09452d80cba9f673a7b61c8ee2f47a12fb64d975eb63867688ee3b"
score = 75
quality = 85
@@ -322935,8 +323347,8 @@ rule SIGNATURE_BASE_APT_Area1_SSF_Plugx
date = "2018-12-19"
modified = "2023-12-05"
reference = "https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_area1_phishing_diplomacy.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_area1_phishing_diplomacy.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a71f124f0c89c4b020f21d029d0d2997b2bea71526e83bcadffb67acc9cca8f7"
score = 75
quality = 85
@@ -322971,8 +323383,8 @@ rule SIGNATURE_BASE_APT_Area1_SSF_Googlesend_Strings : FILE
date = "2018-12-19"
modified = "2023-12-05"
reference = "https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_area1_phishing_diplomacy.yar#L29-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_area1_phishing_diplomacy.yar#L29-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3a373ed63494b67883515c133bf5b0af3ab874397c7cb45c8399f12e35212be4"
score = 75
quality = 85
@@ -322999,8 +323411,8 @@ rule SIGNATURE_BASE_Neuron_Common_Strings : FILE
date = "2017-11-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/turla-group-malware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_neuron.yar#L9-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_neuron.yar#L9-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d1d7a96fcadc137e80ad866c838502713db9cdfe59939342b8e3beacf9c7fe29"
logic_hash = "5f7a704fa0b6892b40868689c876e2f8252bb7319424212454408cbdf66f0b9f"
score = 75
@@ -323032,8 +323444,8 @@ rule SIGNATURE_BASE_Nautilus_Forensic_Artificats
date = "2017-11-23"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/turla-group-malware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_neuron.yar#L98-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_neuron.yar#L98-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "17ae559a4640636f1285c7078a4366954d5a41c098419db32315e354f0ae619d"
score = 60
quality = 85
@@ -323069,8 +323481,8 @@ rule SIGNATURE_BASE_HTA_With_Wscript_Shell
date = "2017-06-21"
modified = "2023-12-05"
reference = "https://twitter.com/msftmmpc/status/877396932758560768"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_hta_anomalies.yar#L11-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_hta_anomalies.yar#L11-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ce2728fbd3023a6b96291cdb63f30dc9b71e5fc506f8b00ad97e3062b103478"
score = 80
quality = 85
@@ -323094,8 +323506,8 @@ rule SIGNATURE_BASE_HTA_Embedded
date = "2017-06-21"
modified = "2023-12-05"
reference = "https://twitter.com/msftmmpc/status/877396932758560768"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_hta_anomalies.yar#L28-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_hta_anomalies.yar#L28-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "843f0ad5e39e5492db8ff7372f6d2038e7dbb7823ec9b33f863ab891a108b1ec"
score = 50
quality = 85
@@ -323118,8 +323530,8 @@ rule SIGNATURE_BASE_Base64_PS1_Shellcode
date = "2018-11-14"
modified = "2023-12-05"
reference = "https://twitter.com/ItsReallyNick/status/1062601684566843392"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_ps1_shellcode.yar#L1-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_ps1_shellcode.yar#L1-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fac6f41965eb2209f1552763800d6a2b172f28cd29bb7586d180654aab1e6d56"
score = 65
quality = 85
@@ -323142,8 +323554,8 @@ rule SIGNATURE_BASE_MAL_Xbash_PY_Sep18 : FILE
date = "2018-09-18"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_xbash.yar#L13-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_xbash.yar#L13-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d686c42e6bf440507735f846463f2df5fbf4f7bd5f5656883655a5278a1fc252"
score = 75
quality = 85
@@ -323165,8 +323577,8 @@ rule SIGNATURE_BASE_MAL_Xbash_SH_Sep18 : FILE
date = "2018-09-18"
modified = "2023-01-06"
reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_xbash.yar#L27-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_xbash.yar#L27-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b48cbd64002025d861e2fd381be5a68efd7f6fc5fd239850c940f887e2b01673"
score = 75
quality = 85
@@ -323196,8 +323608,8 @@ rule SIGNATURE_BASE_MAL_Xbash_JS_Sep18 : FILE
date = "2018-09-18"
modified = "2023-01-06"
reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_xbash.yar#L50-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_xbash.yar#L50-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cf2f9006e0ab07f6ff1a0ce4946af34468f7c74143c853c5d77c6db725bb590a"
score = 75
quality = 85
@@ -323222,8 +323634,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Jan22_1 : FILE
date = "2022-01-16"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_wiper_whispergate.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_wiper_whispergate.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "72eb50a70b3f2fbb232134ef4706dbb15bdb5893fe06d899bff3b7aacdfadd30"
score = 85
quality = 85
@@ -323250,8 +323662,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Jan22_2 : FILE
date = "2022-01-16"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_wiper_whispergate.yar#L25-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_wiper_whispergate.yar#L25-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87a03e95bc1c33d1b3343ec7369c516bb15791943fbb122de11867ad4bddd565"
score = 90
quality = 85
@@ -323286,8 +323698,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Stage3_Jan22 : FILE
date = "2022-01-16"
modified = "2023-12-05"
reference = "https://twitter.com/juanandres_gs/status/1482827018404257792"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_wiper_whispergate.yar#L59-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_wiper_whispergate.yar#L59-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b06536b6a6eebd5fb398ba2617bf68a5b2c4b0035766b3cd0fc03d95019891ec"
score = 75
quality = 85
@@ -323310,8 +323722,8 @@ rule SIGNATURE_BASE_MAL_OBFUSC_Unknown_Jan22_1 : FILE
date = "2022-01-16"
modified = "2023-12-05"
reference = "https://twitter.com/juanandres_gs/status/1482827018404257792"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_wiper_whispergate.yar#L76-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_wiper_whispergate.yar#L76-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26a295d3b78c3a33d776a648aa0f410ac7cb5021ad9d3b294ff9629d6ba7132a"
score = 75
quality = 85
@@ -323343,8 +323755,8 @@ rule SIGNATURE_BASE_MAL_Unknown_Discord_Characteristics_Jan22_1 : FILE
date = "2022-01-16"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_wiper_whispergate.yar#L103-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_wiper_whispergate.yar#L103-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f9cf4a15be0ab35a0d0f0c9b1a191f623f905c8fc9da651872de7c025a27a806"
score = 75
quality = 85
@@ -323368,8 +323780,8 @@ rule SIGNATURE_BASE_MAL_Cryprat_Jan19_1 : FILE
date = "2019-01-07"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_cryp_rat.yar#L3-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_cryp_rat.yar#L3-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "69f8a581bae1a2c411e09e8fe01a979645ef897038af868d8e9f2a2ce9188080"
score = 90
quality = 85
@@ -323391,8 +323803,8 @@ rule SIGNATURE_BASE_XMRIG_Monero_Miner : HIGHVOL FILE
date = "2018-01-04"
modified = "2022-11-10"
reference = "https://github.com/xmrig/xmrig/releases"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_xmrig_monero_miner.yar#L11-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_xmrig_monero_miner.yar#L11-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "532e602dfc8e44326e381d0e2a189b60bc4d4f2b310169767b2326e01606a542"
score = 75
quality = 85
@@ -323422,8 +323834,8 @@ rule SIGNATURE_BASE_XMRIG_Monero_Miner_Config : FILE
date = "2018-01-04"
modified = "2023-12-05"
reference = "https://github.com/xmrig/xmrig/releases"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_xmrig_monero_miner.yar#L35-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_xmrig_monero_miner.yar#L35-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5df14af366cdb0a5bf6fd88b50876fd78abfe0b795cf10af8fab0d23a54f700f"
score = 75
quality = 85
@@ -323449,8 +323861,8 @@ rule SIGNATURE_BASE_PUA_LNX_XMRIG_Cryptominer : FILE
date = "2018-06-28"
modified = "2023-01-06"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_xmrig_monero_miner.yar#L53-L70"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_xmrig_monero_miner.yar#L53-L70"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "501bc5b2d38882f48d1ef972dbbd379afb89f2e7c9bf69192c7bee2e19384816"
score = 75
quality = 85
@@ -323476,8 +323888,8 @@ rule SIGNATURE_BASE_SUSP_XMRIG_String : FILE
date = "2018-12-28"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_xmrig_monero_miner.yar#L72-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_xmrig_monero_miner.yar#L72-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d2c3145c50939e7f407125f7b9312161724b7b1a6fcbf7e27d049e49e982c7e9"
score = 65
quality = 85
@@ -323499,8 +323911,8 @@ rule SIGNATURE_BASE_Dropper_Deploysmalwareviasideloading
date = "2017-04-28"
modified = "2024-04-17"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uscert_ta17-1117a.yar#L9-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uscert_ta17-1117a.yar#L9-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51d8a0785bc25cf02460b9b7490ccba3d67806c953e6aa3d3882341ce11857fa"
score = 75
quality = 85
@@ -323523,8 +323935,8 @@ rule SIGNATURE_BASE_REDLEAVES_Droppedfile_Implantloader_Starburn
date = "2017-04-28"
modified = "2024-04-17"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uscert_ta17-1117a.yar#L23-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uscert_ta17-1117a.yar#L23-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ebfdaf363ac80bc9bace3056ff86efd9c1b246c6f60373a82df4a0db901a6e3"
score = 75
quality = 85
@@ -323546,8 +323958,8 @@ rule SIGNATURE_BASE_REDLEAVES_Droppedfile_Obfuscatedshellcodeandrat_Handkerchief
date = "2017-04-28"
modified = "2024-04-17"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uscert_ta17-1117a.yar#L36-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uscert_ta17-1117a.yar#L36-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f91bd1ddd6691a0a5b6ebc6a28d35bb5b2e6c00754f07e58ffb01e06ad590ae3"
score = 75
quality = 83
@@ -323569,8 +323981,8 @@ rule SIGNATURE_BASE_REDLEAVES_Coreimplant_Uniquestrings : FILE
date = "2018-12-20"
modified = "2024-04-17"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uscert_ta17-1117a.yar#L49-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uscert_ta17-1117a.yar#L49-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ce6ab0f4007f3ea3c31442cab702ad3579faa6835d5ee9b4c03516ce0499bf3e"
score = 75
quality = 81
@@ -323594,8 +324006,8 @@ rule SIGNATURE_BASE_PLUGX_Redleaves
date = "2017-04-03"
modified = "2024-04-17"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uscert_ta17-1117a.yar#L66-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uscert_ta17-1117a.yar#L66-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c52110eb18dcdb7a0d4b8c42f22368acdd1bce44a192abcd71a20bee2705475"
score = 75
quality = 85
@@ -323631,8 +324043,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Local_URL : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e95e5e97760d9b565184c588fdafe8408cdab61959aee5221485df53ef5f51d6"
score = 50
quality = 85
@@ -323655,8 +324067,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_SMB_URL : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L21-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L21-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e0bef7497fcb284edb0c65b59d511830"
logic_hash = "4903c8f4bb08e799f6787ad29cf7688f354f97a065bcd24c58d3ccd3778a6a15"
score = 50
@@ -323680,8 +324092,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Iconremote_Smborlocal : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/ItsReallyNick/status/1176241449148588032"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L61-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L61-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8c49908c7f52ebcd512ff2dc8c40392767769130b9d39abb9d5fc9e130edb65c"
score = 50
quality = 85
@@ -323704,8 +324116,8 @@ rule SIGNATURE_BASE_Methodology_Shortcut_Hotkey : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L80-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L80-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a48f7c1125218ee89f58f1517e81150038a5d71889d847e7690b13c818b32fb5"
score = 50
quality = 85
@@ -323728,8 +324140,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Baseurlsyntax : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L99-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L99-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4aa29bedb5689fe16c067f5ea933e56804085712c7469b138d8b658a30a7eb67"
score = 50
quality = 85
@@ -323753,11 +324165,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Iconnotfromexeordllorico : F
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/ItsReallyNick/status/1176229087196696577"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L161-L179"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L161-L179"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "957fe9f24d08033cf6e29d7e202e04bfb579577d3850a99e97da6b70924ae88e"
score = 50
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -323778,11 +324190,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Evasion : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/DissectMalware/status/1176736510856634368"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L181-L198"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L181-L198"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c4fafae6af3ed5cc2e83e30427107d1c42cc4bc86d5c6a60e26953a11847029f"
score = 50
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -323802,11 +324214,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Lolcommand : FILE
date = "2019-09-27"
modified = "2021-02-14"
reference = "https://twitter.com/ItsReallyNick/status/1176601500069576704"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L201-L219"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L201-L219"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4ac9a555e61303a173443de2a189536c8ea0fc32ee73c589dd104275c7967c57"
score = 50
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -323826,8 +324238,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Webdav : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176243536754282497"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L222-L239"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L222-L239"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4fec084392140245eeb25bb512f3a4631ec6be08c197ec130a907fc118161197"
score = 50
quality = 85
@@ -323850,11 +324262,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Scripturl : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L241-L259"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L241-L259"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ece0013dbc9836fa800f99a10ab46c1eb081e1c04fe45fe17be26ffac1d464e9"
score = 50
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -323874,8 +324286,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Workingdirremote_HTTP : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L261-L278"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L261-L278"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c7c23c1253bf089519dec5f141f486425c6804640d9bffac9ce4c986ce25d323"
score = 50
quality = 85
@@ -323898,8 +324310,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Workingdirremote_SMB : FILE
date = "2019-09-27"
modified = "2023-12-05"
reference = "https://twitter.com/cglyer/status/1176184798248919044"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_persitence.yar#L280-L297"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_persitence.yar#L280-L297"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d9caa64ac730d34a2dcfb3368f8302849275b6ee16fe31f20978d72382b0d73"
score = 50
quality = 85
@@ -323922,8 +324334,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_A : FILE
date = "2014-11-23"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L14-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L14-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1cc367dff184f2b458a2b7c0c88a44095714525ca6bb115d03e6331cf1f22116"
score = 75
quality = 85
@@ -323958,8 +324370,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_B : FILE
date = "2014-11-23"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L43-L94"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L43-L94"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c2dee4f94f9eefb1c11f6e86144c6bfafc0845768200f5a839ffe3dd5d38294d"
score = 75
quality = 83
@@ -324013,8 +324425,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_C : FILE
date = "2014-11-23"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L96-L122"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L96-L122"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9454eb8b45a720fbe517caa2221fb0ceedf561902d94cabe513e921cc52fe035"
score = 75
quality = 85
@@ -324045,8 +324457,8 @@ rule SIGNATURE_BASE_Regin_Sig_Svcsstat : FILE
date = "2014-11-26"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L126-L143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L126-L143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5164edc1d54f10b7cb00a266a1b52c623ab005e2"
logic_hash = "2b1fdc2cc8c0aedaf749ee0e87a8853b91735a4e215c65df221a930d4b1d02f7"
score = 75
@@ -324074,8 +324486,8 @@ rule SIGNATURE_BASE_Regin_Sample_1 : FILE
date = "2014-11-25"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L145-L174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L145-L174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "773d7fab06807b5b1bc2d74fa80343e83593caf2"
logic_hash = "e8291b4a68924dccdd825ee2cc8930acb794e92e0302598872ec78eb0bf8504f"
score = 70
@@ -324113,8 +324525,8 @@ rule SIGNATURE_BASE_Regin_Sample_2 : FILE
date = "2014-11-26"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L176-L203"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L176-L203"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a7b285d4b896b66fce0ebfcd15db53b3a74a0400"
logic_hash = "a11d03d10661c1fc094450b250056196e5d8d16bd171eba9e37c7524aa2301d2"
score = 75
@@ -324152,8 +324564,8 @@ rule SIGNATURE_BASE_Regin_Sample_3 : FILE
date = "2014-11-27"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L205-L230"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L205-L230"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129"
logic_hash = "5a0f77f203765f7737c00c3df760ea7f3ed354559aad07f3053173ff09e1ce1a"
score = 75
@@ -324188,8 +324600,8 @@ rule SIGNATURE_BASE_Regin_Sample_Set_2 : FILE
date = "2014-11-26"
modified = "2024-04-24"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L232-L264"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L232-L264"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26125cea704532cbc22df46af228299ae810bce60938bee7b067ed273158d76f"
score = 75
quality = 83
@@ -324232,8 +324644,8 @@ rule SIGNATURE_BASE_Regin_Sample_Set_1 : FILE
date = "2014-11-27"
modified = "2023-01-06"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L266-L296"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L266-L296"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7402f409e7dd3180d8e6fe017af19d0a1d0dd86f85279191db1bc8f6c94951ac"
score = 75
quality = 85
@@ -324272,8 +324684,8 @@ rule SIGNATURE_BASE_Apt_Regin_Legspin : FILE
date = "2023-01-27"
modified = "2024-04-24"
reference = "https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L298-L319"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L298-L319"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "29105f46e4d33f66fee346cfd099d1cc"
logic_hash = "1b026f475fdbb3c97f33895520844fa4944eb2fffc0883502a6cb79162bbd388"
score = 75
@@ -324304,8 +324716,8 @@ rule SIGNATURE_BASE_Apt_Regin_Hopscotch : FILE
date = "2023-01-27"
modified = "2024-04-24"
reference = "https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L321-L342"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L321-L342"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6c34031d7a5fc2b091b623981a8ae61c"
logic_hash = "33b5fa61aaa802a60f3d42d59eb474222841a8a557b06b23a9e325e922e2cec1"
score = 75
@@ -324335,8 +324747,8 @@ rule SIGNATURE_BASE_Regin_Related_Malware
date = "2015-06-03"
modified = "2024-04-24"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/spy_regin_fiveeyes.yar#L344-L367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/spy_regin_fiveeyes.yar#L344-L367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "76c355bfeb859a347e38da89e3d30a6ff1f94229"
logic_hash = "61ce7a69ab357740158e355455362a4f5fddc67ee60af120733f509e7407216f"
score = 70
@@ -324367,8 +324779,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Embedded_Mar21_1 : FILE
date = "2021-03-05"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4a8b4cea6f53dad9771cb694ec55f305f04dfdbd8e663154cad672ca414c138c"
score = 85
quality = 85
@@ -324391,8 +324803,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_HAFNIUM_Secchecker_Mar21_1 : FILE
date = "2021-03-05"
modified = "2023-12-05"
reference = "https://twitter.com/markus_neis/status/1367794681237667840"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L18-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L18-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e0e4df860bdde7d5c277f596535c493d926095be6f46f6ba41b6177afbfc5cd9"
score = 75
quality = 85
@@ -324415,8 +324827,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensic_Artefacts_Mar21_1
date = "2021-03-02"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L35-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L35-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb86595956092506c2e29373faaf39a3987f9feed36a53b191bedd498db05cbb"
score = 75
quality = 85
@@ -324439,8 +324851,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_HAFNIUM_Chopper_Webshell : APT HAFNIUM WEBSHELL
date = "2021-03-05"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L50-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L50-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c185a8da2a18fa59a8eeb36dbd95ba12c9c61717efc5f2d19d2d5b27ee243f2b"
score = 75
quality = 85
@@ -324464,8 +324876,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_Tiny_Webshell : APT HAFNIUM WEBSHELL FILE
date = "2021-03-05"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L67-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L67-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "099c8625c58b315b6c11f5baeb859f4c"
logic_hash = "9309f9b57353b6fe292048d00794699a8637a3e6e429c562fb36c7e459003a3b"
score = 75
@@ -324489,8 +324901,8 @@ rule SIGNATURE_BASE_HKTL_PS1_Powercat_Mar21 : FILE
date = "2021-03-02"
modified = "2023-12-05"
reference = "https://github.com/besimorhino/powercat"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L84-L103"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L84-L103"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbd5c6f7c5b4ed713482588ee4490a2326fe11cfaacfb3bfc6a6d94130a8bc83"
score = 75
quality = 85
@@ -324516,8 +324928,8 @@ rule SIGNATURE_BASE_HKTL_Nishang_PS1_Invoke_Powershelltcponeline
date = "2021-03-03"
modified = "2023-12-05"
reference = "https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L105-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L105-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "59622bff95de1077d26ee4547f37cd1045c0c1fc6817df40ff2564b33a962a07"
score = 75
quality = 85
@@ -324541,8 +324953,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Simpleseesharp : WEBSHELL UNCLASSIFIED FILE
date = "2021-03-01"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L121-L136"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L121-L136"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "893cd3583b49cb706b3e55ecb2ed0757b977a21f5c72e041392d1256f31166e2"
logic_hash = "6f62249a68bae94e5cbdb4319ea5cde9dc071ec7a4760df3aafe78bc1e072c30"
score = 75
@@ -324565,8 +324977,8 @@ rule SIGNATURE_BASE_WEBSHELL_CVE_2021_27065_Webshells : CVE_2021_27065 FILE
date = "2021-03-05"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L182-L200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L182-L200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71795ba67bc8a4cea06b93da34b6291029ff74b200e37eb66f6ac51a6ff194cd"
score = 75
quality = 61
@@ -324594,8 +325006,8 @@ rule SIGNATURE_BASE_APT_MAL_ASPX_HAFNIUM_Chopper_Mar21_3 : FILE
date = "2021-03-07"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L202-L216"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L202-L216"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "391b366d78c2f24dc006a5365ec232a9a3c2fe0ea514b18897701ceeffcc81ca"
score = 85
quality = 85
@@ -324617,8 +325029,8 @@ rule SIGNATURE_BASE_APT_MAL_ASPX_HAFNIUM_Chopper_Mar21_4 : FILE
date = "2021-03-07"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L218-L233"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L218-L233"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "933ab74a0e30e2a728444d491c9eb0ff134db05d905aeb48efe3ba65674a3730"
score = 85
quality = 79
@@ -324641,8 +325053,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensicartefacts_WER_Mar21_1 : CVE_2021_26857 F
date = "2021-03-07"
modified = "2023-12-05"
reference = "https://twitter.com/cyb3rops/status/1368471533048446976"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L235-L250"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L235-L250"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2e135cb47f9fb5ca19ee1058fa6b4f39c098d2dfbab69bc19e80412ab695f126"
score = 40
quality = 85
@@ -324664,8 +325076,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensicartefacts_Cab_Recon_Mar21_1 : FILE
date = "2021-03-11"
modified = "2023-12-05"
reference = "https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289/3?u=dstepanic"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L252-L273"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L252-L273"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "de3acb2d01ad14d73263af9e62ef7c715cde259e3f2fbbcbbb41d55589c3f0ab"
score = 70
quality = 85
@@ -324689,11 +325101,11 @@ rule SIGNATURE_BASE_WEBSHELL_Compiled_Webshell_Mar2021_1 : FILE
date = "2021-03-05"
modified = "2021-03-12"
reference = "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L275-L295"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L275-L295"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d2e5f91f7bb50984c491eb9632d3863febc986760e4d03c8255872887ce4dc4a"
score = 75
- quality = 56
+ quality = 81
tags = "FILE"
strings:
@@ -324719,8 +325131,8 @@ rule SIGNATURE_BASE_APT_MAL_ASP_DLL_HAFNIUM_Mar21_1 : FILE
date = "2021-03-05"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L297-L325"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L297-L325"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4a3f9c7029e67647823a13079655b24648f5e4a7e238439b7a933b19477c20c"
score = 65
quality = 85
@@ -324753,8 +325165,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Fileexplorer_Mar21_1 : FILE
date = "2021-03-31"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L363-L397"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L363-L397"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b4ffd222b38e76455fff2650b72bdcaff281323103f342b427013cd3fffdc21"
score = 80
quality = 85
@@ -324794,8 +325206,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Chopper_Like_Mar21_1 : FILE
date = "2021-03-31"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hafnium.yar#L399-L416"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hafnium.yar#L399-L416"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "baa9eb1e3c4ac5ce49d27b1c3f75c8b6590567e25d98761a8b704478f2cee970"
score = 85
quality = 85
@@ -324821,8 +325233,8 @@ rule SIGNATURE_BASE_Silence_Malware_1 : FILE
date = "2017-11-01"
modified = "2023-12-05"
reference = "https://securelist.com/the-silence/83009/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_silence.yar#L13-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_silence.yar#L13-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b88795268c080fe19f7e185d1542b520616fe6c00bae23a99981aa1ee8abacb3"
score = 75
quality = 85
@@ -324853,8 +325265,8 @@ rule SIGNATURE_BASE_Silence_Malware_2 : FILE
date = "2017-11-01"
modified = "2023-12-05"
reference = "https://securelist.com/the-silence/83009/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_silence.yar#L40-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_silence.yar#L40-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8cb6320eac984b7a332c1c84582a7ca7e90d409e518106c4e7655948f6863889"
score = 75
quality = 85
@@ -324884,8 +325296,8 @@ rule SIGNATURE_BASE_SUSP_ENV_Folder_Root_File_Jan23_1 : SCRIPT FILE
date = "2023-01-11"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_indicators.yar#L3-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_indicators.yar#L3-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5355ae567e6255e22f566bae9fe50f4995bafba07c261461d37d5b8ba200d33a"
score = 70
quality = 83
@@ -324910,8 +325322,8 @@ rule SIGNATURE_BASE_ATM_Malware_XFSADM_1 : FILE
date = "2019-06-21"
modified = "2023-12-05"
reference = "https://twitter.com/r3c0nst/status/1149043362244308992"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_atm_xfsadm.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_atm_xfsadm.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f2c1761407c5e499be43e546badd27428821f828a470fd3e3dcddd08db04aaa5"
score = 75
quality = 85
@@ -324943,8 +325355,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Kobalos : FILE
date = "2020-11-02"
modified = "2023-12-05"
reference = "https://github.com/eset/malware-ioc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lnx_kobalos.yar#L32-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lnx_kobalos.yar#L32-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "48aec47b70633d4c8cb55d90a2e168f3c2027ef27cfe1cd5d30dcdc08a2ff717"
score = 75
quality = 85
@@ -324975,8 +325387,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Kobalos_SSH_Credential_Stealer : FILE
date = "2020-11-02"
modified = "2023-12-05"
reference = "https://github.com/eset/malware-ioc/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lnx_kobalos.yar#L59-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lnx_kobalos.yar#L59-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fdabaea0c838e43b8716bcd102bdeebf2f08fc041b0b909333e3d9d6f94391fc"
score = 75
quality = 85
@@ -325000,8 +325412,8 @@ rule SIGNATURE_BASE_MAL_Neshta_Generic : HIGHVOL FILE
date = "2018-01-15"
modified = "2021-04-14"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_netsha.yar#L3-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_netsha.yar#L3-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "acac6f81900c60a0aacea6345a7c03a0b77dd86d5ca7ca3d102668c49595bb6b"
score = 75
quality = 85
@@ -325034,8 +325446,8 @@ rule SIGNATURE_BASE_HKTL_Buckeye_Osinfo : FILE
date = "2016-09-05"
modified = "2025-03-19"
reference = "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_buckeye.yar#L10-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_buckeye.yar#L10-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "782ae4293db0839190a9533d2c45baff92527867bfcd048ccae82611f165601b"
score = 70
quality = 85
@@ -325063,8 +325475,8 @@ rule SIGNATURE_BASE_HKTL_Remotecmd : FILE
date = "2016-09-08"
modified = "2022-12-21"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_buckeye.yar#L31-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_buckeye.yar#L31-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "873cc02674e386577e86cb9b702265c25dd24b1f203741e8628e30c191dc99e0"
score = 70
quality = 85
@@ -325092,8 +325504,8 @@ rule SIGNATURE_BASE_HKTL_Chromepass : FILE
date = "2016-09-08"
modified = "2025-03-10"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_buckeye.yar#L53-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_buckeye.yar#L53-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bda90d2718be5cf9ddb95b88171c937c5fad5729aa1717a13a34a8b48dd1865c"
score = 75
quality = 85
@@ -325124,8 +325536,8 @@ rule SIGNATURE_BASE_Waterbear_1_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L11-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L11-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f1d5bd0c9f85dd90217bdbd7e44100bcfbf77839f83416ad17121713c189b9fd"
score = 75
quality = 85
@@ -325149,8 +325561,8 @@ rule SIGNATURE_BASE_Waterbear_2_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L27-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L27-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec0b8d7313f925adafb7f03c8b7fd12c0176b75c74c642eeee900e911e0662a7"
score = 75
quality = 85
@@ -325176,8 +325588,8 @@ rule SIGNATURE_BASE_Waterbear_4_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L45-L68"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L45-L68"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46c43dbdcbc183995a8cd00c9888afcdd3adb9f3caf38ed42a0af1e7df39715f"
score = 75
quality = 85
@@ -325209,8 +325621,8 @@ rule SIGNATURE_BASE_Waterbear_5_Jun17 : FILE
date = "2017-06-23"
modified = "2023-01-07"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L70-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L70-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a1572db08242fffadedbfb89f3652b2eb93c910f3b61f9db0622bc18d069827c"
score = 75
quality = 85
@@ -325238,8 +325650,8 @@ rule SIGNATURE_BASE_Waterbear_6_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L92-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L92-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "af5c2a29e0a62c54e706492ae85b9786a6d9e5f42fe4d9c43693576e1a63b825"
score = 75
quality = 85
@@ -325263,8 +325675,8 @@ rule SIGNATURE_BASE_Waterbear_7_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L108-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L108-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6a760abca78e799b194864ad56457ccb0b05123307da6bfcad0c66da47f485a1"
score = 75
quality = 85
@@ -325291,8 +325703,8 @@ rule SIGNATURE_BASE_Waterbear_8_Jun17 : FILE
date = "2017-06-23"
modified = "2023-01-07"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L127-L145"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L127-L145"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b1dfe486ea141342f253963ce6cc1e73d063ce880cf2fcee1aaa6aa6e919349"
score = 75
quality = 85
@@ -325319,8 +325731,8 @@ rule SIGNATURE_BASE_Waterbear_9_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L147-L166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L147-L166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b54f3032b31c5a48e879e49bd97adf3222db46a7789afc4ea2f5eca32536a2e4"
score = 75
quality = 85
@@ -325347,8 +325759,8 @@ rule SIGNATURE_BASE_Waterbear_10_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L168-L182"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L168-L182"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e71a317f782b73c876f0cb5fee25b69d8f1c45c20c58e4f204b7aeb7484cf14"
score = 75
quality = 85
@@ -325372,8 +325784,8 @@ rule SIGNATURE_BASE_Waterbear_11_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L185-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L185-L201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ea61c348847614ad2872bfd385f433c5a30c7f6b5f5a2f135a7d83c553157ccd"
score = 75
quality = 85
@@ -325399,8 +325811,8 @@ rule SIGNATURE_BASE_Waterbear_12_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L203-L217"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L203-L217"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "343e6f36190372cd5599a84834edc3935d27a1e01aeab53c5765598b5b4071fe"
score = 75
quality = 85
@@ -325424,8 +325836,8 @@ rule SIGNATURE_BASE_Waterbear_13_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L219-L243"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L219-L243"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b34c3d643309b8bbaa122a753e7f58dd9340cfa33962dbab1454c8080afd1664"
score = 75
quality = 85
@@ -325459,8 +325871,8 @@ rule SIGNATURE_BASE_Waterbear_14_Jun17 : FILE
date = "2017-06-23"
modified = "2023-12-05"
reference = "https://goo.gl/L9g9eR"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_waterbear.yar#L245-L261"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_waterbear.yar#L245-L261"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ebe46590556e8eba2eef1c007549f6141c917bab97d46a0d58eca56257e24e2"
score = 75
quality = 85
@@ -325486,8 +325898,8 @@ rule SIGNATURE_BASE_APT_MAL_HP_Ilo_Firmware_Dec21_1 : FILE
date = "2021-12-28"
modified = "2023-12-05"
reference = "https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mal_ilo_board_elf.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mal_ilo_board_elf.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e959d07d864a485b8cc7765f9e12869ff34747ab552e26244eb28f510d1051f"
score = 80
quality = 85
@@ -325511,8 +325923,8 @@ rule SIGNATURE_BASE_Scanbox_Malware_Generic
date = "2015-02-28"
modified = "2023-12-05"
reference = "http://goo.gl/WXUQcP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_scanbox_deeppanda.yar#L2-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_scanbox_deeppanda.yar#L2-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5f521d3f000fb39e5e3b08657e75219e93fb3bb8ffbbdbd70f471928a56bef27"
score = 75
quality = 85
@@ -325545,8 +325957,8 @@ rule SIGNATURE_BASE_Apt_Win32_Dll_Rat_1A53B0Cp32E46G0Qio7 : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_inocnation.yar#L1-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_inocnation.yar#L1-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "824997d8c8845838420f226b60de544f33a50327fa67aea472de6eaf1b6b4492"
score = 75
quality = 85
@@ -325578,8 +325990,8 @@ rule SIGNATURE_BASE_Oilrig_Strings_Oct17 : FILE
date = "2017-10-18"
modified = "2022-12-21"
reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_oct17.yar#L11-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_oct17.yar#L11-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3987fa1ccb215edeb0d36c947fd6d7a24847ea854d3f355d1aef4b000f55e710"
score = 75
quality = 85
@@ -325605,8 +326017,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples1 : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://goo.gl/JQVfFP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_oct17.yar#L42-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_oct17.yar#L42-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d7e659440e3abc7355f2e21ea8f63cfb7b17b5715e4575bdccf9d646ed47db20"
score = 75
quality = 85
@@ -325635,8 +326047,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples2 : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://goo.gl/JQVfFP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_oct17.yar#L63-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_oct17.yar#L63-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad00c7293f61f1b5528c3eea0dc32c10d40aeacc194be84a7f64d19b069f1add"
score = 75
quality = 85
@@ -325665,8 +326077,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples3 : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://goo.gl/JQVfFP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_oct17.yar#L84-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_oct17.yar#L84-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4984cf33e7b0e0dae264ed11caae6cfab9db2a6047a46ec41c28b5637b4589b"
score = 75
quality = 81
@@ -325703,8 +326115,8 @@ rule SIGNATURE_BASE_Shellcode_Apihashing_FIN8_1
date = "2021-03-16"
modified = "2023-12-05"
reference = "https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fin8.yar#L1-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fin8.yar#L1-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d47119a588aa69b3e241618d6dbb9df6117a6751bbff39a1f95340bc26611a7"
score = 75
quality = 85
@@ -325729,8 +326141,8 @@ rule SIGNATURE_BASE_PUP_Installrex_Antifwb : FILE
date = "2015-05-13"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_antifw_installrex.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_antifw_installrex.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bb5607cd2ee51f039f60e32cf7edc4e21a2d95cd"
logic_hash = "04f25497ee9a9af20179b81679d993315d6bb3d7bf7d8e9cbb01374395019610"
score = 55
@@ -325757,8 +326169,8 @@ rule SIGNATURE_BASE_MAL_Katz_Stealer_May25 : FILE
date = "2025-05-16"
modified = "2025-05-22"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_katz_stealer.yar#L1-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_katz_stealer.yar#L1-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fdc86a5b3d7df37a72c3272836f743747c47bfbc538f05af9ecf78547fa2e789"
hash = "d92bb6e47cb0a0bdbb51403528ccfe643a9329476af53b5a729f04a4d2139647"
logic_hash = "73364c2291dc792f46858dda057f08805db55fe1f1e54d6b0dee0a0c8a412259"
@@ -325786,8 +326198,8 @@ rule SIGNATURE_BASE_MAL_DLL_Chrome_App_Bound_Encryption_Decryption_May25 : FILE
date = "2025-05-19"
modified = "2025-05-22"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_katz_stealer.yar#L23-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_katz_stealer.yar#L23-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6dc8e99da68b703e86fa90a8794add87614f254f804a8d5d65927e0676107a9d"
logic_hash = "d5488728a3ee8f2f59ed9798b80d516f7f131e39b3d5099ad5168ffc8ff22718"
score = 80
@@ -325812,8 +326224,8 @@ rule SIGNATURE_BASE_SUSP_Katz_Log_May25 : FILE
date = "2025-05-20"
modified = "2025-05-22"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_katz_stealer.yar#L43-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_katz_stealer.yar#L43-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1ac196ac6393d786618c944a7ab77fb189a6b4ba00af5c0f987c3dc65876c060"
hash = "ad76e2727469525dec7e56977589dd250ca57a29b8b0d42cd5c42e536c285241"
hash = "e1a0d6929662bcbc9e5e0827cb8b6d7818088e996cf971d2a4a1c1ca4208e533"
@@ -325842,8 +326254,8 @@ rule SIGNATURE_BASE_MAL_NET_Katz_Stealer_Loader_May25
date = "2025-05-21"
modified = "2025-05-22"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_katz_stealer.yar#L65-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_katz_stealer.yar#L65-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7"
logic_hash = "1922520d8c34660a0afff2f552ef0d1c6ec093fb10a00816e0216f574b686221"
score = 80
@@ -325871,8 +326283,8 @@ rule SIGNATURE_BASE_MAL_NET_UAC_Bypass_May25 : FILE
date = "2025-05-21"
modified = "2025-05-22"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_katz_stealer.yar#L86-L103"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_katz_stealer.yar#L86-L103"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4f12c5dca2099492d0c0cd22edef841cbe8360af9be2d8e9b57c2f83d401c1a7"
hash = "fcad234dc2ad5e2d8215bcf6caac29aef62666c34564e723fa6d2eee8b6468ed"
logic_hash = "4a3f6e90af6f9a8a4dfa8e336eb8c714e5f02625ca2bf5bf8b1bca9cbda6a99e"
@@ -325897,8 +326309,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_COVID19_Apr20_1 : FILE
date = "2020-04-15"
modified = "2023-12-05"
reference = "https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_covid_ransom.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_covid_ransom.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b32ce1dff9d27c5f7541de97cd1198b0d837a69ee260b327c66a22ca6f30091"
score = 75
quality = 85
@@ -325923,8 +326335,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Suspicious_Hex_String_Jun21_1 : CRIME PE FILE
date = "2021-06-04"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_crime_unknown.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_crime_unknown.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73144b14f3aa1a1d82df7710fa47049426bfbddeef75e85c8a0a559ad6ed05a3"
score = 65
quality = 85
@@ -325950,8 +326362,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Unknown_LNK_Jun21_1 : LNK POWERSHELL FILE
date = "2021-06-04"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_crime_unknown.yar#L18-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_crime_unknown.yar#L18-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "460e764cbd9fbfa1a2156059d0042a0bea5a939d501050a733a789d236015d37"
score = 75
quality = 85
@@ -325977,8 +326389,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Unknown_ISO_Jun21_1 : ISO POWERSHELL LNK FILE
date = "2021-06-04"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_crime_unknown.yar#L35-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_crime_unknown.yar#L35-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49b61f498d3f4ee249d9687277e581a39e08ebb4e1a293170058fb5f770bde1f"
score = 75
quality = 85
@@ -326004,8 +326416,8 @@ rule SIGNATURE_BASE_ATM_Malware_Xfscashncr_1 : FILE
date = "2019-08-28"
modified = "2023-12-05"
reference = "https://twitter.com/r3c0nst/status/1166773324548063232"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_atm_xfscashncr.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_atm_xfscashncr.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "014d07115543c6e041649a1c57206a75fd555bf0458c7578a33c81b473c72751"
score = 75
quality = 85
@@ -326034,8 +326446,8 @@ rule SIGNATURE_BASE_Apt_Sofacy_Xtunnel : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_xtunnel_bundestag.yar#L3-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_xtunnel_bundestag.yar#L3-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2478d9d8996bf4a142e39eac0e2d6af718d364be080a89530812615595777efd"
score = 75
quality = 85
@@ -326071,8 +326483,8 @@ rule SIGNATURE_BASE_Winexe_Remoteexec : FILE
date = "2015-06-19"
modified = "2021-02-11"
reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_xtunnel_bundestag.yar#L26-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_xtunnel_bundestag.yar#L26-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9e944f07b43b934346c0e88685014c05ff81561ac2f7c3374b55b9c4523b98c1"
score = 70
quality = 85
@@ -326099,8 +326511,8 @@ rule SIGNATURE_BASE_Sofacy_Mal2 : FILE
date = "2015-06-19"
modified = "2023-12-05"
reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_xtunnel_bundestag.yar#L50-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_xtunnel_bundestag.yar#L50-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092"
logic_hash = "c325ed815b7de3338363d064f4097edf0596644d4ef8d642fda3664a2a16c2eb"
score = 70
@@ -326125,8 +326537,8 @@ rule SIGNATURE_BASE_Sofacy_Mal3 : FILE
date = "2015-06-19"
modified = "2023-01-06"
reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_xtunnel_bundestag.yar#L69-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_xtunnel_bundestag.yar#L69-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1"
logic_hash = "80c433cf5b3d042e46b5441a1b027c5ecf571f30571064904a33e92677633e66"
score = 70
@@ -326160,8 +326572,8 @@ rule SIGNATURE_BASE_Sofacy_Bundestag_Batch : FILE
date = "2015-06-19"
modified = "2023-12-05"
reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_xtunnel_bundestag.yar#L101-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_xtunnel_bundestag.yar#L101-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "05d6df161042a65f9eeec4be4046001a03fa61747a9ea123f13e6e75d6664ac7"
score = 70
quality = 85
@@ -326185,8 +326597,8 @@ rule SIGNATURE_BASE_COZY_FANCY_BEAR_Hunt : FILE
date = "2016-06-14"
modified = "2023-12-05"
reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fancybear_dnc.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fancybear_dnc.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9009f181eeecce0ae322ba24335426399cf4484dfc9b7ea6905fb163b4bf0a25"
score = 75
quality = 85
@@ -326214,8 +326626,8 @@ rule SIGNATURE_BASE_COZY_FANCY_BEAR_Pagemgr_Hunt : FILE
date = "2016-06-14"
modified = "2023-12-05"
reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fancybear_dnc.yar#L30-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fancybear_dnc.yar#L30-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c6055b7cd04b994c80395276e83bec664b7dd32f8093411bfde0850cca39e9f7"
score = 75
quality = 85
@@ -326237,8 +326649,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_INC_Aug24 : FILE
date = "2024-08-08"
modified = "2024-12-12"
reference = "https://twitter.com/rivitna2/status/1701739812733014313"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_inc_ransomware.yar#L1-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_inc_ransomware.yar#L1-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "335b92027c551d074015b830d137cf2fdee81d792cd7360f2499c83cc895fbbb"
score = 80
quality = 85
@@ -326270,8 +326682,8 @@ rule SIGNATURE_BASE_Sofacy_Oct17_1 : FILE
date = "2017-10-23"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_oct17_camp.yar#L13-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_oct17_camp.yar#L13-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c3620d0b347e6cc54af9e046f6b3b6515bfa23dd11225ce2720e09838708a42e"
score = 75
quality = 85
@@ -326307,8 +326719,8 @@ rule SIGNATURE_BASE_Sofacy_Oct17_2 : FILE
date = "2017-10-23"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_oct17_camp.yar#L49-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_oct17_camp.yar#L49-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c2736cf9efbb022590f4c23986531e645ac412a5b98a950b143f2d75a33e8063"
score = 75
quality = 85
@@ -326335,8 +326747,8 @@ rule SIGNATURE_BASE_MAL_RTF_Embedded_OLE_PE : FILE
date = "2018-01-22"
modified = "2023-11-25"
reference = "https://www.nextron-systems.com/2018/01/22/creating-yara-rules-detect-embedded-exe-files-ole-objects/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_strings_in_ole.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_strings_in_ole.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "054abb34ae84e02469d726809a6d8aa582ebad65dd8385de7800d3f5db7ee31c"
score = 65
quality = 85
@@ -326363,8 +326775,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Auct_Dez16_Strings : FILE
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L11-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L11-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c632d90c5b26b840b267647faf453f85496b78c900910ad22896698c553c949"
score = 60
quality = 60
@@ -326431,8 +326843,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Violetspirit
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L73-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L73-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01a45feb5c9f9cfe8834306993c53b1e53d79b89b07106ffec0c81cdebb8b71c"
score = 75
quality = 85
@@ -326455,8 +326867,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gr_Gr
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L88-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L88-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "facce45a335d7ca799d68fc26ee2bf5682cec0914502482189cd6aa496cba489"
score = 75
quality = 85
@@ -326479,8 +326891,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Yellowspirit
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L103-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L103-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "698b23cc4cc6f319ddef7a93cf7ddc83ffae1d2c2b0a9545011b51e381f8cd0c"
score = 75
quality = 85
@@ -326504,8 +326916,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Eleganteagle_Opscript_1_0_0
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L119-L132"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L119-L132"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3df5ba1a497ffe5306ed7966f25f69c30a5191e935c5638869a62b3cb2324f70"
score = 75
quality = 85
@@ -326528,8 +326940,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Opscript
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L134-L147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L134-L147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "23dd6d537a8639bd84ede141cca577dc91328bd293f96f865c7dedd9ef693ee3"
score = 75
quality = 85
@@ -326552,8 +326964,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Shentysdelight
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L149-L162"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L149-L162"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1acfb6aea7e208b7fd52325258219c162482deb4fa7ee87ddc4de0774e3e74f4"
score = 75
quality = 85
@@ -326576,8 +326988,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Epichero
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L164-L178"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L164-L178"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36dc38f2dd630f22b87e8d9130de7d40ee3cdba45597b2b667a1a9536d990aad"
score = 75
quality = 85
@@ -326601,8 +327013,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L180-L193"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L180-L193"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8135c07b8c217e81f7618d58c9c3da6585cdb9b8f7afab85bb6556c5b846ba64"
score = 75
quality = 85
@@ -326625,8 +327037,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Dubmoat
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L195-L209"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L195-L209"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "368c0a6a1db0003e3a2e4ec5e42a5b5563ea1c2cb89db1751226891e1f7181d8"
score = 75
quality = 85
@@ -326650,8 +327062,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Strifeworld
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L211-L225"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L211-L225"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2b113b042fd62109ee3ee39515fbd22f3898abf320d75f1288ea88e40b3444c0"
score = 75
quality = 85
@@ -326675,8 +327087,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Pork
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L227-L242"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L227-L242"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c3f9f90f83f3672b101e52f36012c485c29840cf0b2ced00087fb27725fd1545"
score = 75
quality = 85
@@ -326701,8 +327113,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Ebbisland
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L244-L258"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L244-L258"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a45ea3cd6aeea9299ef67ae82c9f4bf929a961695e7cce344aa1737fa4c07b0"
score = 75
quality = 85
@@ -326726,8 +327138,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Stoicsurgeon
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L260-L273"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L260-L273"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "322599ba7d5536b7f0856980a6caab86de66c02da75bf55e97bf129d08c43031"
score = 75
quality = 85
@@ -326750,8 +327162,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Elgingamble
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L275-L288"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L275-L288"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2f4dd668c59244e92ebfe0e2fc2859b2376cf1dd6fc6522e8f452787aa96365f"
score = 75
quality = 85
@@ -326774,8 +327186,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_README_Cup
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L290-L304"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L290-L304"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bd05a23ce29be88c1a459358c984e1317cf56d21e5b378624af644fb2b41931d"
score = 75
quality = 85
@@ -326799,8 +327211,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Nopen_Oneshot
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L306-L319"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L306-L319"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "19aa32aafaaccc6697bbaff642d996554eccf2261d23071cfb8599ea0eea628b"
score = 75
quality = 85
@@ -326823,8 +327235,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Earlyshovel
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L321-L334"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L321-L334"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "396810b439ac53f393ad37a8acbd7236f8325730c75c1a6339e4c6343ecade7a"
score = 75
quality = 85
@@ -326847,8 +327259,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Envisioncollision
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L336-L352"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L336-L352"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36b2a20ef3a6540a686d7f52c8c885842fd84ba7c7daa74c21e241e25826030e"
score = 75
quality = 85
@@ -326874,8 +327286,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme1
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L356-L372"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L356-L372"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "171d3df191e5c9ae4a4afc3a878cc25548238046b8c4c52dbb9ca4431aae45b0"
score = 75
quality = 85
@@ -326901,8 +327313,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme2
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L374-L389"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L374-L389"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb68c415d64d1db3d4bb0f4ad994bd050cb2287e4dc7b3ac57549f818a7914d8"
score = 75
quality = 85
@@ -326927,8 +327339,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme3
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L391-L411"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L391-L411"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "968ec80f26750ac734ad9e296b5afb35867f6c53de1e88f7c8af78daeac24b61"
score = 75
quality = 85
@@ -326958,8 +327370,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme4
date = "2016-12-17"
modified = "2023-12-05"
reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fvey_shadowbroker_dec16.yar#L413-L429"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fvey_shadowbroker_dec16.yar#L413-L429"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c19c77d7e7e26e01a9a50fd67cc0a7fd05069def878bf18726c3e115df307cb2"
score = 75
quality = 85
@@ -326985,8 +327397,8 @@ rule SIGNATURE_BASE_HKTL_NFS_Fuse_NFS
date = "2024-10-22"
modified = "2025-03-20"
reference = "https://github.com/hvs-consulting/nfs-security-tooling"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/hktl_HvS_nfs_security_tooling.yar#L1-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/hktl_HvS_nfs_security_tooling.yar#L1-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bd3714b865d77660404e5f3ed1e9c7b55aadc6f58d16761111be57597784686"
score = 75
quality = 85
@@ -327015,8 +327427,8 @@ rule SIGNATURE_BASE_HKTL_NFS_NFS_Analyze
date = "2024-10-22"
modified = "2025-03-20"
reference = "https://github.com/hvs-consulting/nfs-security-tooling"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/hktl_HvS_nfs_security_tooling.yar#L26-L53"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/hktl_HvS_nfs_security_tooling.yar#L26-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "83a9e5b5b404bf28b0334611fe4f38227212783cecea3c9996d23cb00cad42ed"
score = 75
quality = 85
@@ -327049,8 +327461,8 @@ rule SIGNATURE_BASE_FIN7_Dropper_Aug17 : FILE
date = "2017-08-04"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fin7_backdoor.yar#L12-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fin7_backdoor.yar#L12-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "610b7288e08d36858de88abac3a86dcb6ebba1c019e17fb716f5c26aa964903b"
score = 75
quality = 60
@@ -327079,8 +327491,8 @@ rule SIGNATURE_BASE_FIN7_Backdoor_Aug17 : FILE
date = "2017-08-04"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fin7_backdoor.yar#L34-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fin7_backdoor.yar#L34-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "76818317c543c1464898463741ddaf8c6368d0f5004c088a323c4323db49060c"
score = 75
quality = 85
@@ -327119,8 +327531,8 @@ rule SIGNATURE_BASE_Aptgroupx_Plugxtrojanloader_Stringdecode
date = "2016-08-17"
modified = "2023-12-05"
reference = "https://t.co/4xQ8G2mNap"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_plugx.yar#L2-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_plugx.yar#L2-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e5ab15b035bb0169864e687e5c26732dd5b8f5f184473a33e685f53699ce4acc"
score = 80
quality = 85
@@ -327164,8 +327576,8 @@ rule SIGNATURE_BASE_Powershell_Suite_Hacktools_Gen_Strings : FILE
date = "2017-12-27"
modified = "2023-12-05"
reference = "https://github.com/FuzzySecurity/PowerShell-Suite"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_suite.yar#L2-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_suite.yar#L2-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f14a0665c60e85c0cf508f46130b09e467a16270fcd1aa8d0319e17778d4d75"
score = 75
quality = 83
@@ -327219,8 +327631,8 @@ rule SIGNATURE_BASE_Powershell_Suite_Eidolon : FILE
date = "2017-12-27"
modified = "2023-12-05"
reference = "https://github.com/FuzzySecurity/PowerShell-Suite"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_suite.yar#L48-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_suite.yar#L48-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "587a9a8569801e2aa96a6f171705fdc1db5632734b54e5a9eb8282502e1efc63"
score = 75
quality = 85
@@ -327246,8 +327658,8 @@ rule SIGNATURE_BASE_WEBSHELL_Z_Webshell_2 : FILE
modified = "2023-12-05"
old_rule_name = "z_webshell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta18_074A.yar#L9-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta18_074A.yar#L9-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2c9095c965a55efc46e16b86f9b7d6c6"
logic_hash = "d41aa107e54af5d45531a46d24b24f9f14635dbcb50ed26f7c787883854f961f"
score = 75
@@ -327270,8 +327682,8 @@ rule SIGNATURE_BASE_TA18_074A_Screen : FILE
date = "2018-03-16"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA18-074A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta18_074A.yar#L34-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta18_074A.yar#L34-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e96f70e3d9c7ff5812724111788365c47e2b478a35b39771c12a3d3636a6a020"
score = 75
quality = 85
@@ -327298,8 +327710,8 @@ rule SIGNATURE_BASE_TA18_074A_Scripts : FILE
date = "2018-03-16"
modified = "2022-08-18"
reference = "https://www.us-cert.gov/ncas/alerts/TA18-074A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta18_074A.yar#L53-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta18_074A.yar#L53-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "888ddd59b388033604474fc008f830159a9a104683fb052e7497b83118cbb8aa"
score = 75
quality = 85
@@ -327322,8 +327734,8 @@ rule SIGNATURE_BASE_Git_CVE_2017_9800_Poc : CVE_2017_9800 FILE
date = "2017-08-11"
modified = "2023-12-05"
reference = "https://twitter.com/mzbat/status/895811803325898753"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_9800.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_9800.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1cfd0c5cb255d3ca63917c41c092df70d68b04f5d210a66abd5e35e509ff4beb"
score = 60
quality = 85
@@ -327347,8 +327759,8 @@ rule SIGNATURE_BASE_APT6_Malware_Sample_Gen : FILE
date = "2016-04-09"
modified = "2023-01-06"
reference = "https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt6_malware.yar#L8-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt6_malware.yar#L8-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "614a6673579630fc254d3c546161647e619df5a03ee6f21434d6cc50be1ed187"
score = 80
quality = 83
@@ -327394,8 +327806,8 @@ rule SIGNATURE_BASE_VULN_LNX_OMI_RCE_CVE_2021_386471_Sep21 : CVE_2021_38647 FILE
date = "2021-09-16"
modified = "2023-12-05"
reference = "https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_cve_2021_386471_omi.yar#L1-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_cve_2021_386471_omi.yar#L1-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99fddcf763f41a08a8ef8240d544ef67b840a1b5ae709bd7efbcbcad8268e8a5"
score = 50
quality = 85
@@ -327435,8 +327847,8 @@ rule SIGNATURE_BASE_Line_Dancer
date = "2024-04-24"
modified = "2024-04-29"
reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cisco_asa_line_dancer_apr24.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cisco_asa_line_dancer_apr24.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "179e58274a792bc4a16787d251f5ad25de1271084323e62e153fa6d461e3c07e"
score = 75
quality = 85
@@ -327459,8 +327871,8 @@ rule SIGNATURE_BASE_APT_UNC4841_ESG_Barracuda_CVE_2023_2868_Forensic_Artifacts_J
date = "2023-06-15"
modified = "2023-06-16"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L2-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L2-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa7cac1e0f6cb6fa3ac271c1fff0039ff182b6859920b4eca25541457654acde"
score = 75
quality = 85
@@ -327492,8 +327904,8 @@ rule SIGNATURE_BASE_APT_MAL_UNC4841_SEASPY_Jun23_1 : CVE_2023_2868 FILE
date = "2023-06-16"
modified = "2023-12-05"
reference = "https://blog.talosintelligence.com/alchimist-offensive-framework/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L30-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L30-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c1dcb841fb872f0d5e661bfd90fca3075f5efc95b1f9dfff72fa318ed131e9d1"
score = 85
quality = 85
@@ -327523,8 +327935,8 @@ rule SIGNATURE_BASE_APT_MAL_UNC4841_SEASPY_LUA_Jun23_1 : FILE
date = "2023-06-16"
modified = "2023-12-05"
reference = "https://blog.talosintelligence.com/alchimist-offensive-framework/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L57-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L57-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f78823a4ba9e025ba4833a2d5234c7baba33c1167c0247f13b8b2baa430aa4e5"
score = 90
quality = 85
@@ -327549,8 +327961,8 @@ rule SIGNATURE_BASE_APT_HKTL_Proxy_Tool_Jun23_1 : FILE
date = "2023-06-16"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L76-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L76-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e2152e1aa74e1842519e2eecd2acd3ef8eb8d517f3c0ef9f05c983616f223c3"
score = 75
quality = 85
@@ -327575,8 +327987,8 @@ rule SIGNATURE_BASE_SUSP_Fscan_Port_Scanner_Output_Jun23 : SCRIPT FILE
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L103-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L103-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49b5055c96d7b7446ee5ae8667a5aa3645f0f98d8b5f2bffcd6ef3b20bc64e05"
score = 70
quality = 85
@@ -327599,8 +328011,8 @@ rule SIGNATURE_BASE_SUSP_PY_Shell_Spawn_Jun23_1 : SCRIPT
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L119-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L119-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "63e94447930d5a00399de753076facbfb2bf18dd8c815f01aaefd14678aea034"
score = 70
quality = 85
@@ -327621,8 +328033,8 @@ rule SIGNATURE_BASE_APT_MAL_Hunting_LUA_SEASIDE_1 : FILE
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L136-L152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L136-L152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cd2813f0260d63ad5adf0446253c2172"
logic_hash = "82b61325a78bf8ab09d426cfadceb614a256dfcafb2e1f75595de63593ed2574"
score = 70
@@ -327647,8 +328059,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Hunting_Linux_WHIRLPOOL_1 : FILE
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L154-L173"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L154-L173"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "177add288b289d43236d2dba33e65956"
logic_hash = "d03c0e292b9b97bbf76585fc74208e4263d753807b8e4a445be80d41264d5432"
score = 70
@@ -327676,8 +328088,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_SKIPJACK_1
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L175-L193"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L175-L193"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e4e86c273a2b67a605f5d4686783e0cc"
logic_hash = "8890cd9ab8190f12997e0653e43c89816df03c7bd41842e5ad21b1986819843e"
score = 70
@@ -327704,8 +328116,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_Lua_SKIPJACK_2
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L195-L212"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L195-L212"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "87847445f9524671022d70f2a812728f"
logic_hash = "093e8857c410bd30a076f87ef63d7e1e66f50e3dce75b4add67161782386ee24"
score = 70
@@ -327731,8 +328143,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_Lua_SEASPRAY_1
date = "2023-06-15"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_barracuda_esg_unc4841_jun23.yar#L213-L228"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_barracuda_esg_unc4841_jun23.yar#L213-L228"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "35cf6faf442d325961935f660e2ab5a0"
logic_hash = "856bfb47557b60f69aa1141477d6ce446ea13ebbe899022d7996ceef08bdefbb"
score = 70
@@ -327756,8 +328168,8 @@ rule SIGNATURE_BASE_SUSP_WER_Critical_Heapcorruption : FILE
date = "2019-10-18"
modified = "2023-12-05"
reference = "https://twitter.com/cyb3rops/status/1185459425710092288"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_wer_files.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_wer_files.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "efa84e375f31ca37b9dd9c7a74251929ac957b9bd530e92f74b8836f56048fea"
score = 45
quality = 85
@@ -327780,11 +328192,11 @@ rule SIGNATURE_BASE_SUSP_WER_Suspicious_Crash_Directory : FILE
date = "2019-10-18"
modified = "2023-12-05"
reference = "https://twitter.com/cyb3rops/status/1185585050059976705"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_wer_files.yar#L20-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_wer_files.yar#L20-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a197feeafca38ffe33428fa807e2b80e3071ab8960926fc2f328748bda299910"
score = 45
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -327812,8 +328224,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_1 : FILE
date = "2018-02-22"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L13-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L13-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "22d799531986c30da19943f1dda305e61a305083478549e93c0ecddeade77b39"
score = 75
quality = 85
@@ -327838,8 +328250,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_2 : FILE
date = "2018-02-22"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L32-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L32-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f1f93d3bc1c4bd55fc7558716a0a1eb7a6c4c2381a4532d37f4e3559f7c809ea"
score = 75
quality = 85
@@ -327867,8 +328279,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_3 : FILE
date = "2018-02-22"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L54-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L54-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f59c130b500625466da0c8b5bfd84051ee59a3b6261ee3d990d4c355b10672b"
score = 75
quality = 85
@@ -327896,8 +328308,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_4 : FILE
date = "2018-02-22"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L79-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L79-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4765b912258491f38c03513204d9af8bc62c37df2fe583e371cbbeff6fc12298"
score = 75
quality = 85
@@ -327918,8 +328330,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_5 : FILE
date = "2018-02-22"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L92-L103"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L92-L103"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b0366194410f36c47dd41f6a36c45edbce75e3ddad19520b17bed59513e1dbc"
score = 75
quality = 85
@@ -327939,8 +328351,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_6 : FILE
date = "2018-02-22"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L105-L127"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L105-L127"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ca6ae4313ad8f009b17188aa7184ff01a4b7e35926f3f68dc3aea12bffb9bb1"
score = 75
quality = 85
@@ -327969,8 +328381,8 @@ rule SIGNATURE_BASE_APT_Turlamosquito_MAL_Oct22_1 : FILE
date = "2022-10-25"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_mosquito.yar#L129-L156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_mosquito.yar#L129-L156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fbaca774d6398aac7c171a5d87aa456a1921c1b80449d06f392b088db33ee845"
score = 80
quality = 85
@@ -328000,8 +328412,8 @@ rule SIGNATURE_BASE_Dridex_Trojan_XML
date = "2015-03-08"
modified = "2023-12-05"
reference = "https://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_dridex_xml.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_dridex_xml.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "25b6340d782ee20723b2f17f3434a0b27b1561ab22d5a8f859e97e0ac126f651"
score = 75
quality = 85
@@ -328032,8 +328444,8 @@ rule SIGNATURE_BASE_Gen_Python_Encoded_Adware : FILE
date = "2018-03-07"
modified = "2023-01-06"
reference = "https://twitter.com/JohnLaTwC/status/949048002466914304"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_python_encoded_adware.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_python_encoded_adware.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5d7239be779367e69d2e63ffd9dc6e2a1f79c4e5c6c725e8c5e59a44c0ab2fff"
logic_hash = "256b289cfe83384c02aacf9c7e790898ba34988c9be149b39e63791c319bfc4a"
score = 75
@@ -328057,8 +328469,8 @@ rule SIGNATURE_BASE_MAL_Prolock_Malware : FILE
date = "2020-05-17"
modified = "2023-12-05"
reference = "https://raw.githubusercontent.com/fboldewin/YARA-rules/master/Prolock.Malware.yar"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_prolock.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_prolock.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da8a0ec683475019daddd4acdd00d4c36eedacad3deef2be4220b86cbf5f9df0"
score = 75
quality = 85
@@ -328085,8 +328497,8 @@ rule SIGNATURE_BASE_SUSP_PS1_JAB_Pattern_Jun22_1 : FILE
date = "2022-06-10"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_ps_jab.yar#L2-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_ps_jab.yar#L2-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ad61dca5c945ed87642668e3b834b12c813af244437903a5abb5c69459b9456"
score = 70
quality = 85
@@ -328110,8 +328522,8 @@ rule SIGNATURE_BASE_APT_Artradownloader2_Aug19_1 : FILE
date = "2019-08-27"
modified = "2023-12-05"
reference = "https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_patchwork.yar#L2-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_patchwork.yar#L2-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c365c3d678c881eeb626b5d26e6164b473990387619337459ccdd8d9f0633b49"
score = 75
quality = 85
@@ -328149,8 +328561,8 @@ rule SIGNATURE_BASE_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 : CVE_2024_47177 FILE
date = "2024-09-27"
modified = "2024-12-12"
reference = "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cups_sep24.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cups_sep24.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "633314dea5e3cbdf3cef6e4f18c2efca261dfc600bb9c11d0834fdae102ac9e6"
score = 75
quality = 85
@@ -328172,8 +328584,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 : CVE_2024_47177
date = "2024-09-27"
modified = "2024-12-12"
reference = "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cups_sep24.yar#L17-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cups_sep24.yar#L17-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2158ca8a08cb7552e2a437de025e3aad63ddc5417245e6ede7283d3bd0fc159b"
score = 65
quality = 85
@@ -328203,8 +328615,8 @@ rule SIGNATURE_BASE_Hawkeye_Keylogger_Feb18_1 : FILE
date = "2018-02-12"
modified = "2023-01-06"
reference = "https://app.any.run/tasks/ae2521dd-61aa-4bc7-b0d8-8c85ddcbfcc9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_hawkeye.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_hawkeye.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "39037ccb90b747c098fbf5a504aee4a6a716901ff5841ae328ea40d06cc3fcfd"
score = 90
quality = 85
@@ -328228,8 +328640,8 @@ rule SIGNATURE_BASE_MAL_Hawkeye_Keylogger_Gen_Dec18
date = "2018-12-10"
modified = "2023-12-05"
reference = "https://twitter.com/James_inthe_box/status/1072116224652324870"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_hawkeye.yar#L20-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_hawkeye.yar#L20-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b850f02849030d9912b7571e33e969427ac8f721d2f288ae3ac3e971c4ee4263"
score = 75
quality = 85
@@ -328254,8 +328666,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_POC_Vmware_Workspace_ONE_CVE_2022_22954_Apr22_1 :
modified = "2025-03-29"
old_rule_name = "EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22"
reference = "https://twitter.com/rwincey/status/1512241638994853891/photo/1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L2-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L2-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "20c1d55e29b777cca3cb8e92fbe45e23e6bbf972167dee8b0a012d9ff12f3841"
score = 60
quality = 85
@@ -328291,8 +328703,8 @@ rule SIGNATURE_BASE_LOG_SUSP_EXPL_POC_Vmware_Workspace_ONE_CVE_2022_22954_Apr22_
modified = "2025-03-29"
old_rule_name = "EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22"
reference = "https://twitter.com/rwincey/status/1512241638994853891/photo/1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L36-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L36-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c383f197da1e043e632c4d4de03fa7ff42e3fb6fa7824f326874446bcd13588"
score = 60
quality = 85
@@ -328316,8 +328728,8 @@ rule SIGNATURE_BASE_PUA_Anydesk_Compromised_Certificate_Revoked_Jan24 : FILE
date = "2024-02-05"
modified = "2024-04-24"
reference = "https://anydesk.com/en/public-statement"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_anydesk_compromised_cert_feb23.yar#L3-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_anydesk_compromised_cert_feb23.yar#L3-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a1f148dbf15579bd6a65e7c93fa64f00ea481d6b314a444fa924a4604adb9a6d"
score = 50
quality = 85
@@ -328336,8 +328748,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_1 : FILE
date = "2024-02-02"
modified = "2024-04-24"
reference = "https://anydesk.com/en/public-statement"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_anydesk_compromised_cert_feb23.yar#L19-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_anydesk_compromised_cert_feb23.yar#L19-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b2268b1efa09ee8578f4c1ae07617ac6bebeacd3ed50598a2fc2ec4d709baa7"
score = 75
quality = 85
@@ -328358,8 +328770,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_2 : FILE
date = "2024-02-02"
modified = "2024-04-24"
reference = "https://anydesk.com/en/public-statement"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_anydesk_compromised_cert_feb23.yar#L38-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_anydesk_compromised_cert_feb23.yar#L38-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "86f708233d5a6a46d367430dcc65b128e8dc7ec24eda774ff3860101cc16c9fc"
score = 65
quality = 85
@@ -328383,8 +328795,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_3 : FILE
date = "2024-02-02"
modified = "2024-04-24"
reference = "https://anydesk.com/en/public-statement"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_anydesk_compromised_cert_feb23.yar#L58-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_anydesk_compromised_cert_feb23.yar#L58-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fdd1068abfba52c9a40fd2b6628a5c67775eb31815e6d53bfc4655080d9b240e"
score = 75
quality = 85
@@ -328403,8 +328815,8 @@ rule SIGNATURE_BASE_APT_Tick_Sysmon_Loader_Jun18 : FILE
date = "2018-06-23"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tick_weaponized_usb.yar#L13-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tick_weaponized_usb.yar#L13-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e6256269409322a4f48bfdaafc52f5ec83602cf66f2e3b8d83ed5175e1dc506f"
score = 75
quality = 85
@@ -328435,8 +328847,8 @@ rule SIGNATURE_BASE_APT_Tick_Homamdownloader_Jun18 : FILE
date = "2018-06-23"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tick_weaponized_usb.yar#L40-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tick_weaponized_usb.yar#L40-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b4c798aa0c71f44f271e710d791c97adcbf9bd28ec87dd1d8d589029e58d1cfb"
score = 75
quality = 85
@@ -328464,8 +328876,8 @@ rule SIGNATURE_BASE_Rocketkitten_Keylogger : FILE
date = "2015-09-01"
modified = "2023-12-05"
reference = "https://goo.gl/SjQhlp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rocketkitten_keylogger.yar#L8-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rocketkitten_keylogger.yar#L8-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8523a50075c6ee9675d37d870da55d9e6193bbc770f6b916e700ab9aad438cc"
score = 75
quality = 85
@@ -328498,8 +328910,8 @@ rule SIGNATURE_BASE_SUSP_Unsigned_Googleupdate : FILE
date = "2019-08-05"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_google_anomaly.yar#L3-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_google_anomaly.yar#L3-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e333ac773927e2ed1f6aa4d6bbcb63d67bcc8d18d732a84bb68cb503469b247"
score = 60
quality = 85
@@ -328525,8 +328937,8 @@ rule SIGNATURE_BASE_EXP_Drivecrypt_1 : FILE
date = "2018-08-21"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_drivecrypt.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_drivecrypt.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1959f2e4838e40f2abc26ee16b03089088c96cafb101125bdc346f69fe76d7a4"
score = 75
quality = 85
@@ -328551,8 +328963,8 @@ rule SIGNATURE_BASE_EXP_Drivecrypt_X64Passldr : FILE
date = "2018-08-21"
modified = "2023-01-06"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_drivecrypt.yar#L19-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_drivecrypt.yar#L19-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "573cd96f7f82788a3884cd4b4d91c739a890835c3ed1b3933af48ba5756cc5a6"
score = 75
quality = 85
@@ -328580,8 +328992,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_Naikon_APT_Sample1 : FILE
date = "2015-05-14"
modified = "2023-01-06"
reference = "https://goo.gl/7vHyvh"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_naikon.yar#L2-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_naikon.yar#L2-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d5716c80cba8554eb79eecfb4aa3d99faf0435a1833ec5ef51f528146c758eba"
hash = "f5ab8e49c0778fa208baad660fe4fa40fc8a114f5f71614afbd6dcc09625cb96"
logic_hash = "e582fc3518dab2392a79909b5369c48656b6f280b915fad4befb0839ec7ce1bd"
@@ -328620,8 +329032,8 @@ rule SIGNATURE_BASE_MAL_DOC_Zloader_Oct20_1 : FILE
date = "2020-10-10"
modified = "2023-12-05"
reference = "https://twitter.com/JohnLaTwC/status/1314602421977452544"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_zloader_maldocs.yar#L2-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_zloader_maldocs.yar#L2-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f546a860361d3caff99c282465dbbd1880460c7491a1b5ad065c1b5d91e5d49"
score = 75
quality = 85
@@ -328649,8 +329061,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Sleepmask_Jul22
date = "2022-07-04"
modified = "2023-12-05"
reference = "https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cobaltstrike.yar#L3-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cobaltstrike.yar#L3-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "233b3cb441f45f400c0261589aac31dd1fcd9c4e3a86a6aaa46c60849063b34b"
score = 80
quality = 85
@@ -328671,8 +329083,8 @@ rule SIGNATURE_BASE_Winnti_Signing_Cert : FILE
date = "2015-10-10"
modified = "2025-08-11"
reference = "https://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L9-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L9-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6fd5f2808e7d683b9c4b7f5d4ccfd0eb87037eb2e70700b2c083db8c6ddf4a26"
score = 75
quality = 85
@@ -328698,8 +329110,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Nsiproxy : FILE
date = "2015-10-10"
modified = "2025-08-11"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L28-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L28-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "742b091cc630ecea995be8d022eabadef1725dbd952f66a9ca62ecdee6985733"
score = 75
quality = 85
@@ -328733,8 +329145,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Updatedll : FILE
date = "2015-10-10"
modified = "2025-08-11"
reference = "VTI research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L56-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L56-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b483e77106cc0e2f8ed2398de8b34b8246472875ad3e0612fa06cac96b7e6aa"
score = 75
quality = 85
@@ -328772,8 +329184,8 @@ rule SIGNATURE_BASE_Winnti_Malware_FWPK : FILE
date = "2015-10-10"
modified = "2023-01-06"
reference = "VTI research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L90-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L90-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6e87b06f6bf11dceb04c8eb4910f5d98ec3fe430fa984eeed8b73e99b28c5abe"
score = 75
quality = 85
@@ -328808,8 +329220,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Streamportal_Gen : FILE
date = "2015-10-10"
modified = "2025-08-11"
reference = "VTI research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L119-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L119-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "249f51b263fbcab650983d75482fd4787934731e415fcbd0e6f6925032aac690"
score = 75
quality = 85
@@ -328841,8 +329253,8 @@ rule SIGNATURE_BASE_WINNTI_Kingsoft_Moz_Confustion : FILE
date = "2018-04-13"
modified = "2025-08-11"
reference = "https://www.virustotal.com/en/file/070ee4a40852b26ec0cfd79e32176287a6b9d2b15e377281d8414550a83f6496/analysis/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L143-L159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L143-L159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ebd8465f484e1142ac741263282ea1c6f98e6bd0637ebdcec6ecc6233193407e"
score = 75
quality = 85
@@ -328861,8 +329273,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_1 : FILE
date = "2019-12-06"
modified = "2025-06-03"
reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L160-L181"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L160-L181"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ffeb40b096e5112adbb9c07b27b954424d6ef11a0a9bd736b43df9aa1e9af3e"
score = 75
quality = 85
@@ -328888,8 +329300,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_2
date = "2019-12-06"
modified = "2025-08-11"
reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L183-L206"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L183-L206"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "216557999b7100f26556f9f7088b16ba125ac39b308cb77c997d620ce9591d24"
score = 75
quality = 85
@@ -328921,8 +329333,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_3
date = "2019-12-06"
modified = "2025-08-11"
reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L208-L224"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L208-L224"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "601f8a3cba57fea46c16c36f8276631fcd22feef4ea1388a1ea35b00929b9fbb"
score = 75
quality = 85
@@ -328947,8 +329359,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_4
date = "2019-12-06"
modified = "2025-08-11"
reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L226-L240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L226-L240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "32909e915a6e602ad1e8698cf5c128c2e54670770b97f54b1414c5798c42cc00"
score = 75
quality = 85
@@ -328971,8 +329383,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_5
date = "2019-12-06"
modified = "2025-08-11"
reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L242-L269"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L242-L269"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "977d11fbb7cf4678d4da179c43d5566520ee97ac528e269a9b985e5bc75641b7"
score = 75
quality = 85
@@ -329008,8 +329420,8 @@ rule SIGNATURE_BASE_APT_CN_Group_Loader_Jan20_1
date = "2020-02-01"
modified = "2025-08-11"
reference = "https://twitter.com/VK_Intel/status/1223411369367785472?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L271-L283"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L271-L283"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "30a180ada2390ca8df4bf7883624a5a176249622b4c34ce96931fe62b09ea8e3"
score = 80
quality = 85
@@ -329030,8 +329442,8 @@ rule SIGNATURE_BASE_Winnti_Dropper_X64_Libtomcrypt_Fns : TAU CN APT
date = "2019-08-26"
modified = "2025-08-11"
reference = "https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L285-L332"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L285-L332"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "39d23f2a12a3b78182e52847e2fdb2d09386765138c37eb7f75edfc680505531"
score = 75
quality = 83
@@ -329084,8 +329496,8 @@ rule SIGNATURE_BASE_Winnti_Dropper_X86_Libtomcrypt_Fns : TAU CN APT
date = "2019-08-26"
modified = "2025-08-11"
reference = "https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti.yar#L334-L375"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti.yar#L334-L375"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "84bfe001758677ff3a0d60d98e29c33ad1525a0afb27b73df750b2131e298879"
score = 75
quality = 85
@@ -329132,8 +329544,8 @@ rule SIGNATURE_BASE_Reveal_Memorycredentials : FILE
date = "2015-08-31"
modified = "2023-12-05"
reference = "https://github.com/giMini/RWMC/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rwmc_powershell_creddump.yar#L8-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rwmc_powershell_creddump.yar#L8-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "893c26818c424d0ff549c1fbfa11429f36eecd16ee69330c442c59a82ce6adea"
logic_hash = "d740462aacd3b30d0258d018344642683fefd43ef033dd7f5bdde2bdddce4115"
score = 75
@@ -329159,8 +329571,8 @@ rule SIGNATURE_BASE_Minidumptest_Msdsc : FILE
date = "2015-08-31"
modified = "2023-12-05"
reference = "https://github.com/giMini/RWMC/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_rwmc_powershell_creddump.yar#L26-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_rwmc_powershell_creddump.yar#L26-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "477034933918c433f521ba63d2df6a27cc40a5833a78497c11fb0994d2fd46ba"
logic_hash = "ae8a28df245a8f7a2d62639789c31556b012322fcac09784595fd6f95d6bf195"
score = 50
@@ -329186,8 +329598,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tools_Back : FILE
date = "2017-07-23"
modified = "2022-12-21"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L13-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L13-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3a23491cbb24177c027695d8f677c4a72ed0404c4c38356eec4b92f2d06be2ee"
score = 75
quality = 85
@@ -329212,8 +329624,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tools_Clrlg : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L31-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L31-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "003f711ac6f2308f2bdc638da7c654686e7402db7b3837120168e5a99b774537"
score = 75
quality = 85
@@ -329237,8 +329649,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Powershell
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L47-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L47-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57d28f7b79cc14b8bbc2d7c9b2c16ab0f94a4b160cf7cb1d4641fe1c77e06811"
score = 75
quality = 85
@@ -329261,8 +329673,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Vminst : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L62-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L62-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4559c2f4de60537827d167453751a92c0030ae6ce095a2d64df777e93d4b87a"
score = 75
quality = 85
@@ -329295,8 +329707,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Windows_UM_Task
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L90-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L90-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cfc2d231b6be798172e5d7ffc525842c7eed6d78a145c401136452c46f21e3b2"
score = 75
quality = 85
@@ -329322,8 +329734,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Windowstask
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L109-L128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L109-L128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2bbcb02f34b2da3d88772d211cc7bfb669384161eec94336cdc2474144b16ae"
score = 75
quality = 85
@@ -329352,8 +329764,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tdtess : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L130-L147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L130-L147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ffd10e06b3a8f3054747443b863070e8726589fc795f816832dbf73c0c34e080"
score = 75
quality = 85
@@ -329379,8 +329791,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Silverlightmsi : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L149-L165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L149-L165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "716db8f8e7d71c7f3deaeb9ac8e141c9bf374e5dae992e8e2623070c81089953"
score = 75
quality = 85
@@ -329407,8 +329819,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Matryoshka_Injector : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L167-L189"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L167-L189"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e02d26882c85b77bd97629fce20bd027e1f5f7e28ae0c43c9ea7a4b1e5d02cd1"
score = 75
quality = 85
@@ -329433,8 +329845,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Zpp : FILE
date = "2017-07-23"
modified = "2022-12-21"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L191-L215"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L191-L215"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "32c91f8a02443a6f024acb3f941b7f11472e7f1517c54a3c7edc89ce88ba73e0"
score = 75
quality = 85
@@ -329466,8 +329878,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Netsrv_Netsrvs : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L217-L242"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L217-L242"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1506d1eddd43731c00e5f01a292589b07de5055bbdd7b1f7c2d7ac7a09b8ae58"
score = 75
quality = 85
@@ -329502,8 +329914,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Reflectiveloader : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L244-L268"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L244-L268"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9488d2e97d0ea031a138e72964a3b56781f9d05c1676ff0b360407db944e26de"
score = 75
quality = 85
@@ -329535,8 +329947,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Matryoshka_RAT : FILE
date = "2017-07-23"
modified = "2023-12-05"
reference = "http://www.clearskysec.com/tulip"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wilted_tulip.yar#L270-L289"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wilted_tulip.yar#L270-L289"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9e878d9e3dc3f2050e52a046038f4f855b5b777948d928e0bc6d7a98fc0a7119"
score = 75
quality = 85
@@ -329565,8 +329977,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_Downloader_1 : FILE
date = "2018-08-24"
modified = "2023-12-05"
reference = "https://securelist.com/operation-applejeus/87553/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_applejeus.yar#L13-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_applejeus.yar#L13-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f6bdaa8aa76da3e679094ae9759a67b5db33d0445f7204ff13e400fa6db60386"
score = 75
quality = 85
@@ -329598,8 +330010,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_1 : FILE
date = "2018-08-24"
modified = "2023-12-05"
reference = "https://securelist.com/operation-applejeus/87553/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_applejeus.yar#L39-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_applejeus.yar#L39-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "efd43e2d84ba964e7fc7e6c03eaba3dd5181c9cbe51b4a06a7a723dca95fab17"
score = 75
quality = 85
@@ -329627,8 +330039,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_2 : FILE
date = "2018-08-24"
modified = "2023-12-05"
reference = "https://securelist.com/operation-applejeus/87553/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_applejeus.yar#L62-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_applejeus.yar#L62-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "75d52ad829383392d9eb20a8308278d073d16f7624e60010356534bdc6acc81f"
score = 75
quality = 85
@@ -329656,8 +330068,8 @@ rule SIGNATURE_BASE_APT_Fallchill_RC4_Keys : FILE
date = "2018-08-21"
modified = "2023-12-05"
reference = "https://securelist.com/operation-applejeus/87553/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_applejeus.yar#L84-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_applejeus.yar#L84-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "59861618dba256996d7bbcd94a6efccdb64589fc75086bfe7d980fa51761ef97"
score = 75
quality = 85
@@ -329682,8 +330094,8 @@ rule SIGNATURE_BASE_Bytes_Used_In_AES_Key_Generation : FILE
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L9-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L9-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
logic_hash = "221f5ea0a0224a96588912e7ddfbafd20b0b10c119395ca14d1138c284d7b79e"
score = 75
@@ -329705,8 +330117,8 @@ rule SIGNATURE_BASE_Partial_Implant_ID : FILE
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L24-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L24-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
logic_hash = "d0a29bed3c19007cb08427769918b0a02d5d247211a1ceaff31aed5839c78966"
score = 75
@@ -329728,8 +330140,8 @@ rule SIGNATURE_BASE_Sleep_Timer_Choice : FILE
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L39-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L39-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
logic_hash = "5d2b656aabb113c50805d4af0faa62f579547dd4ec328ff2778fab64d778b8b9"
score = 75
@@ -329751,8 +330163,8 @@ rule SIGNATURE_BASE_User_Function_String
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L54-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L54-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
logic_hash = "04821d1d5c12b5a9aca3c5b4be9f7a7d35320ad1503ccbdadebc7710c613a976"
score = 75
@@ -329778,8 +330190,8 @@ rule SIGNATURE_BASE_Generic_Shellcode_Downloader_Specific : FILE
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L73-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L73-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b8bc0611a7fd321d2483a0a9a505251e15c22402e0cfdc62c0258af53ed3658a"
logic_hash = "9315ad03b5a28030c32fea5547db3ae421a1ebdae0b96a8a4c2f92660c41bc40"
score = 75
@@ -329805,8 +330217,8 @@ rule SIGNATURE_BASE_Batch_Script_To_Run_Psexec
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L91-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L91-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7d7c4bc8f9fd0e461425747122a431f93062358ed36ce281147998575ee1a18"
logic_hash = "9bdaa14aa535c178914f83c12b23484162f085c6fc6041d379268546ee99f462"
score = 75
@@ -329832,8 +330244,8 @@ rule SIGNATURE_BASE_Batch_Powershell_Invoke_Inveigh
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L109-L124"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L109-L124"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0a6b1b29496d4514f6485e78680ec4cd0296ef4d21862d8bf363900a4f8e3fd2"
logic_hash = "5048a180df301707622e9ad0b949da9e39d2f55f16fc43e7344a8181596a836c"
score = 75
@@ -329858,8 +330270,8 @@ rule SIGNATURE_BASE_Lnk_Detect : FILE
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L126-L149"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L126-L149"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ae8796877d70f8ddd56bac8ed474231f26d9bc8e73625e65d5d927ab804996b3"
score = 75
quality = 85
@@ -329890,8 +330302,8 @@ rule SIGNATURE_BASE_RDP_Brute_Strings
date = "2018-04-06"
modified = "2023-12-05"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L151-L174"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L151-L174"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8234bf8a1b53efd2a452780a69666d1aedcec9eb1bb714769283ccc2c2bdcc65"
logic_hash = "80c51d82a57271409d298b5175505c4234a6c3ec8a8763c93b669d1f0a8d59ba"
score = 75
@@ -329925,8 +330337,8 @@ rule SIGNATURE_BASE_WEBSHELL_Z_Webshell_1
modified = "2023-12-05"
old_rule_name = "Z_WebShell"
reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ncsc_report_04_2018.yar#L176-L192"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ncsc_report_04_2018.yar#L176-L192"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ace12552f3a980f1eed4cadb02afe1bfb851cafc8e58fb130e1329719a07dbf0"
logic_hash = "1dfc546a7493c1443527ebe74ed8cd2b06ee032b9a3f736b830e16288e616d43"
score = 75
@@ -329951,8 +330363,8 @@ rule SIGNATURE_BASE_APT_MAL_Winntilinux_Dropper_Azazelfork_May19 : AZAZEL_FORK F
date = "2019-05-15"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_linux.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_linux.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4741c2884d1ca3a40dadd3f3f61cb95a59b11f99a0f980dbadc663b85eb77a2a"
logic_hash = "0af32675dccfd0ad0c7919683fddced6ad49c65800ffa523773b7342b431379f"
score = 75
@@ -329978,8 +330390,8 @@ rule SIGNATURE_BASE_APT_MAL_Winntilinux_Main_Azazelfork_May19 : FILE
date = "2019-05-15"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_linux.yar#L18-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_linux.yar#L18-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ae9d6848f33644795a0cc3928a76ea194b99da3c10f802db22034d9f695a0c23"
logic_hash = "3ff38795179f6c32f2ff014b06ac126ae3a0de3fe7515f0e49f12f9c8ff14b43"
score = 75
@@ -330011,8 +330423,8 @@ rule SIGNATURE_BASE_Duqu2_Sample1 : FILE
date = "2016-07-02"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_duqu2.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_duqu2.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf6b60bcae2b41487ede11581c82b32e6bc912445008b1655e4f75be65cf6596"
score = 80
quality = 85
@@ -330039,8 +330451,8 @@ rule SIGNATURE_BASE_Duqu2_Sample2 : FILE
date = "2016-07-02"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_duqu2.yar#L30-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_duqu2.yar#L30-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6afd87d472929f56272eb6f28970f2c8be5eb08e6126287391aee1269de1100d"
score = 80
quality = 85
@@ -330069,8 +330481,8 @@ rule SIGNATURE_BASE_Duqu2_Sample3 : FILE
date = "2016-07-02"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_duqu2.yar#L52-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_duqu2.yar#L52-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4adaf71a4acd8ce122af0b6f1267dc34c5190efcb4a6fa3322c1e6cf67a546a5"
score = 80
quality = 85
@@ -330093,8 +330505,8 @@ rule SIGNATURE_BASE_Duqu2_Sample4 : FILE
date = "2016-07-02"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_duqu2.yar#L68-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_duqu2.yar#L68-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ddecd1d7fa007b83fe6e29ac8983d02511a89a16ab2365f8086ec92a52d4bf33"
score = 80
quality = 85
@@ -330120,8 +330532,8 @@ rule SIGNATURE_BASE_Duqu2_Uas : FILE
date = "2016-07-02"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_duqu2.yar#L86-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_duqu2.yar#L86-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8bf27ca851c580080514dfa886c0d7c69ac114efb5dbc35ccd1e7686c3dd44b1"
score = 80
quality = 85
@@ -330148,8 +330560,8 @@ rule SIGNATURE_BASE_Ironpanda_Dnstunclient : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L10-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L10-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a08db49e198068709b7e52f16d00a10d72b4d26562c0d82b4544f8b0fb259431"
logic_hash = "07c142f6eb11ecc8ed5f55d6b0cc7110c6268e189f3ce29215f75b7aba91a290"
score = 80
@@ -330182,8 +330594,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware1 : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L38-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L38-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a0cee5822ddf254c254a5a0b7372c9d2b46b088a254a1208cb32f5fe7eca848a"
logic_hash = "4b50a2c7f0f94b678fc560eefb217c067e934f8e7d64bc0f0d16afcccccd0d08"
score = 75
@@ -330210,8 +330622,8 @@ rule SIGNATURE_BASE_Ironpanda_Webshell_JSP : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L57-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L57-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3be95477e1d9f3877b4355cff3fbcdd3589bb7f6349fd4ba6451e1e9d32b7fa6"
logic_hash = "747ce812b156bf03f8d14ef84e7d2e8535c7c70590dfcb50ce3e957bec745efc"
score = 75
@@ -330236,8 +330648,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware_Htran : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L74-L102"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L74-L102"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7903f94730a8508e9b272b3b56899b49736740cea5037ea7dbb4e690bcaf00e7"
logic_hash = "e7312a2d0ffc247eda20cb5453538a501bde6683bf34e7f4bf2230243474ba76"
score = 75
@@ -330273,8 +330685,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware2 : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L104-L121"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L104-L121"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a89c21dd608c51c4bf0323d640f816e464578510389f9edcf04cd34090decc91"
logic_hash = "060c681e7127349464cd98f99cef6e184fbd18d2ec415dc6c95d8ac329e6fe7e"
score = 75
@@ -330301,8 +330713,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware3 : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L123-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L123-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5cd2af844e718570ae7ba9773a9075738c0b3b75c65909437c43201ce596a742"
logic_hash = "ca55fc5aa655fb221808b4c82db520cae24e0d93422293b6ed5e573b343e93ac"
score = 75
@@ -330330,8 +330742,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware4 : FILE
date = "2015-09-16"
modified = "2023-12-05"
reference = "https://goo.gl/E4qia9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger.yar#L143-L159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger.yar#L143-L159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0d6da946026154416f49df2283252d01ecfb0c41c27ef3bc79029483adc2240c"
logic_hash = "12661c8862eeb82d55a3912e0a499beb6bb19f7abe9ccfe6fa0506e6a032cfe4"
score = 75
@@ -330357,8 +330769,8 @@ rule SIGNATURE_BASE_Bitpaymer_1
date = "2019-10-30"
modified = "2023-12-05"
reference = "http://blog.morphisec.com/bitpaymer-ransomware-with-new-custom-packer-framework"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_crime_bitpaymer.yar#L1-L12"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_crime_bitpaymer.yar#L1-L12"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c236794c04f0805d4611cfaf43369eeb4d0e65d6c697e6c5e6afd321fbca629"
score = 75
quality = 85
@@ -330380,8 +330792,8 @@ rule SIGNATURE_BASE_EXPL_Keepass_CVE_2023_24055_Jan23 : CVE_2023_24055 FILE
date = "2023-01-25"
modified = "2023-12-05"
reference = "https://github.com/alt3kx/CVE-2023-24055_PoC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_keepass_cve_2023_24055.yar#L2-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_keepass_cve_2023_24055.yar#L2-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3ca00f317838819bb7fb80c9d00d94db498e1d3ef146b9af2664dae09302a86d"
score = 75
quality = 81
@@ -330407,8 +330819,8 @@ rule SIGNATURE_BASE_SUSP_Keepass_CVE_2023_24055_Jan23 : CVE_2023_24055 FILE
date = "2023-01-25"
modified = "2023-12-05"
reference = "https://github.com/alt3kx/CVE-2023-24055_PoC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_keepass_cve_2023_24055.yar#L22-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_keepass_cve_2023_24055.yar#L22-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4ed3eee86baf3dddfe423795491a5a94c02df3f4a7525efa6f2436e19197e55b"
score = 60
quality = 85
@@ -330431,8 +330843,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_SH_Esxi_Attacks_Feb23_1 : FILE
date = "2023-02-04"
modified = "2023-12-05"
reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_esxi_attacks_feb23.yar#L6-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_esxi_attacks_feb23.yar#L6-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1143ee36603f604874432ee280314a9f62ffe64e58ec5cd4eb114b7b175b365a"
score = 85
quality = 60
@@ -330458,8 +330870,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_ELF_Esxi_Attacks_Feb23_1 : FILE
date = "2023-02-04"
modified = "2023-12-05"
reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_esxi_attacks_feb23.yar#L30-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_esxi_attacks_feb23.yar#L30-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27ff018574323c10821993c30cf74de15121caa92a308fbcae4eceae954e63b6"
score = 85
quality = 85
@@ -330488,8 +330900,8 @@ rule SIGNATURE_BASE_APT_PY_Esxi_Backdoor_Dec22 : FILE
date = "2022-12-14"
modified = "2023-12-05"
reference = "https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_esxi_attacks_feb23.yar#L58-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_esxi_attacks_feb23.yar#L58-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "86b628f007720aa706c30d91e845d867ed481d1e99bcc9315c84a4e0b7b1b2a6"
score = 85
quality = 85
@@ -330511,8 +330923,8 @@ rule SIGNATURE_BASE_APT_SH_Esxi_Backdoor_Dec22 : FILE
date = "2022-12-14"
modified = "2023-12-05"
reference = "https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_esxi_attacks_feb23.yar#L73-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_esxi_attacks_feb23.yar#L73-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "155a90a6c55b99285555634d91a66fca9c7e7297f05314fa4d6ce1d84257ee11"
score = 75
quality = 85
@@ -330535,8 +330947,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_SH_Esxi_Attacks_Feb23_2 : FILE
date = "2023-02-06"
modified = "2023-12-05"
reference = "https://dev.to/xakrume/esxiargs-encryption-malware-launches-massive-attacks-against-vmware-esxi-servers-pfe"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_esxi_attacks_feb23.yar#L89-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_esxi_attacks_feb23.yar#L89-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3f240784873a0239cbf61f7f420fdd72b8992d5943ffc3d4dcad43c836569f4d"
score = 85
quality = 85
@@ -330557,8 +330969,8 @@ rule SIGNATURE_BASE_SUSP_Esxiargs_Endpoint_Conf_Aug23 : FILE
date = "2023-08-04"
modified = "2023-12-05"
reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-47"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_esxi_attacks_feb23.yar#L103-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_esxi_attacks_feb23.yar#L103-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "794d460eec0e2f0b48e6ced94b125a1e48acde6be6281866e0b4a2ae6c2d3b51"
score = 75
quality = 85
@@ -330583,8 +330995,8 @@ rule SIGNATURE_BASE_SUSP_Scheduled_Task_Java_JAR_Aug25 : FILE
date = "2025-08-07"
modified = "2025-08-08"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_soupdealer_java_aug25.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_soupdealer_java_aug25.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7c5999082d9c5f3dd342ca05191311ddd1e24ba7675d1e9763fb4d962be3a933"
logic_hash = "fc8e72dbc6133ca27cfd35bb952c32be3a75d0485558915f9ea49fc8fd8c5719"
score = 60
@@ -330610,8 +331022,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Loader_Indicators_Aug25 : FILE
date = "2025-08-07"
modified = "2025-08-08"
reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_soupdealer_java_aug25.yar#L25-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_soupdealer_java_aug25.yar#L25-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac610cd6d3030f49058d5e6f059b746cf3da05ca3cdc8f2be2f5f1cfec2ff665"
score = 70
quality = 85
@@ -330635,8 +331047,8 @@ rule SIGNATURE_BASE_MAL_JAVA_Loader_Final_Jar_Aug25
date = "2025-08-07"
modified = "2025-08-08"
reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_soupdealer_java_aug25.yar#L45-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_soupdealer_java_aug25.yar#L45-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "743e7e12afd949aacbbfcfc62b13d4e65b7011ca4301b37b71bc8032f96aff20"
score = 85
quality = 85
@@ -330661,8 +331073,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Class_Allatori_Obfuscator_Aug25 : FILE
date = "2025-08-07"
modified = "2025-08-08"
reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_soupdealer_java_aug25.yar#L62-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_soupdealer_java_aug25.yar#L62-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "981ae619526e3f90618884d133d565630320419ad4b9c75737708c864fac8365"
score = 50
quality = 85
@@ -330684,8 +331096,8 @@ rule SIGNATURE_BASE_Deeppanda_Sl_Txt_Packed
date = "2015-02-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_deeppanda.yar#L3-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_deeppanda.yar#L3-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ffb1d8ea3039d3d5eb7196d27f5450cac0ea4f34"
logic_hash = "37f875dcb2c920278c2625085c97a9dcce1907198409595a10e6a3fbce767f35"
score = 75
@@ -330715,8 +331127,8 @@ rule SIGNATURE_BASE_Deeppanda_Lot1
date = "2015-02-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_deeppanda.yar#L24-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_deeppanda.yar#L24-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5d201a0fb0f4a96cefc5f73effb61acff9c818e1"
logic_hash = "92169a1288f30dc6008e1a8c9b2b700f878c90aa09634e36fea586e19657dbd1"
score = 75
@@ -330752,8 +331164,8 @@ rule SIGNATURE_BASE_Deeppanda_Htran_Exe
date = "2015-02-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_deeppanda.yar#L51-L70"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_deeppanda.yar#L51-L70"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "38e21f0b87b3052b536408fdf59185f8b3d210b9"
logic_hash = "9ac5ddc53d3d5292acb3dcf68e66bc3f6ab4b8e61a71597dd84454adc516f95d"
score = 75
@@ -330783,8 +331195,8 @@ rule SIGNATURE_BASE_Deeppanda_Trojan_Kakfum
date = "2015-02-08"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_deeppanda.yar#L72-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_deeppanda.yar#L72-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0710edea973dce6f5feccf2e7e508cd5f65aa451e0bb5aca503778ffe2363401"
score = 75
quality = 60
@@ -330813,8 +331225,8 @@ rule SIGNATURE_BASE_MAL_LNX_Redmenshen_Bpfdoor_May23_1 : FILE
date = "2023-05-11"
modified = "2023-12-05"
reference = "https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_implant_may22.yar#L3-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_implant_may22.yar#L3-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c58971a43443800256e791b4f9fe7c3221518b0050e5f2964b6c843ddb4549ac"
score = 80
quality = 85
@@ -330844,8 +331256,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_1 : FILE
date = "2022-05-05"
modified = "2023-12-05"
reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_implant_may22.yar#L45-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_implant_may22.yar#L45-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8de10beea4ef2e059b16d38fb015d6f091cc517b6f0c06b6ef6868518349994d"
score = 90
quality = 85
@@ -330883,8 +331295,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_2 : FILE
date = "2022-05-07"
modified = "2023-12-05"
reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_implant_may22.yar#L78-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_implant_may22.yar#L78-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7525c675dbba6eb480f1d28fc6db05bd9907725c291e64ee6dc2453fd42892a0"
score = 85
quality = 85
@@ -330913,8 +331325,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_3 : FILE
date = "2022-05-08"
modified = "2023-12-05"
reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_implant_may22.yar#L102-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_implant_may22.yar#L102-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "afec0bfeddf5c5c2abc1a3173f636c385437e5d7c0b68665f6274011113a6a9c"
score = 85
quality = 85
@@ -330939,8 +331351,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_Generic_May22_1 :
date = "2022-05-09"
modified = "2023-12-05"
reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_implant_may22.yar#L121-L156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_implant_may22.yar#L121-L156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57ae5f7dc1d202fe66d6626ef2bf2278b92bec0310449ce049bdaeaec5657c77"
score = 90
quality = 85
@@ -330983,8 +331395,8 @@ rule SIGNATURE_BASE_Payload_Exe2Hex
date = "2016-01-15"
modified = "2023-12-05"
reference = "https://github.com/g0tmi1k/exe2hex"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/generic_exe2hex_payload.yar#L8-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/generic_exe2hex_payload.yar#L8-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "91b738f0174a267bbc900d59abcb504d2ae0bac8c287c3b7d1ebfc57374a7ee7"
score = 70
quality = 85
@@ -331013,8 +331425,8 @@ rule SIGNATURE_BASE_MAL_LNX_Linadoor_Rootkit_May22 : FILE
date = "2022-05-19"
modified = "2023-05-16"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lnx_linadoor_rootkit.yar#L2-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lnx_linadoor_rootkit.yar#L2-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "546c34d4c204c7266884bb3b5b6ada418e83029ab88f72e5ffb094f50d9ed28e"
score = 85
quality = 85
@@ -331052,8 +331464,8 @@ rule SIGNATURE_BASE_MAL_OSX_Fancybear_Agent_Jul18_1 : FILE
date = "2018-07-15"
modified = "2023-12-05"
reference = "https://twitter.com/DrunkBinary/status/1018448895054098432"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fancybear_osxagent.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fancybear_osxagent.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "099235424f22f3591a891726ea0c13ebf831fae0456ab1b6baba329c090a9535"
score = 75
quality = 85
@@ -331081,8 +331493,8 @@ rule SIGNATURE_BASE_Gen_Base64_EXE : HIGHVOL FILE
date = "2017-04-21"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/general_cloaking.yar#L71-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/general_cloaking.yar#L71-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6fe18ee727a836c0baaac4dbbffdb9f50065f56a4c6eeee7e54792a8a66229de"
score = 75
quality = 85
@@ -331109,8 +331521,8 @@ rule SIGNATURE_BASE_Binary_Drop_Certutil : FILE
date = "2015-07-15"
modified = "2023-12-05"
reference = "https://goo.gl/9DNn8q"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/general_cloaking.yar#L92-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/general_cloaking.yar#L92-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3e2b62442b5da6ab887e1eb03cdd44932651fa51ce11e87e6fc29015e708d2f3"
score = 70
quality = 85
@@ -331134,8 +331546,8 @@ rule SIGNATURE_BASE_Stegokatz : FILE
date = "2015-09-11"
modified = "2023-12-05"
reference = "https://goo.gl/jWPBBY"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/general_cloaking.yar#L109-L123"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/general_cloaking.yar#L109-L123"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "091b07220d2a89822aa382edcecf5869d463e375747cc41f52417e66ccf0e2da"
score = 70
quality = 85
@@ -331158,8 +331570,8 @@ rule SIGNATURE_BASE_Obfuscated_VBS_April17 : FILE
date = "2017-04-21"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/general_cloaking.yar#L125-L137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/general_cloaking.yar#L125-L137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "590dca22a4fcbc2bbfb4358c53f7cb6c06824970139cca251c4cf1bd435817b0"
score = 75
quality = 85
@@ -331181,8 +331593,8 @@ rule SIGNATURE_BASE_Obfuscated_JS_April17 : FILE
date = "2017-04-21"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/general_cloaking.yar#L139-L153"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/general_cloaking.yar#L139-L153"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c75bf0ad8dd35fabbaedb54c2630249497edbb215b6ce2b707e32f82e8fb8f56"
score = 75
quality = 85
@@ -331206,8 +331618,8 @@ rule SIGNATURE_BASE_Tofu_Backdoor
date = "2017-02-28"
modified = "2023-12-05"
reference = "https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-threat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ham_tofu_chches.yar#L11-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ham_tofu_chches.yar#L11-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "67c49456dbe4dc4c8bc54139ce6d493ea5588392d8c64010d029d7a63ac7f976"
score = 75
quality = 85
@@ -331230,8 +331642,8 @@ rule SIGNATURE_BASE_Revengerat_Sep17 : FILE
date = "2017-09-04"
modified = "2020-07-27"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_revenge_rat.yar#L11-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_revenge_rat.yar#L11-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "467133402d6898f325cfd8c18308fc2a4dafd06c8624f9347225f16afd4035ce"
score = 75
quality = 85
@@ -331262,8 +331674,8 @@ rule SIGNATURE_BASE_SUSP_Vulndriver_HP_Hardware_Diagnostics_Etdsupp_May23 : FILE
date = "2023-05-12"
modified = "2023-12-05"
reference = "https://github.com/alfarom256/HPHardwareDiagnostics-PoC/tree/main/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145"
logic_hash = "bb50f591e49b1b0b08ccbe4ca5cb3685d8f358e51e6d6f77677bc05701f6b301"
score = 65
@@ -331287,8 +331699,8 @@ rule SIGNATURE_BASE_TA17_318B_Volgmer : FILE
date = "2017-11-15"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_318B.yar#L9-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_318B.yar#L9-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2b3a7e501214767b7d79b33fb560b5611fa3726036a0c98d6f1904a55f306e40"
score = 75
quality = 85
@@ -331310,8 +331722,8 @@ rule SIGNATURE_BASE_Volgmer_Malware : FILE
date = "2017-11-15"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta17_318B.yar#L34-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta17_318B.yar#L34-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "898c2734c56a40aa4d24c1eac2dfb7dd1f98b0bdf7a11ab518eef282becb84b6"
score = 75
quality = 85
@@ -331352,8 +331764,8 @@ rule SIGNATURE_BASE_REGEORG_Tuneller_Generic : FILE
date = "2021-12-20"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/unc3524-eye-spy-email"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/webshell_regeorg.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/webshell_regeorg.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ba22992ce835dadcd06bff4ab7b162f9"
logic_hash = "1657928875c3cd2d5bf774929b0497d78f0211b321f8a4138cc9b8c80b9f99d6"
score = 75
@@ -331383,8 +331795,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Keywords_May20_1 : CVE_2019_10149 FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9f9a81ff0c576f05ac063eaca7a5882dbdb09c9a0778610cca2864636a00efce"
score = 75
quality = 85
@@ -331406,8 +331818,8 @@ rule SIGNATURE_BASE_APT_Sandworm_SSH_Key_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L17-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L17-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "23a43849dfaa80bad2ca4f46b53181b3a4855ee89673ae9b658c854069b9aaa9"
score = 75
quality = 85
@@ -331430,8 +331842,8 @@ rule SIGNATURE_BASE_APT_Sandworm_SSHD_Config_Modification_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L33-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L33-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5775588b3a9d44e9eb2c8ef0f50351d7e3b06f1005f669775fae7187900d5999"
score = 75
quality = 85
@@ -331455,8 +331867,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Initfile_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L51-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L51-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "989f37069820d9ecf67dc71e4761a7cde2c1adf8db40b5f8a47e9c610ddec2e6"
score = 75
quality = 85
@@ -331480,8 +331892,8 @@ rule SIGNATURE_BASE_APT_Sandworm_User_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L68-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L68-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d052792a674dfa2d93a048b550ea085c3b9225662fdb09bf4a602093b0527e38"
score = 75
quality = 85
@@ -331506,8 +331918,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_PHP_Sandworm_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L86-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L86-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d10f618c7b465c7691d6054e994a76f56c12eb0a36d2d98b5accd2c1e2c1da7"
score = 75
quality = 85
@@ -331531,8 +331943,8 @@ rule SIGNATURE_BASE_APT_SH_Sandworm_Shell_Script_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L103-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L103-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b9116585e74ad6159cd31c0c8a84566f981a62ca5b5f82ace8b855a180461071"
score = 75
quality = 60
@@ -331565,8 +331977,8 @@ rule SIGNATURE_BASE_APT_RU_Sandworm_PY_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://twitter.com/billyleonard/status/1266054881225236482"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L131-L148"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L131-L148"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ccc4c7fc75c04cbcab34904de2e7ab055a15c1017ec0f8d01b06454f4395047"
score = 75
quality = 85
@@ -331590,8 +332002,8 @@ rule SIGNATURE_BASE_APT_RU_Sandworm_PY_May20_2 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://twitter.com/billyleonard/status/1266054881225236482"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sandworm_exim_expl.yar#L150-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sandworm_exim_expl.yar#L150-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5fb61a9cef64ecf97adc78bf67db667cfd9e5e6f3e03f1bba8f3cdbf6c257520"
score = 75
quality = 85
@@ -331616,8 +332028,8 @@ rule SIGNATURE_BASE_Icefog_Malware_Feb18_1 : FILE
date = "2018-02-26"
modified = "2023-01-06"
reference = "https://twitter.com/ClearskySec/status/968104465818669057"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_icefog.yar#L11-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_icefog.yar#L11-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8bba0f7f6f6aad6586c2c5ed29f30514d2f88703134f331724cc2ff86ccffe87"
score = 75
quality = 85
@@ -331647,8 +332059,8 @@ rule SIGNATURE_BASE_MAL_Winnti_BR_Report_Twinpeaks : FILE
date = "2019-07-24"
modified = "2023-12-05"
reference = "https://github.com/br-data/2019-winnti-analyse"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_br.yar#L3-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_br.yar#L3-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "76457f5aa4cc4bf4f43ffbaa60d63006455977e881f1d74b845835c505a93fed"
score = 75
quality = 85
@@ -331671,8 +332083,8 @@ rule SIGNATURE_BASE_MAL_BR_Report_Thedao : FILE
date = "2019-07-24"
modified = "2023-12-05"
reference = "https://github.com/br-data/2019-winnti-analyse"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_br.yar#L17-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_br.yar#L17-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "798b092b7667462aa66590603504cb0cd1166e4ac3472627cd8cd8fdf8f0b778"
score = 75
quality = 60
@@ -331693,8 +332105,8 @@ rule SIGNATURE_BASE_MAL_Winnti_BR_Report_Mockingjay : FILE
date = "2019-07-24"
modified = "2023-12-05"
reference = "https://github.com/br-data/2019-winnti-analyse"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_br.yar#L30-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_br.yar#L30-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a63b6f10cc5feebba16e585cb29d741876e1dc7f4dde3ef43ac76db9c7ad135"
score = 75
quality = 85
@@ -331717,8 +332129,8 @@ rule SIGNATURE_BASE_VULN_Keepass_DB_Brute_Forcible : FILE
date = "2023-07-20"
modified = "2023-12-05"
reference = "https://keepass.info/help/base/security.html#secdictprotect"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_keepass_brute_forcible.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_keepass_brute_forcible.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14460f7d4976a3bbd6de2f7cfccfbfec35eb780ab762396a6490669ddde59ce8"
score = 60
quality = 85
@@ -331740,8 +332152,8 @@ rule SIGNATURE_BASE_APT_MAL_Maldoc_Cloudatlas_Oct20_1 : FILE
date = "2020-10-13"
modified = "2023-12-05"
reference = "https://twitter.com/jfslowik/status/1316050637092651009"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cloudatlas.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cloudatlas.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "772bdd8ec89edf2054e675e9ecb321a7bfe0307a7086a4e5b65f8d8b8cf80ecc"
score = 75
quality = 85
@@ -331763,8 +332175,8 @@ rule SIGNATURE_BASE_APT_MAL_URL_Cloudatlas_Oct20_2 : FILE
date = "2020-10-13"
modified = "2023-12-05"
reference = "https://twitter.com/jfslowik/status/1316050637092651009"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cloudatlas.yar#L18-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cloudatlas.yar#L18-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8bb60c262a34babbe8839f5d39d1c972eeb41ea77eaae02cc877d908c7033f13"
score = 75
quality = 85
@@ -331789,8 +332201,8 @@ rule SIGNATURE_BASE_WEBSHELL_APT_PHP_DEWMODE_UNC2546_Feb21_1 : FILE
date = "2021-02-22"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2546_dewmode.yar#L2-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2546_dewmode.yar#L2-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "86ce185f6350eb7485bce5bd31d91085fed25aa8ce78813e1c3c3dffbaae58ff"
score = 75
quality = 60
@@ -331820,8 +332232,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_1 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L11-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L11-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad3018e6aa377b5032b04226ecb1e27b2cc7bc8294455ea51e426b5182ed7821"
score = 75
quality = 85
@@ -331844,8 +332256,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_2 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L26-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L26-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e31ade3690938fe0999423fbe446d9426e14abd01ebbada4eed8bddb1e2c9ea6"
score = 75
quality = 85
@@ -331868,8 +332280,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_3 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L41-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L41-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6920febf177667610e3edb8ba88ec137d085a867c1d6a570d4785fcc9cc62d49"
score = 75
quality = 85
@@ -331897,8 +332309,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_4 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L61-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L61-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8011497e7d061a9ebde06667e47b5cd9469a433e0be1401d70637e7ace8e8155"
score = 75
quality = 85
@@ -331922,8 +332334,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_5 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L77-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L77-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fbc1a2e078cfae7a9c72612b9c769e84d8c1d59c89e05001571ad00071e38577"
score = 75
quality = 85
@@ -331950,8 +332362,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_6 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L97-L111"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L97-L111"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2de78012cc384211cef6c12817fd8cef9d93eef6de3197d0cfec64c1a8022ae3"
score = 75
quality = 85
@@ -331975,8 +332387,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_7 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L113-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L113-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87ab6cd5c769e7e38bef807fa7d15af3a66fed8fdb7fed49fa62d87e1049ceb4"
score = 75
quality = 85
@@ -332002,8 +332414,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_8 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L131-L147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L131-L147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a1d5e72970919cd5c0493f8882cbc6fb1bb3c5b6517813a4022efd0028dfe728"
score = 75
quality = 85
@@ -332029,8 +332441,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_9 : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L149-L163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L149-L163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "af4b85ef01c4fa21a2506369f3bc0f8eff6e95a4cfd494e1ea11a44d75bb024e"
score = 75
quality = 85
@@ -332054,8 +332466,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Nflogger : FILE
date = "2017-02-04"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L165-L178"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L165-L178"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dc9b19e3c4c321cb9f840ec9ff78bec9e4a075cc62ea2823d92a3fbd9f99cc07"
score = 75
quality = 85
@@ -332078,8 +332490,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Go : FILE
date = "2017-02-04"
modified = "2023-01-06"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L180-L203"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L180-L203"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf5e2d825e4bd63e94455ffb4013fa1088098a826390c1916c0aa50866588fcb"
score = 75
quality = 85
@@ -332110,8 +332522,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Mcutil : FILE
date = "2017-02-04"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L205-L223"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L205-L223"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "edb6000fd65d6593bd94842e60ec099c5a652d10005f81d17063dba1a2e267d2"
score = 75
quality = 85
@@ -332139,8 +332551,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Zlh : FILE
date = "2017-02-04"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_pp_zerot.yar#L225-L241"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_pp_zerot.yar#L225-L241"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26796f75a8302bd6c93eb3ea43d0491b86770b52bd11aad6e1e250d968a77004"
score = 75
quality = 85
@@ -332166,8 +332578,8 @@ rule SIGNATURE_BASE_CHAOS_Payload : FILE
date = "2017-07-15"
modified = "2023-12-05"
reference = "https://github.com/tiagorlampert/CHAOS"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_chaos_payload.yar#L11-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_chaos_payload.yar#L11-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ca409d3d0430fbc4c5ae52ce22616132da3a90c1ec3889571c6314e8787eee67"
score = 80
quality = 85
@@ -332191,8 +332603,8 @@ rule SIGNATURE_BASE_M_APT_Downloader_BEATDROP : FILE
date = "2022-04-28"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_apr22.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_apr22.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a766682cc9a057798cc569111bfcb611648c4a052c0dd664d983b80d5891255"
score = 90
quality = 85
@@ -332217,8 +332629,8 @@ rule SIGNATURE_BASE_M_APT_Downloader_BOOMMIC : FILE
date = "2022-04-28"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_apr22.yar#L19-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_apr22.yar#L19-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c561b19464597f896d31307c0383fbc639cf4211600513e1251a3f59405bfed6"
score = 75
quality = 85
@@ -332242,8 +332654,8 @@ rule SIGNATURE_BASE_SUSP_BAT2EXE_Bdargo_Converted_BAT : FILE
date = "2018-07-28"
modified = "2022-06-23"
reference = "https://www.majorgeeks.com/files/details/advanced_bat_to_exe_converter.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_bat2exe.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_bat2exe.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "978aa25f1abd0cbd36e55da2b1ed4478a3a5b8b814988669c70e219cc2dd1afd"
score = 45
quality = 85
@@ -332273,8 +332685,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_1 : FILE
date = "2017-05-04"
modified = "2023-01-06"
reference = "https://goo.gl/QaOh4V"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_snaketurla_osx.yar#L11-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_snaketurla_osx.yar#L11-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12b18c9e03f1a471541de2fb3ecc6b90a13910ca299a9b7d2bad9dd11f881506"
score = 75
quality = 85
@@ -332297,8 +332709,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_2 : FILE
date = "2017-05-04"
modified = "2023-12-05"
reference = "https://goo.gl/QaOh4V"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_snaketurla_osx.yar#L27-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_snaketurla_osx.yar#L27-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "35bd8650afbc515ecd1cef393fd75f9b77a1e31111612227f0f4557fe8b312a7"
score = 75
quality = 85
@@ -332323,8 +332735,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_4 : FILE
date = "2017-05-04"
modified = "2023-12-05"
reference = "https://goo.gl/QaOh4V"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_snaketurla_osx.yar#L44-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_snaketurla_osx.yar#L44-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b6aac2313ea7dae572114e92ad0b5437c5be2542853de3b184bef780faee68b"
score = 75
quality = 85
@@ -332347,8 +332759,8 @@ rule SIGNATURE_BASE_Snaketurla_Installd_SH : FILE
date = "2017-05-04"
modified = "2023-12-05"
reference = "https://goo.gl/QaOh4V"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_snaketurla_osx.yar#L59-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_snaketurla_osx.yar#L59-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b16107434951ddb212996909d53dfbcdae74ed13df6690ce3f6c74258ab4670"
score = 75
quality = 85
@@ -332371,8 +332783,8 @@ rule SIGNATURE_BASE_Snaketurla_Install_SH : FILE
date = "2017-05-04"
modified = "2023-12-05"
reference = "https://goo.gl/QaOh4V"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_snaketurla_osx.yar#L74-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_snaketurla_osx.yar#L74-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "019d20ca6632759cf01962d336c22831edc64b6927d8b27d026b76eb118fce02"
score = 75
quality = 85
@@ -332395,8 +332807,8 @@ rule SIGNATURE_BASE_Pos_Malware_Malumpos
date = "2015-05-25"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malumpos.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malumpos.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ece32e51a12adf0d68420c8d98efbe7df27b9061ddfe4dcedf151f9f06287eee"
score = 75
quality = 60
@@ -332422,8 +332834,8 @@ rule SIGNATURE_BASE_Uboatrat : FILE
date = "2017-11-29"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uboat_rat.yar#L9-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uboat_rat.yar#L9-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d0837607d1a5efd9986eccf98f108633502a09dbf8c4c94fc0f0247060bc3a8"
score = 75
quality = 83
@@ -332461,8 +332873,8 @@ rule SIGNATURE_BASE_Uboatrat_Dropper : FILE
date = "2017-11-29"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_uboat_rat.yar#L52-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_uboat_rat.yar#L52-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f8dcc8559fa0ab1644ef6bab9bc875f3d62391c157b373e0355ad03d35e5601"
score = 75
quality = 85
@@ -332489,8 +332901,8 @@ rule SIGNATURE_BASE_MAL_CMD_Script_Obfuscated_Feb19_1 : FILE
date = "2019-03-01"
modified = "2023-12-05"
reference = "https://twitter.com/DbgShell/status/1101076457189793793"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cmd_script_obfuscated.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cmd_script_obfuscated.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71c8831686796c921674ec293b5bdf2c42ae9069b258c85c9e0ca6a7f972daf8"
score = 75
quality = 85
@@ -332513,8 +332925,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_7Z_SFX_Combo : FILE
date = "2018-09-16"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_sfx_with_microsoft_copyright.yar#L1-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_sfx_with_microsoft_copyright.yar#L1-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f48887e0c1031d180e25f2d1b9e016d434f594aef283ab3af8418e86496d2eac"
score = 65
quality = 85
@@ -332545,8 +332957,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_RAR_SFX_Combo : FILE
date = "2018-09-16"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_sfx_with_microsoft_copyright.yar#L27-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_sfx_with_microsoft_copyright.yar#L27-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0f29fcf86139a6f95b4ab0095154bd26b555f1576b5a2e263c1939bc30e3431"
score = 65
quality = 85
@@ -332578,8 +332990,8 @@ rule SIGNATURE_BASE_SUSP_Fake_AMSI_DLL_Jun23_1 : FILE
date = "2023-06-07"
modified = "2023-06-12"
reference = "https://twitter.com/eversinc33/status/1666121784192581633?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_fake_amsi_dll.yar#L3-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_fake_amsi_dll.yar#L3-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec3db233ab22144bc65614b45bb894a7ea5a4fd40ccb603e6e52cc1b9ff8805b"
score = 65
quality = 85
@@ -332606,8 +333018,8 @@ rule SIGNATURE_BASE_Xdedic_Sysscan_Unpacked : CRIMEWARE FILE
date = "2016-03-14"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sysscan.yar#L1-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sysscan.yar#L1-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "df0834e89c512721547001c910c1461f028a46e954dd51017d4e8bde7893d04a"
score = 75
quality = 85
@@ -332642,8 +333054,8 @@ rule SIGNATURE_BASE_Xdedic_Packed_Syscan : FILE
date = "2016-07-02"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sysscan.yar#L29-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sysscan.yar#L29-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "04eb5b056e892b2c2cf87e3770847226cccaceb1c743f3b9f8ac548026747ccf"
score = 75
quality = 83
@@ -332666,8 +333078,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Rel : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L1-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L1-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5367e183df155e3133d916f7080ef973f7741d34"
logic_hash = "f2ffab73993c578f47e17babc2e65301b3720e438b33e57f2af31b7183bfd20f"
score = 70
@@ -332701,8 +333113,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Rel_2 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L30-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L30-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f97e01ee04970d1fc4d988a9e9f0f223ef2a6381"
logic_hash = "60a48288cb106135728fb676ecad2b9be5254d5dc5094da158ea9dc07704c9ab"
score = 70
@@ -332740,8 +333152,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_PSAPI : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L61-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L61-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f93a7945a33145bb6c106a51f08d8f44eab1cdf5"
logic_hash = "b73f1db2ca8a3164562314ebd9903c864eb2690c95731959df0e99656544ed40"
score = 70
@@ -332768,8 +333180,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_WUAUCLT
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L81-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L81-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fd5ca5a2d444865fa8320337467313e4026b9f78"
logic_hash = "49cae3b727d6b2673dc9a6497d59c9abdd78d486e1eaf6f036f6eb1aef9a8fcb"
score = 70
@@ -332803,8 +333215,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Gen1 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "not set"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L110-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L110-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8054195f212017fb17953728a7df34645d81c93fee75300e44f467c6aa5efaff"
score = 75
quality = 85
@@ -332835,8 +333247,8 @@ rule SIGNATURE_BASE_Malware_Msupdater_String_In_EXE : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L133-L156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L133-L156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b1a2043b7658af4d4c9395fa77fde18ccaf549bb"
logic_hash = "2b7a43aee6dbac1bfa7d9e0331cb078394ae78a1ec44c1a4a70a63b38595abe0"
score = 50
@@ -332866,8 +333278,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_3 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L158-L175"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L158-L175"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "464149ff23f9c7f4ab2f5cadb76a4f41f969bed0"
logic_hash = "09e7da7f2bfbae9252502ea1ea61b612c1af2e4c70508b34e685b46429d4613c"
score = 70
@@ -332893,8 +333305,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_1 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L177-L200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L177-L200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b55072b67543f58c096571c841a560c53d72f01a"
logic_hash = "038be28609df0187cbbce0d16fee7c902b742458f1201ff3c0d5fde19acd2c56"
score = 70
@@ -332924,8 +333336,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_2 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L202-L236"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L202-L236"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "365b5537e3495f8ecfabe2597399b1f1226879b1"
logic_hash = "47d75e589d47a39d5a9c9e0047a143074d3d74b5541adf8cb3be968da732a96d"
score = 70
@@ -332968,8 +333380,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Gen4 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_putterpanda.yar#L238-L276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_putterpanda.yar#L238-L276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d450935febe5d6db14be1e7694db1d7b9e8fcacf013920e89c7b25659254310"
score = 70
quality = 85
@@ -333010,8 +333422,8 @@ rule SIGNATURE_BASE_MAL_LNX_PLAGUE_BACKDOOR_Jul25 : FILE
date = "2025-07-25"
modified = "2025-09-17"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lnx_plague.yar#L1-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lnx_plague.yar#L1-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "14b0c90a2eff6b94b9c5160875fcf29aff15dcfdfd3402d953441d9b0dca8b39"
hash = "7c3ada3f63a32f4727c62067d13e40bcb9aa9cbec8fb7e99a319931fc5a9332e"
logic_hash = "9ef7d8153c8567f85b8713467bf5b175e0c2af050e1f275fb2441bbca8d20a79"
@@ -333044,8 +333456,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_3 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L11-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L11-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "74e1e83ac69e45a3bee78ac2fac00f9e897f281ea75ed179737e9b6fe39971e3"
logic_hash = "51615c2583bb672f148f216e4856e7e346b17884f0740d69f6a24f08b594bda4"
score = 75
@@ -333071,8 +333483,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_2 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L28-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L28-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b9510e4484fa7e3034228337768176fce822162ad819539c6ca3631deac043eb"
logic_hash = "5ee652a135d4865340d2ce6421144ec76ccc7ab69704e92904b2e2ebfc72edfc"
score = 75
@@ -333099,8 +333511,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_4 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L46-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L46-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fcabbd37acf75e1233894682e77abad95a849ed68c7e8ce2690dde03d8160f8b"
score = 75
quality = 85
@@ -333133,8 +333545,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_3 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L72-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L72-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090"
logic_hash = "fb486985587fc28c45cbdf6a63550e60e8d6c18f218544adc19c5604193fe8ea"
score = 75
@@ -333165,8 +333577,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_2 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L94-L114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L94-L114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3"
logic_hash = "a355ac60dca5ca880a90a5c2720690b4691630fd434411758fa7ff006f7389ba"
score = 75
@@ -333196,8 +333608,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_6 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L115-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L115-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4b16f6e8414d4192d0286b273b254fa1bd633f5d3d07ceebd03dfdfc32d0f17f"
logic_hash = "0907274bd6c97b7d7b2913e42aa748c92012aeeb32196ddcbcd30332f4e95ac9"
score = 75
@@ -333221,8 +333633,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_3 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L130-L151"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L130-L151"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bf52ca4d4077ae7e840cf6cd11fdec0bb5be890ddd5687af5cfa581c8c015fcd"
logic_hash = "e24d434d8f08b83f8e4b1f4aa75a84a040e4f56cdbd9a58ff49c463437e78c24"
score = 75
@@ -333252,8 +333664,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_2 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L152-L170"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L152-L170"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841"
logic_hash = "5864e52820578769a31a6925795d13283d7b3bc5f9ac50ac8aea6578a5919e71"
score = 75
@@ -333281,8 +333693,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L171-L188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L171-L188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b95d7f56a686a05398198d317c805924c36f3abacbb1b9e3f590ec0d59f845d8"
logic_hash = "4f0333de25b9f84ecaa3e63c5f600f53929244cd63a681d21cb78cfe17ca15f9"
score = 75
@@ -333309,8 +333721,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_5 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L192-L208"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L192-L208"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e248bada3ac46611bbe2cf1e1afee902191a2c1fb9611c4a052318e5e093b015"
score = 75
quality = 85
@@ -333336,8 +333748,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_1 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L209-L247"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L209-L247"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "799ae0946464e5b4980f792e525da9eec46aa7844ec977f892a80f58d8b22afd"
score = 75
quality = 85
@@ -333381,8 +333793,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_4 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L248-L275"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L248-L275"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f24100c0fe837511ce6144224eda397fed3931072e364f1b5be49c7bb4102aa4"
score = 75
quality = 85
@@ -333418,8 +333830,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_1 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L276-L294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L276-L294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "34736c85699a94b1413e5f9934e1a55841e8296df61d558bccf2d477e545d156"
score = 75
quality = 85
@@ -333447,8 +333859,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_3
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L295-L314"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L295-L314"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "371a91b08747b8025baba79797baf9f29487f9c3541f27fc2c2716b531d30b54"
score = 75
quality = 85
@@ -333477,8 +333889,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_2 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L315-L337"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L315-L337"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7eab3d398b5172127383047de7106a9713ec5b149f8e8ca1506b3382b007f648"
score = 75
quality = 85
@@ -333510,8 +333922,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_1 : FILE
date = "2016-01-30"
modified = "2023-12-05"
reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_codoso.yar#L339-L367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_codoso.yar#L339-L367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8cecf96c7732becf83eb900bc36fa44daee466da6b483ea4f8c25ae9aeffcb7b"
score = 75
quality = 85
@@ -333548,8 +333960,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Isaacwiper_Mar22_1 : FILE
date = "2022-03-03"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ua_isaacwiper.yar#L3-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ua_isaacwiper.yar#L3-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6fe7d1536db5fc30c9b4a171be66993fc69e6a1d96dae00be4170bdb4a53afb8"
score = 85
quality = 85
@@ -333578,8 +333990,8 @@ rule SIGNATURE_BASE_Bronzebutler_Daserf_Delphi_1 : FILE
date = "2017-10-14"
modified = "2023-12-05"
reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L13-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L13-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6034a6746a5bd762d869ad2e791d80aca8a1251afa9386d6b657f23092c6fc42"
score = 75
quality = 85
@@ -333613,8 +334025,8 @@ rule SIGNATURE_BASE_Bronzebutler_Daserf_C_1 : FILE
date = "2017-10-14"
modified = "2023-12-05"
reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L38-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L38-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b0c05db41d6b6ac48b31d8c22aead301470f465c2840ddc98ed9577d0aaa50b"
score = 75
quality = 85
@@ -333658,8 +334070,8 @@ rule SIGNATURE_BASE_Bronzebutler_Dget_1 : FILE
date = "2017-10-14"
modified = "2023-12-05"
reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L80-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L80-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d5537f581039fa4561950402a34cbd9abd54c167d659fbbe74f1cb83217e3fb"
score = 75
quality = 85
@@ -333682,8 +334094,8 @@ rule SIGNATURE_BASE_Bronzebutler_Uacbypass_1 : FILE
date = "2017-10-14"
modified = "2023-12-05"
reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L95-L113"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L95-L113"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64b70b9f5963be9009025c14a6e98be9642599af5226f77946b6255116fc22d8"
score = 75
quality = 85
@@ -333711,8 +334123,8 @@ rule SIGNATURE_BASE_Bronzebutler_Xxmm_1 : FILE
date = "2017-10-14"
modified = "2023-12-05"
reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L115-L140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L115-L140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb9c12cbe2fe132a9588b744d10caee12716f622c31da8a1cee4c0f88d693e8e"
score = 75
quality = 85
@@ -333743,8 +334155,8 @@ rule SIGNATURE_BASE_Bronzebutler_Rarstar_1 : FILE
date = "2017-10-14"
modified = "2023-12-05"
reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L142-L158"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L142-L158"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0e418e595020d91c575051c3b1639b09efad150c625b62eec3d1331f9792641b"
score = 75
quality = 85
@@ -333770,8 +334182,8 @@ rule SIGNATURE_BASE_Daserf_Nov1_Bronzebutler : FILE
date = "2017-11-08"
modified = "2023-12-05"
reference = "https://goo.gl/ffeCfd"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bronze_butler.yar#L170-L196"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bronze_butler.yar#L170-L196"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "75edc17c51f4ea82ff7722df2f5825721ff64445fb8c78b450f1333bd32b5829"
score = 75
quality = 85
@@ -333804,8 +334216,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample1 : FILE
date = "2016-06-14"
modified = "2023-12-05"
reference = "http://goo.gl/mzAa97"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_jun16.yar#L10-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_jun16.yar#L10-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "761cec3d04e6b5273cfb450000023ed10ea73d17648c0af7660f4ef2b37fc31c"
score = 85
quality = 85
@@ -333829,8 +334241,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample2 : FILE
date = "2016-06-14"
modified = "2023-12-05"
reference = "http://goo.gl/mzAa97"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_jun16.yar#L27-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_jun16.yar#L27-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a1f334996527556334c34d0308da6165e9d2a3d7eb8b2ecc322b574dea4d4844"
score = 85
quality = 85
@@ -333860,8 +334272,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample3 : FILE
date = "2016-06-14"
modified = "2023-12-05"
reference = "http://goo.gl/mzAa97"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_jun16.yar#L51-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_jun16.yar#L51-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bdc6fcc30ebd7a966391747e4156a6d94dc9187e8b8898de4c441540ec4e637e"
score = 85
quality = 85
@@ -333884,8 +334296,8 @@ rule SIGNATURE_BASE_SUSP_Two_Byte_XOR_PE_And_MZ : FILE
date = "2021-10-11"
modified = "2025-11-03"
reference = "https://gist.github.com/wxsBSD/bf7b88b27e9f879016b5ce2c778d3e83"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xored_pe.yar#L1-L12"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xored_pe.yar#L1-L12"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a43ff9ec966df72ef35fb9ba9bbbd6f8b0f3761669bb91dc5919645d6327174"
score = 60
quality = 85
@@ -333903,8 +334315,8 @@ rule SIGNATURE_BASE_SUSP_Four_Byte_XOR_PE_And_MZ : FILE
date = "2021-10-11"
modified = "2025-11-03"
reference = "https://gist.github.com/wxsBSD/bf7b88b27e9f879016b5ce2c778d3e83"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xored_pe.yar#L14-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xored_pe.yar#L14-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "28230cd3c1d1da97a98df09243593eb59b57f376f651d5f22c3ea5903f0f73e4"
score = 60
quality = 85
@@ -333922,8 +334334,8 @@ rule SIGNATURE_BASE_Crime_Ole_Loadswf_Cve_2018_4878 : PURPORTED_NORTH_KOREAN_ACT
date = "2026-01-01"
modified = "2023-12-05"
reference = "hxxps://www[.]krcert[.]or[.kr/data/secNoticeView.do?bulletin_writing_sequence=26998"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "716cad0c5a12cc360522e2649c7870a493bef4bec3d55c3a3e235f3a85c02a56"
score = 75
quality = 85
@@ -333957,8 +334369,8 @@ rule SIGNATURE_BASE_NK_Miner_Malware_Jan18_1 : FILE
date = "2018-01-09"
modified = "2023-12-05"
reference = "https://goo.gl/PChE1z"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_nkminer.yar#L11-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_nkminer.yar#L11-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb75fe7d70b547a4774b74c01e11479949dfccb8645af330f87b51daaf0d8dbf"
score = 75
quality = 85
@@ -333994,8 +334406,8 @@ rule SIGNATURE_BASE_APT_Liudoor : WIN32_DLL
date = "2015-07-23"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_terracotta_liudoor.yar#L1-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_terracotta_liudoor.yar#L1-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f60002d0173a8ebd2b407e79377d4816e699742aedb1e0649b08fd4ca6cf359"
score = 75
quality = 85
@@ -334030,8 +334442,8 @@ rule SIGNATURE_BASE_APT_Pupyrat_PY : FILE
date = "2017-02-17"
modified = "2023-12-05"
reference = "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_magichound.yar#L10-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_magichound.yar#L10-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b30bc3082be3229ea2ef5d7c51ab6f97df2f612c80c45892e1a13fde1fb56725"
score = 75
quality = 85
@@ -334059,8 +334471,8 @@ rule SIGNATURE_BASE_APT_Magichound_Malmacro : FILE
date = "2017-02-17"
modified = "2023-12-05"
reference = "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_magichound.yar#L33-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_magichound.yar#L33-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "198c6e7ab957d5c1bb45449b0b2210532e97ed11700f8435201200746e0dfa48"
score = 75
quality = 85
@@ -334088,8 +334500,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi_3
modified = "2025-03-21"
old_rule_name = "Webshell_h4ntu_shell_powered_by_tsoi_"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L32-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L32-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "06ed0b2398f8096f1bebf092d0526137"
logic_hash = "871e9a057ca3920fcebaec5c2555c2d936d813c0d8bb2a6a69726dee7a796ff8"
score = 70
@@ -334114,8 +334526,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi : FILE
modified = "2025-03-21"
old_rule_name = "Webshell_h4ntu_shell__powered_by_tsoi_"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L48-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L48-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "06ed0b2398f8096f1bebf092d0526137"
logic_hash = "3d9b568a66f3e6933b385fed30921883dd7be17863670c648702ae3403b6e8a1"
score = 80
@@ -334138,8 +334550,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Sql
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L65-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L65-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2cf20a207695bbc2311a998d1d795c35"
logic_hash = "83049c3c5bce88d239b59accb173e234c3169f59187de17b7e6c2a0aa58a552f"
score = 70
@@ -334163,8 +334575,8 @@ rule SIGNATURE_BASE_Webshell_PHP_A
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L80-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L80-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e3b461f7464d81f5022419d87315a90d"
logic_hash = "6bdd5fbe9b16f2d84b884239cf3b6453587933c6b0c4308508d10019b4f36e38"
score = 70
@@ -334189,8 +334601,8 @@ rule SIGNATURE_BASE_Webshell_Imhapftp_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L96-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L96-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "12911b73bc6a5d313b494102abcf5c57"
logic_hash = "9099504870c1e466808060f11aea38472832846d24e3c84fdd69b7d26bfed69d"
score = 70
@@ -334214,8 +334626,8 @@ rule SIGNATURE_BASE_Webshell_Jspspyweb
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L111-L125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L111-L125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4e9be07e95fff820a9299f3fb4ace059"
logic_hash = "491d9c4efee27469f2a26f6fcb7f7c768eac60977e640096ea5f78ff346e7fbe"
score = 70
@@ -334239,8 +334651,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L126-L140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L126-L140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "49ad9117c96419c35987aaa7e2230f63"
logic_hash = "d3d27d80f5f3adbc050a59d0c25953ec5d634344b5d051a4abdf4eeed3b8b035"
score = 70
@@ -334264,8 +334676,8 @@ rule SIGNATURE_BASE_Webshell_Simattacker_Vrsion_1_0_0_Priv8_4_My_Friend
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L141-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L141-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "089ff24d978aeff2b4b2869f0c7d38a3"
logic_hash = "fc553942b06b305f7b0d5b072a8d4517b0e51229545440ea9c43e9be01d64efa"
score = 70
@@ -334289,8 +334701,8 @@ rule SIGNATURE_BASE_Webshell_Phpshell_2_1_Pwhash
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L156-L170"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L156-L170"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ba120abac165a5a30044428fac1970d8"
logic_hash = "616c0570550cdb9394b5675864d4eec3fa62390f880817406b2a3b63952b69f0"
score = 70
@@ -334314,8 +334726,8 @@ rule SIGNATURE_BASE_Webshell_Phpremoteview
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L171-L185"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L171-L185"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "29420106d9a81553ef0d1ca72b9934d9"
logic_hash = "2de48b8640c0f2089a4a0badb4429127cb61ac972459290041e20b959e4e0c05"
score = 70
@@ -334339,8 +334751,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_12302
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L186-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L186-L201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a3930518ea57d899457a62f372205f7f"
logic_hash = "0959a138abc791f17344e25e84b24888ddfe238981fc7e3ffd76c0390006ea46"
score = 70
@@ -334365,8 +334777,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Guo
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L202-L216"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L202-L216"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9e69a8f499c660ee0b4796af14dc08f0"
logic_hash = "efb7055f42dd6be41ea3983cacea1a70b83675c8ebcb88ae3b250066a29e94eb"
score = 70
@@ -334390,8 +334802,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Redcod
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L217-L231"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L217-L231"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5c1c8120d82f46ff9d813fbe3354bac5"
logic_hash = "eddfd90d27793756bcc685ffe33b2dabc3bb28b9654c33a0f99359e8b6f13678"
score = 70
@@ -334415,8 +334827,8 @@ rule SIGNATURE_BASE_Webshell_Remview_Fix
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L232-L246"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L232-L246"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a24b7c492f5f00e2a19b0fa2eb9c3697"
logic_hash = "0b29ef74fb0786aefe99281360dc4fe27005eac345a36bc14259afa6fc555303"
score = 70
@@ -334440,8 +334852,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Cmd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L247-L262"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L247-L262"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "895ca846858c315a3ff8daa7c55b3119"
logic_hash = "8e72b54267c2f83b288cdd43ccd56ae4ab1f95c17f4dde077e637d951df54866"
score = 70
@@ -334466,8 +334878,8 @@ rule SIGNATURE_BASE_Webshell_Php_Sh_Server
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L263-L276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L263-L276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d87b019e74064aa90e2bb143e5e16cfa"
logic_hash = "9f4d940a381e7bd298a252f485d5f1d26fd191c27f6e86e8fa6028237592a8c3"
score = 50
@@ -334490,8 +334902,8 @@ rule SIGNATURE_BASE_Webshell_PH_Vayv_PH_Vayv
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L277-L291"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L277-L291"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "35fb37f3c806718545d97c6559abd262"
logic_hash = "8769400b7b6828849f27092d790d291721c7e1b39dfd2080de5da8e59dd25523"
score = 70
@@ -334515,8 +334927,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Ice
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L292-L305"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L292-L305"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6560b436d3d3bb75e2ef3f032151d139"
logic_hash = "d92cc9ac8630b40f23b9ff7cda5a237b4885d30de4b9b497be7512e7eb020a09"
score = 70
@@ -334539,8 +334951,8 @@ rule SIGNATURE_BASE_Webshell_Cihshell_Fix
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L306-L320"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L306-L320"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3823ac218032549b86ee7c26f10c4cb5"
logic_hash = "59ae76d6828d8c0ddcbafa19063e6dcf25c826386f46df2b8f9674b628365a2b"
score = 70
@@ -334564,8 +334976,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Shell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L321-L335"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L321-L335"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e63f5a96570e1faf4c7b8ca6df750237"
logic_hash = "5cc698e4ff23ca296b339589d12c24e67c99272e73445604a4552d3023e19636"
score = 70
@@ -334589,8 +335001,8 @@ rule SIGNATURE_BASE_Webshell_Private_I3Lue
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L336-L349"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L336-L349"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "13f5c7a035ecce5f9f380967cf9d4e92"
logic_hash = "274586f2c451eda45c3a52b615961dbba806f8d25e34cc358e661fcfd1143d08"
score = 70
@@ -334613,8 +335025,8 @@ rule SIGNATURE_BASE_Webshell_Php_Up
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L350-L365"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L350-L365"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7edefb8bd0876c41906f4b39b52cd0ef"
logic_hash = "22f444ce4068f46c0b57e566faca0c6377346e403de592b0e51869781fda31a9"
score = 70
@@ -334639,8 +335051,8 @@ rule SIGNATURE_BASE_Webshell_Mysql_Interface_V1_0
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L366-L379"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L366-L379"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a12fc0a3d31e2f89727b9678148cd487"
logic_hash = "baa938c4cfd2c46b1752d866e186d76a04c353617d8ec3e0d78a3c546b120d13"
score = 70
@@ -334663,8 +335075,8 @@ rule SIGNATURE_BASE_Webshell_Php_S_U
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L380-L393"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L380-L393"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "efc7ba1a4023bcf40f5e912f1dd85b5a"
logic_hash = "3c6904fa475784e737275fd47eabea077bed57e920071c68fa09f7defecbdb72"
score = 70
@@ -334687,8 +335099,8 @@ rule SIGNATURE_BASE_Webshell_Phpshell_2_1_Config
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L394-L407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L394-L407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bd83144a649c5cc21ac41b505a36a8f3"
logic_hash = "51d16bcaef5f6795ebcd1154dca79d5cf5a389948b0e59f4939c30fef877e816"
score = 70
@@ -334711,8 +335123,8 @@ rule SIGNATURE_BASE_Webshell_Asp_EFSO_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L408-L421"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L408-L421"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a341270f9ebd01320a7490c12cb2e64c"
logic_hash = "19bd00fabe0b4695129c180dd145e757e0b2c2a6dad751e8c889222c191e03ce"
score = 70
@@ -334735,8 +335147,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Up
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L422-L435"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L422-L435"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "515a5dd86fe48f673b72422cccf5a585"
logic_hash = "77c8121d000c45e44717689dec535fde7c9722005d1e4ff40d0b84abcf289f47"
score = 70
@@ -334759,8 +335171,8 @@ rule SIGNATURE_BASE_Webshell_Networkfilemanagerphp
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L436-L449"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L436-L449"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "acdbba993a5a4186fd864c5e4ea0ba4f"
logic_hash = "235e4062a9b9ebdf7dd0b8a2cb3b16ba7688a75b90d8c527344cf9605304838d"
score = 70
@@ -334783,8 +335195,8 @@ rule SIGNATURE_BASE_Webshell_Server_Variables
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L450-L464"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L450-L464"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "47fb8a647e441488b30f92b4d39003d7"
logic_hash = "2a85301f1d6e4c457ff0a1b2a08eb6f054905993a0667087f37b9a7352e38911"
score = 70
@@ -334808,8 +335220,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Ice_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L465-L478"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L465-L478"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1d6335247f58e0a5b03e17977888f5f2"
logic_hash = "57c3c369abd826d676290300d8df2d890b777fa1f0e1156654062159a4228db7"
score = 70
@@ -334832,8 +335244,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Mdb
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L479-L492"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L479-L492"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fbf3847acef4844f3a0d04230f6b9ff9"
logic_hash = "89f7692acd754992f9379b9b4661a01d6ab95cb85a3c2699928aa5ed3a3ac8c5"
score = 70
@@ -334856,8 +335268,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Guige
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L493-L506"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L493-L506"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2c9f2dafa06332957127e2c713aacdd2"
logic_hash = "9d71095b5c709dfdd8b5fcebcaa4493d9c93e841e85cda2e2255e0c15ea83659"
score = 70
@@ -334880,8 +335292,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy2010
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L507-L522"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L507-L522"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "14ae0e4f5349924a5047fed9f3b105c5"
logic_hash = "b3acef196b30cf9afe24c81860bedff69fc5652c514aa36aba85d16b12bcc432"
score = 70
@@ -334906,8 +335318,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ice
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L523-L536"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L523-L536"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d141e011a92f48da72728c35f1934a2b"
logic_hash = "524419e802d3cb6ac310565af22ec28044984aa4b1b2ee1cfbd292afd071709c"
score = 70
@@ -334930,8 +335342,8 @@ rule SIGNATURE_BASE_Webshell_Drag_System
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L537-L550"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L537-L550"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "15ae237cf395fb24cf12bff141fb3f7c"
logic_hash = "8ea8d9d64521f47f1396e4f4d6c8f4a71fa1a643799ec408e1d2e0f255dc4996"
score = 70
@@ -334954,8 +335366,8 @@ rule SIGNATURE_BASE_Webshell_Darkblade1_3_Asp_Indexx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L551-L564"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L551-L564"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7f46693648f534c2ca78e3f21685707"
logic_hash = "57cfe09d53d42ee9d909a3894b8a3362209c1972c7d96ae5fdc61681c2998a89"
score = 70
@@ -334978,8 +335390,8 @@ rule SIGNATURE_BASE_Webshell_Phpshell3
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L565-L580"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L565-L580"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "76117b2ee4a7ac06832d50b2d04070b8"
logic_hash = "868b1b69fab3ec6fcfa15557075f313f4af0ec9cd15f41bb9dcc9bc26fc17f93"
score = 70
@@ -335004,8 +335416,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Hsxa
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L581-L594"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L581-L594"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d0e05f9c9b8e0b3fa11f57d9ab800380"
logic_hash = "7f79b66d87f638bc09ee576de4dc4a8c5b1da7c406d318eeff7a4221c35d2313"
score = 70
@@ -335028,8 +335440,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Utils
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L595-L609"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L595-L609"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9827ba2e8329075358b8e8a53e20d545"
logic_hash = "90a5b64e59306bdffc5a89f5d86a2dc7a17669021d863e2a5ecea13d65c19053"
score = 70
@@ -335053,8 +335465,8 @@ rule SIGNATURE_BASE_Webshell_Asp_01
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L610-L623"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L610-L623"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "61a687b0bea0ef97224c7bd2df118b87"
logic_hash = "e057800013a9a8f4c3ecbe4e27c14e904700548e6ad9dc1f00313c7a3de7fd2d"
score = 50
@@ -335077,8 +335489,8 @@ rule SIGNATURE_BASE_Webshell_Asp_404
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L624-L637"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L624-L637"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d9fa1e8513dbf59fa5d130f389032a2d"
logic_hash = "3db951af36ed3d08bc10b4c3fc2e67481f005580fb76f66b6ec5789ed6e2efdb"
score = 70
@@ -335101,8 +335513,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_Cnseay02_1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L638-L651"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L638-L651"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "95fc76081a42c4f26912826cb1bd24b1"
logic_hash = "9950fb7c26dfb25665093dbcf5c4a9dcf65466783509a3caa11c2c96d177d855"
score = 70
@@ -335125,8 +335537,8 @@ rule SIGNATURE_BASE_Webshell_Php_Fbi
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L652-L665"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L652-L665"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1fb32f8e58c8deb168c06297a04a21f1"
logic_hash = "de8584ae83ee3e23f4ce00ccd73f75b4568d6a4544af45b83784a9a0c34d42e3"
score = 70
@@ -335149,8 +335561,8 @@ rule SIGNATURE_BASE_Webshell_B374Kphp_B374K
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L666-L682"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L666-L682"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bed7388976f8f1d90422e8795dff1ea6"
logic_hash = "1f0fc5e309dd67a11d6ba9b698fd9ca3c7e6616545c220de79aaa3b63f0ad931"
score = 70
@@ -335176,8 +335588,8 @@ rule SIGNATURE_BASE_Webshell_Cmd_Asp_5_1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L683-L696"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L683-L696"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8baa99666bf3734cbdfdd10088e0cd9f"
logic_hash = "1ff4ae8c08cec4605594e97d6c077d4808d3a73c04ddf6a51952252dd2d01cf4"
score = 70
@@ -335200,8 +335612,8 @@ rule SIGNATURE_BASE_Webshell_Php_Dodo_Zip
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L697-L711"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L697-L711"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7800364374077ce8864796240162ad5"
logic_hash = "bdeffafdedeadaba36c5c67f981c42d6111b954622780b930e9eeb9956c638b5"
score = 70
@@ -335225,8 +335637,8 @@ rule SIGNATURE_BASE_Webshell_Azrailphp_V1_0
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L712-L726"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L712-L726"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "26b2d3943395682e36da06ed493a3715"
logic_hash = "d0ccf9e37e378db4523d7918b30cff358115e7a4c36fad55a75f3aff218563c6"
score = 70
@@ -335250,8 +335662,8 @@ rule SIGNATURE_BASE_Webshell_Php_List
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L727-L742"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L727-L742"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "922b128ddd90e1dc2f73088956c548ed"
logic_hash = "007f9307493bca71dcbdcf6ba6c45bf36899e8f636ccbd09c26453cb0aea0847"
score = 70
@@ -335276,8 +335688,8 @@ rule SIGNATURE_BASE_Webshell_Ironshell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L743-L757"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L743-L757"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8bfa2eeb8a3ff6afc619258e39fded56"
logic_hash = "7e4916010a33383cfc3cbbcd5d575ac2f3a579220b66bd07e3121f3db30da66d"
score = 70
@@ -335301,8 +335713,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_404
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L758-L771"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L758-L771"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ee94952dc53d9a29bdf4ece54c7a7aa7"
logic_hash = "0743d18bc5066c96cca8cc0883971d3bc876e6c2fbb996e55b6930c715e07395"
score = 70
@@ -335325,8 +335737,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Aspydrv
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L772-L785"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L772-L785"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "de0a58f7d1e200d0b2c801a94ebce330"
logic_hash = "a4a6205ace49778ddc421b0f0e65c576e2ffe40ce2ab84debb939d5324420405"
score = 70
@@ -335349,8 +335761,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Web
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L786-L799"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L786-L799"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4bc11e28f5dccd0c45a37f2b541b2e98"
logic_hash = "ed0ace0ba5f8a9e763353c42e3e3a39da10596e8517aad33e5c5080b44e4d61a"
score = 70
@@ -335373,8 +335785,8 @@ rule SIGNATURE_BASE_Webshell_Mysqlwebsh
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L800-L813"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L800-L813"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "babfa76d11943a22484b3837f105fada"
logic_hash = "365d19c086b3bbb98cbe1e1ed1e7522ce98dc2614a39c747717c277cebef33d2"
score = 70
@@ -335397,8 +335809,8 @@ rule SIGNATURE_BASE_Webshell_Jspshell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L814-L828"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L814-L828"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0d5b5a17552254be6c1c8f1eb3a5fdc1"
logic_hash = "058ddd64b142cada7144b9befa81ada314b72e6f23524d98efcb10136c23ed33"
score = 70
@@ -335422,8 +335834,8 @@ rule SIGNATURE_BASE_Webshell_Dx_Dx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L829-L843"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L829-L843"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9cfe372d49fe8bf2fac8e1c534153d9b"
logic_hash = "c2eddf58b25caff79460ab9a87ac0573d483866a87c1b1ec0984afce2c22b29f"
score = 70
@@ -335447,8 +335859,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ntdaddy
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L844-L858"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L844-L858"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c5e6baa5d140f73b4e16a6cfde671c68"
logic_hash = "7237eb7233c6affcc1f67a764f704b7d7e1d13f71c64893286c6c99318cc7c3e"
score = 70
@@ -335472,8 +335884,8 @@ rule SIGNATURE_BASE_Webshell_Mysql_Web_Interface_Version_0_8
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L859-L872"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L859-L872"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "36d4f34d0a22080f47bb1cb94107c60f"
logic_hash = "680d4368804ad21e46dbe400563beca3ef724711b5432dccce1276ecadc04f2c"
score = 70
@@ -335496,8 +335908,8 @@ rule SIGNATURE_BASE_Webshell_Elmaliseker_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L873-L887"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L873-L887"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b32d1730d23a660fd6aa8e60c3dc549f"
logic_hash = "ca300cd142b3c8b820d3b5f5a56eeb834d9acb1d85916b932bd67fb4a25f4ed0"
score = 70
@@ -335521,8 +335933,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Remexp
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L888-L902"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L888-L902"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aa1d8491f4e2894dbdb91eec1abc2244"
logic_hash = "7a3b35c4a16f26167180cea81f67de101edabb9b35479f7e5acae7f3fe07f304"
score = 70
@@ -335546,8 +335958,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_List1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L903-L917"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L903-L917"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8d9e5afa77303c9c01ff34ea4e7f6ca6"
logic_hash = "61ecafe477d98c5eb6887a9ff50960fc28b84512d09a36c02588159b08b395a4"
score = 70
@@ -335571,8 +335983,8 @@ rule SIGNATURE_BASE_Webshell_Phpkit_1_0_Odd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L918-L933"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L918-L933"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "594d1b1311bbef38a0eb3d6cbb1ab538"
logic_hash = "bf99d6a71b9ef72574d928a09f3a479f2f819287d78c9a5435e45752e76a59bf"
score = 70
@@ -335597,8 +336009,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_123
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L934-L949"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L934-L949"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c691f53e849676cac68a38d692467641"
logic_hash = "48925d3a302bf09ecb3f031301ca8afc722c7ef53b87efa27a3c4b58ee15217d"
score = 70
@@ -335623,8 +336035,8 @@ rule SIGNATURE_BASE_Webshell_Asp_1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L950-L964"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L950-L964"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8991148adf5de3b8322ec5d78cb01bdb"
logic_hash = "9cae40c8fc3966942a8fc3ee0f5d07081ba2d1c1c3156144488ba64015d6838b"
score = 70
@@ -335648,8 +336060,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Tool
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L965-L980"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L965-L980"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4ab68d38527d5834e9c1ff64407b34fb"
logic_hash = "62ba39bac09cb403a47678cd38c519642cc3c20f43c470b828ec448c42e9bb73"
score = 70
@@ -335674,8 +336086,8 @@ rule SIGNATURE_BASE_Webshell_Cmd_Win32
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L981-L995"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L981-L995"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cc4d4d6cc9a25984aa9a7583c7def174"
logic_hash = "b90ba15b7b2c557f7b2303695b7f1f737f63df06d712c89e0cfea51c7d37e21d"
score = 70
@@ -335699,8 +336111,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Jshell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L996-L1013"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L996-L1013"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "124b22f38aaaf064cef14711b2602c06"
logic_hash = "dfe3ac097de4ca406ab7ec967fdc03d1e87c74f84fc675b58438a842d80cccda"
score = 70
@@ -335727,8 +336139,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Zehir4
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1014-L1027"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1014-L1027"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7f4e12e159360743ec016273c3b9108c"
logic_hash = "aa3e07ee6369dd5f86f28a53c8e45391de718d4935021339a7b47829b5196f54"
score = 70
@@ -335751,8 +336163,8 @@ rule SIGNATURE_BASE_Webshell_Wsb_Idc
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1028-L1042"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1028-L1042"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7c5b1b30196c51f1accbffb80296395f"
logic_hash = "f274061f1a02ab65bc574a6586343f74262a463c5200cd2c231a752f54967404"
score = 70
@@ -335776,8 +336188,8 @@ rule SIGNATURE_BASE_Webshell_Cpg_143_Incl_Xpl
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1043-L1057"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1043-L1057"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5937b131b67d8e0afdbd589251a5e176"
logic_hash = "7c2ce25c33e167761d72331d7c4d4f7cd6029ee0caf6e2008df8b12894faaaf8"
score = 70
@@ -335801,8 +336213,8 @@ rule SIGNATURE_BASE_Webshell_Mumaasp_Com
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1058-L1071"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1058-L1071"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cce32b2e18f5357c85b6d20f564ebd5d"
logic_hash = "75e2a056782190e9914264b9e34002faea75a35ab0f97bf1e05dec15432d064c"
score = 70
@@ -335825,8 +336237,8 @@ rule SIGNATURE_BASE_Webshell_Php_404
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1072-L1085"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1072-L1085"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ced050df5ca42064056a7ad610a191b3"
logic_hash = "3fc928e6edda8fdc4220f57215db61b7fbf8de5b00423b219a173c8ecde40b79"
score = 70
@@ -335849,8 +336261,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_Cnseay_X
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1086-L1099"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1086-L1099"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a0f9f7f5cd405a514a7f3be329f380e5"
logic_hash = "59cb8b8a5873b716a25096c7b12f09293a812b63f31fea07d919b9c4d2bc9a19"
score = 70
@@ -335873,8 +336285,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Up
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1100-L1114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1100-L1114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f775e721cfe85019fe41c34f47c0d67c"
logic_hash = "dff2896d2226ade08e74147121a0e0036e8545dfff36b48b5a0771c9c7d537e9"
score = 70
@@ -335898,8 +336310,8 @@ rule SIGNATURE_BASE_Webshell_Phpkit_0_1A_Odd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1115-L1131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1115-L1131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3c30399e7480c09276f412271f60ed01"
logic_hash = "745734658ed4000e1399531ae44125f8462ecd37388e6223cfa9bf91dbb52bbc"
score = 70
@@ -335925,8 +336337,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Cmd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1132-L1145"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1132-L1145"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "97af88b478422067f23b001dd06d56a9"
logic_hash = "c1353e43876e18f18638a558a29a12d6e82603641fedd81b042adca91fea0d18"
score = 70
@@ -335949,8 +336361,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Shell_X3
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1146-L1161"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1146-L1161"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a2f8fa4cce578fc9c06f8e674b9e63fd"
logic_hash = "7361a7eecf345b9c1809294b6b081db8769805ec3e6c656adc4ac87261193683"
score = 70
@@ -335975,8 +336387,8 @@ rule SIGNATURE_BASE_Webshell_PHP_G00Nv13
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1162-L1176"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1162-L1176"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "35ad2533192fe8a1a76c3276140db820"
logic_hash = "dd9f03a7ad0d2b73f7a8602ab267e0e8e5cb1f9250f9a25c86ded3797df2f8d5"
score = 70
@@ -336000,8 +336412,8 @@ rule SIGNATURE_BASE_Webshell_Php_H6Ss
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1177-L1190"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1177-L1190"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "272dde9a4a7265d6c139287560328cd5"
logic_hash = "c4001be111ff271335dd65c15c59da979a8e202bcf58a7f10de7f03644472153"
score = 70
@@ -336024,8 +336436,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Zx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1191-L1204"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1191-L1204"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "67627c264db1e54a4720bd6a64721674"
logic_hash = "d97df624801d0f24141dfe7074d290a56e639af7d867c907362ff4434c3eeac0"
score = 70
@@ -336048,8 +336460,8 @@ rule SIGNATURE_BASE_Webshell_Ani_Shell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1205-L1220"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1205-L1220"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "889bfc9fbb8ee7832044fc575324d01a"
logic_hash = "c8caf8686c36a41b5aae093e88b8872350cf625c59a14389c5df93f284c8f05a"
score = 70
@@ -336074,8 +336486,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_K8Cmd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1221-L1234"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1221-L1234"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b39544415e692a567455ff033a97a682"
logic_hash = "e523a5b1118c6f4d5798f130c00466c7945d27a6fbe0d4cb3a40b7f36da2a502"
score = 70
@@ -336098,8 +336510,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1236-L1249"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1236-L1249"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5391c4a8af1ede757ba9d28865e75853"
logic_hash = "e48d4e2d14a3605fd9dda03630820a0fb53d893cc4d283739fde11f9ab7d9d1e"
score = 70
@@ -336122,8 +336534,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_K81
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1251-L1265"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1251-L1265"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "41efc5c71b6885add9c1d516371bd6af"
logic_hash = "f9c6b5bec9313c6fd059055fa18332675838419bba3348bb852b50806f26ccb2"
score = 70
@@ -336147,8 +336559,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Zehir
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1266-L1279"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1266-L1279"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0061d800aee63ccaf41d2d62ec15985d"
logic_hash = "90920258017cf189da128dce477e71f0040bc66aefa6f018f64db64d22f60ae5"
score = 70
@@ -336172,8 +336584,8 @@ rule SIGNATURE_BASE_Webshell_Worse_Linux_Shell_1
modified = "2025-11-03"
old_rule_name = "webshell_Worse_Linux_Shell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1280-L1294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1280-L1294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8338c8d9eab10bd38a7116eb534b5fa2"
logic_hash = "a24e7ae7c722da7f265f032315b1e8e402c2fc4a2a54a685671a9e52124f6553"
score = 70
@@ -336196,8 +336608,8 @@ rule SIGNATURE_BASE_Webshell_Zacosmall
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1295-L1308"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1295-L1308"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5295ee8dc2f5fd416be442548d68f7a6"
logic_hash = "739d58e3ab6712c703e0cb0e0070afec3376844b77ed081a5d12407cabb62319"
score = 70
@@ -336220,8 +336632,8 @@ rule SIGNATURE_BASE_Webshell_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1309-L1322"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1309-L1322"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c6eeacbe779518ea78b8f7ed5f63fc11"
logic_hash = "9630fc0371193bfbd0bd4fb15856477e7739fc9f11ee539d119ee837b1a54502"
score = 70
@@ -336244,8 +336656,8 @@ rule SIGNATURE_BASE_Webshell_Redirect
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1323-L1336"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1323-L1336"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "97da83c6e3efbba98df270cc70beb8f8"
logic_hash = "b16026623fe7802db9823ad4a3dab051747eea6bd41ce72a0c8c6757bfa2c6f7"
score = 70
@@ -336268,8 +336680,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmdjsp
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1337-L1350"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1337-L1350"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b815611cc39f17f05a73444d699341d4"
logic_hash = "b4822e47a27c598be746ac71bf9b60dafe08d50c83a2dfee5e40ea384fcff21a"
score = 70
@@ -336292,8 +336704,8 @@ rule SIGNATURE_BASE_Webshell_Java_Shell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1351-L1365"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1351-L1365"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "36403bc776eb12e8b7cc0eb47c8aac83"
logic_hash = "0d313ff81a36b456326df0054853c31d69710fc142fcfa65747691238af4e635"
score = 70
@@ -336317,8 +336729,8 @@ rule SIGNATURE_BASE_Webshell_Asp_1D
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1366-L1379"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1366-L1379"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fad7504ca8a55d4453e552621f81563c"
logic_hash = "85b17fde8fb535b64e5eabc887428d9b73adc5bc6741a3a387f235a8b0c6089a"
score = 70
@@ -336341,8 +336753,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Ixrbe
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1380-L1393"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1380-L1393"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e26e7e0ebc6e7662e1123452a939e2cd"
logic_hash = "8710d092b81c5de1e328ad6e57e5c4a25748cc92844198038c103dabc1e76e77"
score = 70
@@ -336365,8 +336777,8 @@ rule SIGNATURE_BASE_Webshell_PHP_G5
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1394-L1407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1394-L1407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "95b4a56140a650c74ed2ec36f08d757f"
logic_hash = "2edffbea5142ef146cec57cb88b473532f56ab3e95151c5648eaeabe6a75feda"
score = 70
@@ -336389,8 +336801,8 @@ rule SIGNATURE_BASE_Webshell_PHP_R57142
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1408-L1421"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1408-L1421"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0911b6e6b8f4bcb05599b2885a7fe8a8"
logic_hash = "3afa0463de3acb12480dba1b2ab9cd53fca88216ba54c5e044e48ebd84bf17bd"
score = 70
@@ -336413,8 +336825,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Tree
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1422-L1436"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1422-L1436"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bcdf7bbf7bbfa1ffa4f9a21957dbcdfa"
logic_hash = "180aa4572a42d23f3e44589f876356ec973fd64cdd53bac69936b93699888ac2"
score = 70
@@ -336438,8 +336850,8 @@ rule SIGNATURE_BASE_Webshell_C99Madshell_V_3_0_Smowu
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1437-L1451"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1437-L1451"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "74e1e7c7a6798f1663efb42882b85bee"
logic_hash = "d84a5c573b89790efdbe67a684feb7db88521027e86b7588f090696fd90cbc87"
score = 70
@@ -336463,8 +336875,8 @@ rule SIGNATURE_BASE_Webshell_Simple_Backdoor
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1452-L1467"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1452-L1467"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f091d1b9274c881f8e41b2f96e6b9936"
logic_hash = "252285e8a796757235d775427e5a73980d065c1221190545428910a77f46bb9a"
score = 70
@@ -336489,8 +336901,8 @@ rule SIGNATURE_BASE_Webshell_PHP_404
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1468-L1481"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1468-L1481"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "078c55ac475ab9e028f94f879f548bca"
logic_hash = "b0524ecddf990048e3e40f471c24075c0e87654c6fe40f17dc3ff43743402e24"
score = 70
@@ -336513,8 +336925,8 @@ rule SIGNATURE_BASE_Webshell_Macker_S_Private_Phpshell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1482-L1497"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1482-L1497"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e24cbf0e294da9ac2117dc660d890bb9"
logic_hash = "4bccc1aca8698e601133436a55538c08e3e1fa113a0776c04590eaf4a10fd309"
score = 70
@@ -336539,8 +336951,8 @@ rule SIGNATURE_BASE_Webshell_Antichat_Shell_V1_3_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1498-L1511"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1498-L1511"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "40d0abceba125868be7f3f990f031521"
logic_hash = "d5a1dc31f442f8db7771ee64164436f6c562ef9f4a203a1e2006d37f9df91846"
score = 70
@@ -336563,8 +336975,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Breaker
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1512-L1526"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1512-L1526"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5bd07ccb1111950a5b47327946bfa194"
logic_hash = "4adcefc05413a02653a2a405791345a1a76058a39f6e2b03765c4485f7c6b106"
score = 70
@@ -336588,8 +337000,8 @@ rule SIGNATURE_BASE_Webshell_Sst_Sheller
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1527-L1541"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1527-L1541"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d93c62a0a042252f7531d8632511ca56"
logic_hash = "4faac0b22fec809f2100bad200ba1f9fb9e16fab743e1b1cbfe0b80c6d2fee32"
score = 70
@@ -336613,8 +337025,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_List
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1542-L1557"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1542-L1557"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1ea290ff4259dcaeb680cec992738eda"
logic_hash = "5641bff0ec161fe72e502641b6138186d541ebfcbf499e0295a61f9f6f085654"
score = 70
@@ -336639,8 +337051,8 @@ rule SIGNATURE_BASE_Webshell_Phpjackal_V1_5
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1558-L1572"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1558-L1572"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d76dc20a4017191216a0315b7286056f"
logic_hash = "457bc71cb8e684dafb14b1c5d2faa4366cedce5eba9545493be2b1d49daf98b6"
score = 70
@@ -336664,8 +337076,8 @@ rule SIGNATURE_BASE_Webshell_Customize
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1573-L1586"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1573-L1586"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d55578eccad090f30f5d735b8ec530b1"
logic_hash = "462d97427793ef6e897b33f4fd02d452ad8cd11ddef21aa25d13efc981eb3afb"
score = 70
@@ -336688,8 +337100,8 @@ rule SIGNATURE_BASE_Webshell_S72_Shell_V1_1_Coding
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1587-L1600"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1587-L1600"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c2e8346a5515c81797af36e7e4a3828e"
logic_hash = "fd200d8aa347242546a1da311edc61ceebaec5f7d6b4fe2f49f069b36689f547"
score = 70
@@ -336712,8 +337124,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Sys3
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1601-L1616"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1601-L1616"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b3028a854d07674f4d8a9cf2fb6137ec"
logic_hash = "14b0ac1b1b8538b0c05dcd0a8b7129fdcad2e595ea00630bd55cee6dff596d4f"
score = 70
@@ -336738,8 +337150,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Guige02
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1617-L1631"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1617-L1631"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a3b8b2280c56eaab777d633535baf21d"
logic_hash = "c214e50b209970c03d389d97673901ec44b2727e5c7588e5e4d0a644cc691423"
score = 70
@@ -336763,8 +337175,8 @@ rule SIGNATURE_BASE_Webshell_Php_Ghost
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1632-L1647"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1632-L1647"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "38dc8383da0859dca82cf0c943dbf16d"
logic_hash = "9a7635d313345e7b7cb7424726ed62015afd78412b504e406155f85c4cdf623f"
score = 70
@@ -336789,8 +337201,8 @@ rule SIGNATURE_BASE_Webshell_Winx_Shell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1648-L1662"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1648-L1662"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "17ab5086aef89d4951fe9b7c7a561dda"
logic_hash = "e6dd5178cafccca751dd3f2e36206acd214a65b2e0783a738a104b3dc680ca21"
score = 70
@@ -336814,8 +337226,8 @@ rule SIGNATURE_BASE_Webshell_Crystal_Crystal
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1663-L1677"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1663-L1677"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fdbf54d5bf3264eb1c4bff1fac548879"
logic_hash = "735332a2ec7df65cca4ca69e702c5893d302a01c7ee7b84d01a1e6ab9646de93"
score = 70
@@ -336839,8 +337251,8 @@ rule SIGNATURE_BASE_Webshell_R57_1_4_0
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1678-L1694"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1678-L1694"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "574f3303e131242568b0caf3de42f325"
logic_hash = "cb48621c572d529b8dc634e7b6360257ad4fce9664bfca7ee7c0101be42d2c24"
score = 70
@@ -336866,8 +337278,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ajn
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1696-L1710"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1696-L1710"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aaafafc5d286f0bff827a931f6378d04"
logic_hash = "0a6c9a210c0337d6b984bcf6cd7f14103a0f6f5d38a26c789519c2b1629aaede"
score = 70
@@ -336891,8 +337303,8 @@ rule SIGNATURE_BASE_Webshell_Php_Cmd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1711-L1726"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1711-L1726"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c38ae5ba61fd84f6bbbab98d89d8a346"
logic_hash = "d9a0802f6fd7047ba5477f6bba61c4ac02cabfce06270fdbd8e8e68a693ccf68"
score = 70
@@ -336917,8 +337329,8 @@ rule SIGNATURE_BASE_Webshell_Asp_List
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1727-L1741"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1727-L1741"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1cfa493a165eb4b43e6d4cc0f2eab575"
logic_hash = "9c8bdeb5992015b26fbee418ed6e6b7c6b0901f26bddf9dc26706c0b63ea9c95"
score = 70
@@ -336942,8 +337354,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Co
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1742-L1756"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1742-L1756"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "62199f5ac721a0cb9b28f465a513874c"
logic_hash = "3fab3e97d10b6c56fb7df8bcd520bda318fc127a620c5aafba09cb36ffd6a8df"
score = 70
@@ -336967,8 +337379,8 @@ rule SIGNATURE_BASE_Webshell_PHP_150
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1757-L1771"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1757-L1771"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "400c4b0bed5c90f048398e1d268ce4dc"
logic_hash = "139e3d6aa3cd2b6a9731a6cc14c921f9fd82ff7ca79d156f1ff6bc544897fb12"
score = 70
@@ -336992,8 +337404,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmdjsp_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1772-L1786"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1772-L1786"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b5ae3649f03784e2a5073fa4d160c8b"
logic_hash = "83be82e260adcff9d3d11344c363f6b5da331339ffe78e561cea9ab09b209030"
score = 70
@@ -337017,8 +337429,8 @@ rule SIGNATURE_BASE_Webshell_PHP_C37
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1787-L1801"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1787-L1801"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d01144c04e7a46870a8dd823eb2fe5c8"
logic_hash = "b93394f4e05cc96c31a8adcb0981aa8b069780893c469b41ece3d3ce92c42251"
score = 70
@@ -337042,8 +337454,8 @@ rule SIGNATURE_BASE_Webshell_PHP_B37
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1802-L1815"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1802-L1815"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0421445303cfd0ec6bc20b3846e30ff0"
logic_hash = "ae0cca5723a1e885c26ece5082c24f4c95f0262b8e7baf6db5efde5cfee2cc42"
score = 70
@@ -337066,8 +337478,8 @@ rule SIGNATURE_BASE_Webshell_Php_Backdoor
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1816-L1830"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1816-L1830"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2b5cb105c4ea9b5ebc64705b4bd86bf7"
logic_hash = "1f754b4d29eb93316183cf904b375ded7ccdae1d2196fe05950c449ed0d690f4"
score = 70
@@ -337091,8 +337503,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Dabao
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1831-L1845"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1831-L1845"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3919b959e3fa7e86d52c2b0a91588d5d"
logic_hash = "62cf46dc16a7365d196c2cb8ede8b1380a0877d134d3726d7c777096a4eda942"
score = 70
@@ -337116,8 +337528,8 @@ rule SIGNATURE_BASE_Webshell_Php_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1846-L1859"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1846-L1859"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "267c37c3a285a84f541066fc5b3c1747"
logic_hash = "bd485c825ae7ac11ff67d109d3c07fb405272a5919e00af39788d1a9c94e754d"
score = 70
@@ -337140,8 +337552,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Cmdasp
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1860-L1874"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1860-L1874"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "57b51418a799d2d016be546f399c2e9b"
logic_hash = "4259419b4db8e6a83df6f7d258d41028f7f76b0fd2308eeadb4555066c5a2940"
score = 70
@@ -337165,8 +337577,8 @@ rule SIGNATURE_BASE_Webshell_Spjspshell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1875-L1888"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1875-L1888"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d39d51154aaad4ba89947c459a729971"
logic_hash = "7926eadd3ffb21de73a63e7a28a525037bf88396ea369599b41ac8c0b0d112ad"
score = 70
@@ -337189,8 +337601,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Action
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1889-L1903"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1889-L1903"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5a7d931094f5570aaf5b7b3b06c3d8c0"
logic_hash = "5ea7d074d0fe98cf2514a65231013a374532d6b3aa2487bcc34d4285f558752a"
score = 70
@@ -337214,8 +337626,8 @@ rule SIGNATURE_BASE_Webshell_Inderxer
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1904-L1917"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1904-L1917"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9ea82afb8c7070817d4cdf686abe0300"
logic_hash = "915f2f38c1ca1321980ac66ebb95b0c46443e0ba64cc4b2014200db43439c85e"
score = 70
@@ -337238,8 +337650,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Rader
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1918-L1932"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1918-L1932"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ad1a362e0a24c4475335e3e891a01731"
logic_hash = "b578f3e844cbb361f455e55353fad2f0134ede7c3c468cebad9ae265e6e768b8"
score = 70
@@ -337263,8 +337675,8 @@ rule SIGNATURE_BASE_Webshell_C99_Madnet_Smowu
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1933-L1951"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1933-L1951"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3aaa8cad47055ba53190020311b0fb83"
logic_hash = "5c4f76bdbe535a899e40c890eb1ea65e070c781fe5dd44cf13d4832cfd6d2e13"
score = 70
@@ -337292,8 +337704,8 @@ rule SIGNATURE_BASE_Webshell_Php_Moon
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1952-L1967"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1952-L1967"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2a2b1b783d3a2fa9a50b1496afa6e356"
logic_hash = "4e26dbef647caee19a8707a067c228ba96bd986369e4c87c68964ae42c85b09a"
score = 70
@@ -337318,8 +337730,8 @@ rule SIGNATURE_BASE_Webshell_Minupload
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1969-L1983"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1969-L1983"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ec905a1395d176c27f388d202375bdf9"
logic_hash = "53dea3ea0e2cf83907273fa7f64b21b40e9a5c8e4aa34e5d46d2762396fa89ce"
score = 70
@@ -337343,8 +337755,8 @@ rule SIGNATURE_BASE_Webshell_ELMALISEKER_Backd00R
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1984-L1998"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1984-L1998"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3aa403e0a42badb2c23d4a54ef43e2f4"
logic_hash = "c5eea930dc386c60e60f052c4945c8d6c0125d3500e60794e21d5ea04f226628"
score = 70
@@ -337368,8 +337780,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Bug_1_
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L1999-L2012"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L1999-L2012"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "91c5fae02ab16d51fc5af9354ac2f015"
logic_hash = "12b957b7e0d0823721273ab71a19ee62d84a8dc5f584a46691f0e0aef996386e"
score = 70
@@ -337392,8 +337804,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Hkmjj
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2013-L2026"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2013-L2026"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e7b994fe9f878154ca18b7cde91ad2d0"
logic_hash = "9a25df170ed165fe6528e6b9374ae572bcd26cd2e1f4014c7aa4953122671fac"
score = 70
@@ -337416,8 +337828,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Asd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2027-L2041"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2027-L2041"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a042c2ca64176410236fcc97484ec599"
logic_hash = "6620b796b55a67010cd3edebc2ec84c2657717722129ea46288d262cfd1c7e1c"
score = 70
@@ -337441,8 +337853,8 @@ rule SIGNATURE_BASE_Webshell_Metaslsoft
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2043-L2056"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2043-L2056"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aa328ed1476f4a10c0bcc2dde4461789"
logic_hash = "20d938fbe21bcf04f09c6450a9acd5db556e9c9f83149d3cdd098be7a905d5ca"
score = 70
@@ -337465,8 +337877,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ajan
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2057-L2070"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2057-L2070"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b6f468252407efc2318639da22b08af0"
logic_hash = "1817786725de61150f1b3ff57597c780323a7f4df1c046cfd473e1918decd7d2"
score = 70
@@ -337489,8 +337901,8 @@ rule SIGNATURE_BASE_Webshell_Config_Myxx_Zend
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2071-L2087"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2071-L2087"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "161dc712f279e73ea8cab4b0298cc2ca3799c6d9107050c4231a81021caed37f"
score = 70
quality = 85
@@ -337516,8 +337928,8 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_Ma_Download
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2088-L2107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2088-L2107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3605e1304fb314c13d6c94d6ac9337731c6ee4fef679444d599cb3ae29023b56"
score = 70
quality = 85
@@ -337546,8 +337958,8 @@ rule SIGNATURE_BASE_Webshell_Itsec_Itsecteam_Shell_Jhn
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2108-L2125"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2108-L2125"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2775d7e47a26e06ea716bdca32a0f768eccf4d269caa3d107b4a78f8684ce741"
score = 70
quality = 85
@@ -337574,8 +337986,8 @@ rule SIGNATURE_BASE_Webshell_Ghost_Source_Icesword_Silic
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2126-L2143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2126-L2143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "22879d5279866e3c25a5b41a98b44595f191cfcac6489208b0bdb6b7ca7201e5"
score = 70
quality = 85
@@ -337602,8 +338014,8 @@ rule SIGNATURE_BASE_Webshell_Jspspy_Jspspyjdk5_Jspspyjdk51_Luci_Jsp_Spy2009_M_Ma
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2144-L2187"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2144-L2187"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6c61e5ccd4800f0cfd20532ab43f917f39a7367cc09cbe92e5320eb2c97fabf3"
score = 70
quality = 85
@@ -337656,8 +338068,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Job_Ma1_Ma4_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2188-L2208"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2188-L2208"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db76ff42079b20d9e5c40661d7b30206e6bffc828f55daa4dc210662068f8e27"
score = 70
quality = 85
@@ -337687,8 +338099,8 @@ rule SIGNATURE_BASE_Webshell_000_403_807_A_C5_Config_Css_Dm_He1P_Jspspy_Jspspyjd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2209-L2255"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2209-L2255"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cda47d7967b0f4b2a274ff2196d27d2e108b00917812093bbb3f033a8a1d1c3c"
score = 70
quality = 85
@@ -337744,8 +338156,8 @@ rule SIGNATURE_BASE_Webshell_Wso2_5_1_Wso2_5_Wso2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2256-L2273"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2256-L2273"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f2dce52f1b8d2c33cd8478a468383a87f13712dc6e5c9050fea6ede4f0d24cc5"
score = 70
quality = 85
@@ -337772,8 +338184,8 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Querydong_Spyjsp2010_T00Ls
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2274-L2294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2274-L2294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f507499304a7cf4d14a134a4c0781fed9a94c40fe3257a4168bacdf3910ffec"
score = 70
quality = 85
@@ -337803,8 +338215,8 @@ rule SIGNATURE_BASE_Webshell_404_Data_Suiyue
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2295-L2311"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2295-L2311"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7f4ab5dbd2a72574c5d188e14ae98e599359b2d662266fc4c3a39d3d4405c208"
score = 70
quality = 85
@@ -337830,8 +338242,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell_R57Shell127_Sniper_SA_Shell_Egy_Spider_She
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2312-L2337"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2312-L2337"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "04a58352202538d5446f1000c07341ea70434f00403f116233f335213687636e"
score = 70
quality = 85
@@ -337866,8 +338278,8 @@ rule SIGNATURE_BASE_Webshell_807_A_Css_Dm_He1P_Jspspy_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2338-L2376"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2338-L2376"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb045425a9f519dd7bf028a7795b16b89768682f5850b6a4d45f0991bfeb6431"
score = 70
quality = 85
@@ -337915,8 +338327,8 @@ rule SIGNATURE_BASE_Webshell_201_3_Ma_Download
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2377-L2396"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2377-L2396"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14eccd07e7bef9d570f75fc4adc204d175dcfbb5b950bdb3e25a65d3c5bb0310"
score = 70
quality = 85
@@ -337945,8 +338357,8 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_400_In_Jfolder_Jfolder01_Jsp_Leo_Ma_W
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2397-L2424"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2397-L2424"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bf0fd37b542c9362a47180ee03ea28995b48d483f72273e472292a320a3ddee"
score = 70
quality = 85
@@ -337983,8 +338395,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2006_Arabicspy
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2425-L2442"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2425-L2442"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bd9f1ffdbf94dd5a871fc7c3b31d2357e99265d02bfe1c836f82d251053dce7d"
score = 70
quality = 85
@@ -338011,8 +338423,8 @@ rule SIGNATURE_BASE_Webshell_In_Jfolder_Jfolder01_Jsp_Leo_Warn
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2443-L2463"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2443-L2463"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "00c3667438a688b990cf1c8bb6db52be7c6d1b36192dece4e8b07edda68f4b72"
score = 70
quality = 85
@@ -338042,8 +338454,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Icesword_Job_Ma1_Ma4_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2464-L2486"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2464-L2486"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "765efb4f776d9ffe5dab1b5decbb60df654e1de9ab8ae7e0437c5c8f717642b9"
score = 70
quality = 85
@@ -338075,8 +338487,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy_2005_Full_Phpspy_2005_Lite_PHPSPY
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2487-L2505"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2487-L2505"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "80c8e7b50aea91284a25ffd3a07d8705c24b6a95a58f42ec6043ececcff32dbb"
score = 70
quality = 85
@@ -338104,8 +338516,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2006_Arabicspy_Hkrkoz
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2506-L2523"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2506-L2523"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "228e0a73f14da2957f75ae898fdbcf2386deb366df6ddc312162ab723bac44ba"
score = 70
quality = 85
@@ -338132,8 +338544,8 @@ rule SIGNATURE_BASE_Webshell_C99_Shell_Ci_Biz_Was_Here_C100_V_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2524-L2543"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2524-L2543"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ccc3cb553f7b5d089a43612d48522cc4a66b4a8ab433321ae1a716a8fa57b62c"
score = 70
quality = 85
@@ -338162,8 +338574,8 @@ rule SIGNATURE_BASE_Webshell_2008_2009Lite_2009Mssql
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2544-L2561"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2544-L2561"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ae33048856440e25972aa5483b60e775f50f60a9ef5e77a58edd60eacdcd9ee3"
score = 70
quality = 85
@@ -338190,8 +338602,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2005_Full_Phpspy_2005_Lite_Phpspy_2006
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2562-L2583"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2562-L2583"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5da06481cf789e71969a5b54a33bfab41e08a1961cc056604a696203fef48422"
score = 70
quality = 85
@@ -338222,8 +338634,8 @@ rule SIGNATURE_BASE_Webshell_807_Dm_Jspspyjdk5_M_Cofigrue
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2584-L2603"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2584-L2603"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0fc7ac740e147bd3703dac74743b19148aa7bb359cc5f347acf3b0dbe26bf752"
score = 70
quality = 85
@@ -338252,8 +338664,8 @@ rule SIGNATURE_BASE_Webshell_Dive_Shell_1_0_Emperor_Hacking_Team_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2604-L2621"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2604-L2621"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8bf11041a16060fa32431adfe33727863355bae7fec2cf841dcc919092db5c80"
score = 70
quality = 85
@@ -338280,8 +338692,8 @@ rule SIGNATURE_BASE_Webshell_404_Data_In_Jfolder_Jfolder01_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2622-L2644"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2622-L2644"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "171b811c1b93f99f3070692a91a0462f80d9d52ecf26d7fb7297a8bdd9a4c014"
score = 70
quality = 85
@@ -338313,8 +338725,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Reverse_Jsp_Reverse_Jspbd
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2645-L2663"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2645-L2663"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd7409bb6ace3044f3d0bf380133c4fe4a7c0c0309f9d800b397439aa95f81fc"
score = 50
quality = 85
@@ -338342,8 +338754,8 @@ rule SIGNATURE_BASE_Webshell_400_In_Jfolder_Jfolder01_Jsp_Leo_Warn_Webshell_Nc
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2664-L2688"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2664-L2688"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "74e31e51f2cb46a042e8591ffb44fe68fb591d202c8171c6afb556eddb381f6f"
score = 70
quality = 85
@@ -338377,8 +338789,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Job_Jspwebshell_1_2_Ma1_Ma4_2
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2689-L2711"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2689-L2711"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49614b2a42210fa134f85fa52c66e12809f2bb9eaf56c17b69d21e5fbfc8888b"
score = 70
quality = 85
@@ -338410,8 +338822,8 @@ rule SIGNATURE_BASE_Webshell_Shell_2008_2009Mssql_Phpspy_2005_Full_Phpspy_2006_A
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2712-L2736"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2712-L2736"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "140af92ab61059649a872bef96b916f2c402fd9891301d4a1ba1f389a45af003"
score = 60
quality = 85
@@ -338445,8 +338857,8 @@ rule SIGNATURE_BASE_Webshell_Gfs_Sh_R57Shell_R57Shell127_Sniper_SA_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2737-L2762"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2737-L2762"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "24d93f9ae5e174873a32abdf8dca6c00f03cbb4c5e2ad531ac7fa34f8fc90794"
score = 70
quality = 85
@@ -338481,8 +338893,8 @@ rule SIGNATURE_BASE_Webshell_Itsec_Phpjackal_Itsecteam_Shell_Jhn
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2763-L2782"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2763-L2782"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c97731c28f59a6fbab2b7882fae171da8d71add73ec92ab6093dec57fcd7207"
score = 70
quality = 85
@@ -338511,8 +338923,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Ci_Biz_Was_Here_C100_V_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2783-L2803"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2783-L2803"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a7841dec442877648a589045849f7f1b80316a30dda5a44ccc4bb626dbd2cdea"
score = 70
quality = 85
@@ -338542,8 +338954,8 @@ rule SIGNATURE_BASE_Webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_Xxx1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2804-L2823"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2804-L2823"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "95d25e9dc75a9af91e23b8c53acb384616f5d8a78605200bdb94f016a7f160f6"
score = 70
quality = 85
@@ -338572,8 +338984,8 @@ rule SIGNATURE_BASE_Webshell_C99_C99Shell_C99_W4Cking_Shell_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2824-L2852"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2824-L2852"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "731bbf06208d20874c1d8464472e6a66a2e9b0bc2dc0475783763b99eb70fefa"
score = 70
quality = 85
@@ -338611,8 +339023,8 @@ rule SIGNATURE_BASE_Webshell_2008_2009Mssql_Phpspy_2005_Full_Phpspy_2006_Arabics
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2853-L2875"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2853-L2875"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d78db4d45a35d6a78d4288e00a382a0937e3806f0570bd353b88955664a47f6"
score = 70
quality = 85
@@ -338644,8 +339056,8 @@ rule SIGNATURE_BASE_Webshell_C99_C66_C99_Shadows_Mod_C99Shell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2876-L2898"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2876-L2898"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b50a6124f25bbb6fcc9d16d1de26d833a4b968db8e8033e76f3a74695577017e"
score = 70
quality = 85
@@ -338677,8 +339089,8 @@ rule SIGNATURE_BASE_Webshell_He1P_Jspspy_Nogfw_Ok_Style_1_Jspspy1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2899-L2922"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2899-L2922"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "522ba5f797e33c27fef3ae8d89889c31799073ed3c770a49401f4d42ead04640"
score = 70
quality = 85
@@ -338711,8 +339123,8 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Config_Myxx_Querydong_Spyjsp2010_Zend
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2923-L2946"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2923-L2946"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ca710973592718c5455508c5798b3c51dce994d5ebd33aa3a59d1b03c096bdf"
score = 70
quality = 85
@@ -338745,8 +339157,8 @@ rule SIGNATURE_BASE_Webshell_C99_C99Shell_C99_C99Shell
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2947-L2965"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2947-L2965"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b999b1a8307e228fb97772799369e292fb806d614159f2b2abfc7a71c5bdb225"
score = 70
quality = 85
@@ -338774,8 +339186,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell127_R57_Ifx_R57_Kartal_R57_Antichat
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2966-L2987"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2966-L2987"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "23887963068f7dd2e4c85b11079276a00786d1a753f22e3b63f01139087a7f4c"
score = 70
quality = 85
@@ -338806,8 +339218,8 @@ rule SIGNATURE_BASE_Webshell_NIX_REMOTE_WEB_SHELL_Nstview_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L2988-L3007"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L2988-L3007"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b10e89c6b1851f88a2bbb9116969ea3770366c162b911cb8a2c3a033da3a46bc"
score = 70
quality = 85
@@ -338836,8 +339248,8 @@ rule SIGNATURE_BASE_Webshell_000_403_807_A_C5_Config_Css_Dm_He1P_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3008-L3058"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3008-L3058"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46eede3a1af29e344ed5107fc0af4bd13cd1492bff340d61063911bbb474e7b3"
score = 70
quality = 85
@@ -338897,8 +339309,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Icesword_Job_Ma1
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3059-L3079"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3059-L3079"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "795eb586310d87a3c6b53117bf2c8cbcfadcb177f5a5129c17fd21f0b64c385c"
score = 70
quality = 85
@@ -338928,8 +339340,8 @@ rule SIGNATURE_BASE_Webshell_404_Data_In_Jfolder_Jfolder01_Jsp_Suiyue_Warn
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3080-L3104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3080-L3104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e0da29499d76539fb1f5cfbe0a00331eeb0bb8fa861f2e2d686130ee4939fac"
score = 70
quality = 85
@@ -338963,8 +339375,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy_2005_Full_Phpspy_2005_Lite_Phpspy_2006_PHPSP
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3106-L3126"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3106-L3126"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fc47a50c5964574fb9b9caf3fb94041f028998577bf4ccf21884a41fa1876572"
score = 70
quality = 85
@@ -338994,8 +339406,8 @@ rule SIGNATURE_BASE_Webshell_C99_Locus7S_C99_W4Cking_Xxx
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3127-L3156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3127-L3156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4afadac41e729f77711eb3ea3ee8f6e8ce61e19294e90db024e5334e214d9647"
score = 70
quality = 85
@@ -339034,8 +339446,8 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_Ma_Ma2_Download
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3157-L3178"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3157-L3178"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b8bb6ca2eb146f8c170d629612ba12d4663445d443b681f2859af25d50ab6fe"
score = 70
quality = 85
@@ -339066,8 +339478,8 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Querydong_Spyjsp2010
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3179-L3200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3179-L3200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd01bb059d741fedaee17d46355c7cd8a845d714b20ae37db36424544b954d2f"
score = 70
quality = 85
@@ -339098,8 +339510,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell127_R57_Kartal_R57
date = "2014-01-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3201-L3219"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3201-L3219"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fd849f76f8348ee57a9c96eed91c8cac416fdc45a08c93e93ebc952375de27a3"
score = 70
quality = 85
@@ -339127,8 +339539,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Con2
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3221-L3235"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3221-L3235"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d3584159ab299d546bd77c9654932ae3"
logic_hash = "c681b04a1ee4d6af3275b6d772ef35f8bc888a5fcaf3b84f29f77c264e8ad9b9"
score = 70
@@ -339152,8 +339564,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Make2
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3236-L3249"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3236-L3249"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9af195491101e0816a263c106e4c145e"
logic_hash = "7c94c925b5fd7fbc37428c21a9ea3c5a73f4fa0a20a1f5d03f0d5a990bd6f45a"
score = 50
@@ -339176,8 +339588,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Aaa
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3250-L3265"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3250-L3265"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "68483788ab171a155db5266310c852b2"
logic_hash = "3c5b9dd86dc790b03a8540b2fb3a717c5ad17d34f366a319faa127479387eed9"
score = 70
@@ -339202,8 +339614,8 @@ rule SIGNATURE_BASE_Webshell_Expdoor_Com_ASP
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3266-L3283"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3266-L3283"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "caef01bb8906d909f24d1fa109ea18a7"
logic_hash = "838edb9d718b5e1a8be155c4569b4a291b37337e71b435c2b1cd6bcaa53c0dea"
score = 70
@@ -339230,8 +339642,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php2
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3284-L3297"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3284-L3297"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fbf2e76e6f897f6f42b896c855069276"
logic_hash = "0350df076a25af77fbd8d5db2b38438a10cd5b9237b23b2f64c6360607b41982"
score = 70
@@ -339254,8 +339666,8 @@ rule SIGNATURE_BASE_Webshell_Bypass_Iisuser_P
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3298-L3311"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3298-L3311"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "924d294400a64fa888a79316fb3ccd90"
logic_hash = "60d0609291e5def26ce949c903ac767db4157b4f9cf4eee315c69ee7a8d8e77b"
score = 70
@@ -339278,8 +339690,8 @@ rule SIGNATURE_BASE_Webshell_Sig_404Super
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3312-L3330"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3312-L3330"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7ed63176226f83d36dce47ce82507b28"
logic_hash = "01ecffc6bca2acf1ea4f4d965f3513f7b08ee3d5abbda29d53081f2931ecf9e9"
score = 70
@@ -339307,8 +339719,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_JSP
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3331-L3346"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3331-L3346"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "495f1a0a4c82f986f4bdf51ae1898ee7"
logic_hash = "bcb2f5d16ff3cc1454bf4653defe037e02a9228a5b7cf7428b1a577f4207c3c8"
score = 70
@@ -339333,8 +339745,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_123
date = "2014-03-28"
modified = "2023-01-27"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3347-L3364"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3347-L3364"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2782bb170acaed3829ea9a04f0ac7218"
logic_hash = "1caccadf2bd7d265f9b5026c82acc31ade95313d57382651004db8b5e361312d"
score = 70
@@ -339360,8 +339772,8 @@ rule SIGNATURE_BASE_Webshell_Dev_Core
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3365-L3383"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3365-L3383"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "55ad9309b006884f660c41e53150fc2e"
logic_hash = "b3c7a9bdaa7e5bf76df9ffba94157777c32199edeaa1c8745e9400d138abc267"
score = 70
@@ -339389,8 +339801,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3384-L3401"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3384-L3401"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b0e842bdf83396c3ef8c71ff94e64167"
logic_hash = "a943f3b0d1d56194e250c7cf3e05b2bfec7b29f91ef56085d645efa3fe8995c9"
score = 70
@@ -339417,8 +339829,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Pppp
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3402-L3417"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3402-L3417"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cf01cb6e09ee594545693c5d327bdd50"
logic_hash = "bd09fc2ec88bea83b16e63afafa3d5f74f119a81046a663322f5b396b48da135"
score = 70
@@ -339443,8 +339855,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Code
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3418-L3435"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3418-L3435"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a444014c134ff24c0be5a05c02b81a79"
logic_hash = "5ae053a9afc1f720c56304c434cd89861e1df4060b7d813921e7f85978227020"
score = 70
@@ -339471,8 +339883,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jspyyy
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3436-L3449"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3436-L3449"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b291bf3ccc9dac8b5c7e1739b8fa742e"
logic_hash = "0afe45556aa7b562672cc4b609cf001aaa617b03028322abac6524f666b069e1"
score = 70
@@ -339495,8 +339907,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Xxxx
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3450-L3463"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3450-L3463"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5bcba70b2137375225d8eedcde2c0ebb"
logic_hash = "e14cc1eaf357389ca58193c77ce2f54774aebb42be9df15f12415df356c7ed42"
score = 70
@@ -339519,8 +339931,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jjjsp3
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3464-L3477"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3464-L3477"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "949ffee1e07a1269df7c69b9722d293e"
logic_hash = "44889540effa2f71889e7f6d0c5d12486e256d83b9230c4902d56f6a59b7939b"
score = 70
@@ -339543,8 +339955,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_PHP1
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3478-L3493"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3478-L3493"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "14c7281fdaf2ae004ca5fec8753ce3cb"
logic_hash = "1c5eb355455c7fbd2b74d91f78e1d77f460dfeb4fe0ee65f18aa1453337b67a0"
score = 70
@@ -339569,8 +339981,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jjjsp2
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3494-L3510"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3494-L3510"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5a9fec45236768069c99f0bfd566d754"
logic_hash = "47dca67c7a01035996d032cb3871da5532aea81ab6570c93c4a6b148fd95e9f9"
score = 70
@@ -339596,8 +340008,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Radhat
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3511-L3524"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3511-L3524"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "72cb5ef226834ed791144abaa0acdfd4"
logic_hash = "28d4d380b25da05a3be439bad72725fa49c947535dfeb5c24994a849c0592b81"
score = 70
@@ -339620,8 +340032,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Asp1
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3525-L3539"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3525-L3539"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b63e708cd58ae1ec85cf784060b69cad"
logic_hash = "6c76c5388825e29d333096d4cfa3782b7776f31b206a0ed5a8809428d698778b"
score = 70
@@ -339645,8 +340057,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php6
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3540-L3555"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3540-L3555"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ea75280224a735f1e445d244acdfeb7b"
logic_hash = "495dc6c6769b8605ea946c012ad0ebb54685e7e91afd383027640753d90c6b3f"
score = 70
@@ -339671,8 +340083,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Xxx
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3556-L3569"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3556-L3569"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0e71428fe68b39b70adb6aeedf260ca0"
logic_hash = "837ed266af8a65ac683be39c32509df34bc8041b336a71c12700ca73bf210b4d"
score = 70
@@ -339695,8 +340107,8 @@ rule SIGNATURE_BASE_Webshell_Getpostphp
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3570-L3583"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3570-L3583"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "20ede5b8182d952728d594e6f2bb5c76"
logic_hash = "e75f66200593c3fdaadf1881235847f6c3f3caadcb7ffe13e8b01bce5f922702"
score = 70
@@ -339719,8 +340131,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php5
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3584-L3597"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3584-L3597"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cf2ab009cbd2576a806bfefb74906fdf"
logic_hash = "280be378bc6cf52ef9454083180015ed00f9d0bc936620a4105c34c3a3002383"
score = 70
@@ -339743,8 +340155,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_PHP
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3598-L3615"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3598-L3615"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a524e7ae8d71e37d2fd3e5fbdab405ea"
logic_hash = "706f835f63e153f907ae8a5a48f1dc4b9d3b8511b21b7155bc045b0ebdc893fc"
score = 70
@@ -339771,8 +340183,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Asp
date = "2014-03-28"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3616-L3631"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3616-L3631"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "32c87744ea404d0ea0debd55915010b7"
logic_hash = "dd2e9f753e8fa781c28c2d5bb9336bb3f39ed8a496bd89eb54bc1812ef512ab5"
score = 70
@@ -339797,8 +340209,8 @@ rule SIGNATURE_BASE_Perlbot_Pl
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3635-L3646"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3635-L3646"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7e4deb9884ffffa5d82c22f8dc533a45"
logic_hash = "784980d620e71fb0cf5aed9ef8bd171a8f50d850bc782645575070b75c42e426"
score = 75
@@ -339821,8 +340233,8 @@ rule SIGNATURE_BASE_Php_Backdoor_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3647-L3659"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3647-L3659"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2b5cb105c4ea9b5ebc64705b4bd86bf7"
logic_hash = "acab82b40760b45d49da51953f78c69166955de54918634c9bfe394208cdbb56"
score = 75
@@ -339846,8 +340258,8 @@ rule SIGNATURE_BASE_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3660-L3672"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3660-L3672"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c6eeacbe779518ea78b8f7ed5f63fc11"
logic_hash = "a0606dad4474579354709fe6306d15427afc4dec8ad6760a0ee9e91c86c23e4d"
score = 75
@@ -339871,8 +340283,8 @@ rule SIGNATURE_BASE_Nshell__1__Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3673-L3684"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3673-L3684"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "973fc89694097a41e684b43a21b1b099"
logic_hash = "53c7cd24c4eddbded1b4c16fd2758bdf66c0bbe396e487a56d56fc053cf3cc1a"
score = 75
@@ -339895,8 +340307,8 @@ rule SIGNATURE_BASE_Shankar_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3685-L3697"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3685-L3697"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6eb9db6a3974e511b7951b8f7e7136bb"
logic_hash = "58b365206c18b8394cf1e03b71b8e47be10bc933bc2c05b7b03b7dad94f6d6b8"
score = 75
@@ -339920,8 +340332,8 @@ rule SIGNATURE_BASE_Casus15_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3698-L3710"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3698-L3710"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5e2ede2d1c4fa1fcc3cbfe0c005d7b13"
logic_hash = "6ee7a07163d33ca329d3be2084406629711db14db4605e8413ee963eb0f9d5a7"
score = 75
@@ -339945,8 +340357,8 @@ rule SIGNATURE_BASE_Small_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3711-L3723"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3711-L3723"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fcee6226d09d150bfa5f103bee61fbde"
logic_hash = "e0444aa604e8956d423037b70b9476f5653503055d0f1bc875d43de144ce5c44"
score = 75
@@ -339970,8 +340382,8 @@ rule SIGNATURE_BASE_Shellbot_Pl
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3724-L3738"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3724-L3738"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b2a883bc3c03a35cfd020dd2ace4bab8"
logic_hash = "5db224e4fe8608bb53f044ca6c0361dc66cadd58c6d4ea5ab4f8ae14ebde0e6e"
score = 75
@@ -339997,8 +340409,8 @@ rule SIGNATURE_BASE_Fuckphpshell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3739-L3752"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3739-L3752"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "554e50c1265bb0934fcc8247ec3b9052"
logic_hash = "0c993960b4ca880b818c7b7ba726479ed1c64c46ef8ca82d3c990d69ebe43f42"
score = 75
@@ -340023,8 +340435,8 @@ rule SIGNATURE_BASE_Ngh_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3753-L3767"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3753-L3767"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c372b725419cdfd3f8a6371cfeebc2fd"
logic_hash = "c794b216bafdaecf5bd138cc8c7552efbb8c3c571a441489d02a19793a4c294f"
score = 75
@@ -340050,8 +340462,8 @@ rule SIGNATURE_BASE_Jsp_Reverse_Jsp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3768-L3780"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3768-L3780"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8b0e6779f25a17f0ffb3df14122ba594"
logic_hash = "bdd2db4c032b25faaaf3a3a8e769000013f643ecfcb8b0374165a244ad2162a6"
score = 75
@@ -340075,8 +340487,8 @@ rule SIGNATURE_BASE_Tool_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3781-L3794"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3781-L3794"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8febea6ca6051ae5e2ad4c78f4b9c1f2"
logic_hash = "d6bd782302b2c614fc572babb3825c0e1fcd0de5841ca8541ca27580ccc274d4"
score = 75
@@ -340101,8 +340513,8 @@ rule SIGNATURE_BASE_NT_Addy_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3795-L3807"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3795-L3807"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2e0d1bae844c9a8e6e351297d77a1fec"
logic_hash = "0fc61d5e276786b8be822712cdcfc81146998e535532e44d3da92e0668713a48"
score = 75
@@ -340126,8 +340538,8 @@ rule SIGNATURE_BASE_Simattacker___Vrsion_1_0_0___Priv8_4_My_Friend_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3808-L3820"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3808-L3820"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "089ff24d978aeff2b4b2869f0c7d38a3"
logic_hash = "46bc4063d06b4af3e4e61e1e998d489e974e76f17363c9777b8afc39ff21f698"
score = 75
@@ -340151,8 +340563,8 @@ rule SIGNATURE_BASE_Remexp_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3821-L3833"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3821-L3833"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aa1d8491f4e2894dbdb91eec1abc2244"
logic_hash = "c7da9908a0252e95b47dbc8fbb36aeac1661dc464123aaca036bd51047a31584"
score = 75
@@ -340176,8 +340588,8 @@ rule SIGNATURE_BASE_Phvayvv_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3834-L3846"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3834-L3846"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "35fb37f3c806718545d97c6559abd262"
logic_hash = "503a69a7e2c30cc82eba430082627bb93c459a95f675b968126bf4524c598863"
score = 75
@@ -340201,8 +340613,8 @@ rule SIGNATURE_BASE_Klasvayv_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3847-L3860"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3847-L3860"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2b3e64bf8462fc3d008a3d1012da64ef"
logic_hash = "eb1b11e02b075a4e7d28b77cf91ad596a85e4c697a36304ee177d46735965e75"
score = 75
@@ -340227,8 +340639,8 @@ rule SIGNATURE_BASE_R57Shell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3861-L3874"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3861-L3874"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d28445de424594a5f14d0fe2a7c4e94f"
logic_hash = "658eec4f3c463ec1a480bcb7ba995b8d81d1fb846832e569751d9f505f0fa87e"
score = 75
@@ -340253,8 +340665,8 @@ rule SIGNATURE_BASE_Rst_Sql_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3875-L3888"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3875-L3888"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0961641a4ab2b8cb4d2beca593a92010"
logic_hash = "d15cf69d9ad8683d2ac1ff09b08b0b26ecaf35df8e45bbd5c3a02c393f88cb34"
score = 75
@@ -340279,8 +340691,8 @@ rule SIGNATURE_BASE_Wh_Bindshell_Py
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3889-L3901"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3889-L3901"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fab20902862736e24aaae275af5e049c"
logic_hash = "e38a4f5c23371705f9bbf2db8e65d68074554edc1022576166e76d40e06bc039"
score = 75
@@ -340304,8 +340716,8 @@ rule SIGNATURE_BASE_Lurm_Safemod_On_Cgi
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3902-L3914"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3902-L3914"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5ea4f901ce1abdf20870c214b3231db3"
logic_hash = "d308ad6cda92fa437b9a4c46cd1b97fb0138aa8d0010256bda56a64ced1c7875"
score = 75
@@ -340329,8 +340741,8 @@ rule SIGNATURE_BASE_C99Madshell_V2_0_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3915-L3925"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3915-L3925"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d27292895da9afa5b60b9d3014f39294"
logic_hash = "07922511d9dfdd32f6b1f47479fca2063b773024a20dcab6f5cf4d56d66c3397"
score = 75
@@ -340352,8 +340764,8 @@ rule SIGNATURE_BASE_Backupsql_Php_Often_With_C99Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3926-L3937"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3926-L3937"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ab1a06ab1a1fe94e3f3b7f80eedbc12f"
logic_hash = "7c64e3d4e5815859c51f05cb376f72ea266b31193f3f4588526005e167ebabad"
score = 75
@@ -340376,8 +340788,8 @@ rule SIGNATURE_BASE_Uploader_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3938-L3950"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3938-L3950"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0b53b67bb3b004a8681e1458dd1895d0"
logic_hash = "6e6ffc4cad2a956cb2b6667928bac5996cf95cd36f43ba789144c46726471f07"
score = 75
@@ -340401,8 +340813,8 @@ rule SIGNATURE_BASE_Telnet_Pl
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3951-L3962"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3951-L3962"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dd9dba14383064e219e29396e242c1ec"
logic_hash = "2d1abc52fc70ce664a19e49e6fa4175bc8d8785dee332d5273323479d9628a8c"
score = 75
@@ -340425,8 +340837,8 @@ rule SIGNATURE_BASE_W3D_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3963-L3975"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3963-L3975"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "987f66b29bfb209a0b4f097f84f57c3b"
logic_hash = "33f948a1ae4474daddd788df84fa8baabf4390ec242cad9a6a51dac0152d3b75"
score = 75
@@ -340450,8 +340862,8 @@ rule SIGNATURE_BASE_Webshell_Cgi
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3976-L3987"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3976-L3987"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bc486c2e00b5fc3e4e783557a2441e6f"
logic_hash = "8908ced96284de6b6d5ae693ba54c49a6333bbe5780d951cbacc91b4dde027df"
score = 75
@@ -340474,8 +340886,8 @@ rule SIGNATURE_BASE_Winx_Shell_Html
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L3988-L4000"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L3988-L4000"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "17ab5086aef89d4951fe9b7c7a561dda"
logic_hash = "4248f807d66990946523ba7b92d795c2c40429182389d9bf3f4a972e246b50c6"
score = 75
@@ -340499,8 +340911,8 @@ rule SIGNATURE_BASE_Dx_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4001-L4013"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4001-L4013"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9cfe372d49fe8bf2fac8e1c534153d9b"
logic_hash = "ab43ddcf317eb4db890ca9750dc6bbc19b06b806339a67c82216df02bc2e8446"
score = 75
@@ -340524,8 +340936,8 @@ rule SIGNATURE_BASE_Csh_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4014-L4027"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4014-L4027"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "194a9d3f3eac8bc56d9a7c55c016af96"
logic_hash = "2a74e06a9fd59d7a577041b49403738904239fb011f9bfe2fb665165991b9c98"
score = 75
@@ -340550,8 +340962,8 @@ rule SIGNATURE_BASE_Phpinj_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4028-L4040"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4028-L4040"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d7a4b0df45d34888d5a09f745e85733f"
logic_hash = "5d39fd31cdaae7765267ce8a35a2fdcf86e7f0de40d4f303fb0f219c0fc04e40"
score = 75
@@ -340575,8 +340987,8 @@ rule SIGNATURE_BASE_Sig_2008_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4041-L4054"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4041-L4054"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3e4ba470d4c38765e4b16ed930facf2c"
logic_hash = "a437dc3dc836e93c7a691f7a000c4a4ae574ba95b3a216394ba42538beb9c0f7"
score = 75
@@ -340601,8 +341013,8 @@ rule SIGNATURE_BASE_Ak74Shell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4055-L4067"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4055-L4067"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7f83adcb4c1111653d30c6427a94f66f"
logic_hash = "64eb7e72679fc9ee81af6f46d0ab604357710716b93b1ddfaebc5596c968fce8"
score = 75
@@ -340626,8 +341038,8 @@ rule SIGNATURE_BASE_Rem_View_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4068-L4080"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4068-L4080"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "29420106d9a81553ef0d1ca72b9934d9"
logic_hash = "bcd5c86e793748ffe0ce4415ee68101e8183e1f97477b49843938d254f08695a"
score = 75
@@ -340651,8 +341063,8 @@ rule SIGNATURE_BASE_Java_Shell_Js
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4081-L4093"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4081-L4093"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "36403bc776eb12e8b7cc0eb47c8aac83"
logic_hash = "f312298ac30ab57b21222a529b1566b9a66909806e4bc88120ac3992cfd3c6fb"
score = 75
@@ -340676,8 +341088,8 @@ rule SIGNATURE_BASE_STNC_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4094-L4107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4094-L4107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2e56cfd5b5014cbbf1c1e3f082531815"
logic_hash = "b4118dc45ac109bde1cafda24cc103370db57c1993690f450cff828c1633af3c"
score = 75
@@ -340702,8 +341114,8 @@ rule SIGNATURE_BASE_Azrailphp_V1_0_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4108-L4120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4108-L4120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "26b2d3943395682e36da06ed493a3715"
logic_hash = "4385f294e59b644fe86d8380db4f7926924eb744ad80735b78ef778d2f7e8ae0"
score = 75
@@ -340727,8 +341139,8 @@ rule SIGNATURE_BASE_Moroccan_Spamers_Ma_Edition_By_Ghost_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4121-L4133"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4121-L4133"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d1b7b311a7ffffebf51437d7cd97dc65"
logic_hash = "e755e4ea467861e5217d532b161bf4c582ff71aa1e4720dfa4b75d6e8d7629d8"
score = 75
@@ -340752,8 +341164,8 @@ rule SIGNATURE_BASE_Zacosmall_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4134-L4146"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4134-L4146"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5295ee8dc2f5fd416be442548d68f7a6"
logic_hash = "5a2125fc447344f8cc708503d9e4dd82f9b873e40ded497ef9e01974d08bf043"
score = 75
@@ -340777,8 +341189,8 @@ rule SIGNATURE_BASE_Cmdasp_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4147-L4160"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4147-L4160"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "64f24f09ec6efaa904e2492dffc518b9"
logic_hash = "95dc25ecd47b43edbd7e7e36966377aa09da769aff2bc1c33a7df87989611bfa"
score = 75
@@ -340803,8 +341215,8 @@ rule SIGNATURE_BASE_Simple_Backdoor_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4161-L4173"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4161-L4173"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f091d1b9274c881f8e41b2f96e6b9936"
logic_hash = "e2e98580b59727313de298fab0009704f621b1b6556220d5065118d960f7a068"
score = 75
@@ -340828,8 +341240,8 @@ rule SIGNATURE_BASE_Mysql_Shell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4174-L4186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4174-L4186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d42aec2891214cace99b3eb9f3e21a63"
logic_hash = "dbd825e1056c41efaf80c0495ba7b6cf1c88403b997ea7ac1378512a19f7ed8a"
score = 75
@@ -340853,8 +341265,8 @@ rule SIGNATURE_BASE_Dive_Shell_1_0___Emperor_Hacking_Team_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4187-L4200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4187-L4200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b5102bdc41a7bc439eea8f0010310a5"
logic_hash = "bd51b625359799178ad3c8e02ba5bb5fca89e6e14769b86dd35c2b8a1049599f"
score = 75
@@ -340879,8 +341291,8 @@ rule SIGNATURE_BASE_Asmodeus_V0_1_Pl
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4201-L4214"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4201-L4214"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0978b672db0657103c79505df69cb4bb"
logic_hash = "be0130c9d2a5d29e6ef8749b0058c96c2ca1ecb9823fd14a8a2c82978cf3d104"
score = 75
@@ -340905,8 +341317,8 @@ rule SIGNATURE_BASE_Backup_Php_Often_With_C99Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4215-L4227"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4215-L4227"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aeee3bae226ad57baf4be8745c3f6094"
logic_hash = "e27d00ebfbac2565568b9a97552a331db91b4e9aa318febb048937f5c3a1a1ba"
score = 75
@@ -340930,8 +341342,8 @@ rule SIGNATURE_BASE_Reader_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4228-L4240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4228-L4240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ad1a362e0a24c4475335e3e891a01731"
logic_hash = "ec0dc3b050d84e852e0c18bd00961f109d3506fa7f2e8656448bd5edd28d9305"
score = 75
@@ -340955,8 +341367,8 @@ rule SIGNATURE_BASE_Phpshell17_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4241-L4253"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4241-L4253"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9a928d741d12ea08a624ee9ed5a8c39d"
logic_hash = "a9306747a5c9756f393c61562ed4a601c75c3a9491ad19a7b7dbae1fbd505e9a"
score = 75
@@ -340980,8 +341392,8 @@ rule SIGNATURE_BASE_Myshell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4254-L4266"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4254-L4266"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "62783d1db52d05b1b6ae2403a7044490"
logic_hash = "dd7b0fa637a8317986de0c2312b4b552f1110fb5a64590a9a21c854e5985fbb6"
score = 75
@@ -341005,8 +341417,8 @@ rule SIGNATURE_BASE_Simshell_1_0___Simorgh_Security_MGZ_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4267-L4280"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4267-L4280"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "37cb1db26b1b0161a4bf678a6b4565bd"
logic_hash = "590a1572877fafcd4425a04c12cd56194f03a63b7acad93c39d4b16dc5a1902d"
score = 75
@@ -341031,8 +341443,8 @@ rule SIGNATURE_BASE_Jspshall_Jsp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4281-L4293"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4281-L4293"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "efe0f6edaa512c4e1fdca4eeda77b7ee"
logic_hash = "94c458d3f38ba21348b0202e2b81bbbc3859e97d64f101a9ea7ec6f036e38bc5"
score = 75
@@ -341056,8 +341468,8 @@ rule SIGNATURE_BASE_Webshell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4294-L4305"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4294-L4305"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e425241b928e992bde43dd65180a4894"
logic_hash = "7b0f4f4afde7dcb44c9d877a72c961f3666278ce28a24ae8068cfbc32639e307"
score = 75
@@ -341080,8 +341492,8 @@ rule SIGNATURE_BASE_Rootshell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4306-L4319"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4306-L4319"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "265f3319075536030e59ba2f9ef3eac6"
logic_hash = "f836dd1825dc84212d32a034c0dde45d60ccd1eb667018abb60d671b61192666"
score = 75
@@ -341106,8 +341518,8 @@ rule SIGNATURE_BASE_Connectback2_Pl
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4320-L4332"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4320-L4332"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "473b7d226ea6ebaacc24504bd740822e"
logic_hash = "7316c93f12dbbf6d0235601d8be88c199e37955507925222d00041d0ceaf01c7"
score = 75
@@ -341131,8 +341543,8 @@ rule SIGNATURE_BASE_Defacekeeper_0_2_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4333-L4345"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4333-L4345"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "713c54c3da3031bc614a8a55dccd7e7f"
logic_hash = "0ee3fed3441e9561867508e324d7a6b1808a8923513bf1c9b82f8238224c994c"
score = 75
@@ -341156,8 +341568,8 @@ rule SIGNATURE_BASE_Shells_PHP_Wso
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4346-L4357"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4346-L4357"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "33e2891c13b78328da9062fbfcf898b6"
logic_hash = "31ef69228b66b30300006f63b1e4d6e92c2512caca4bd915d418b48564b39c47"
score = 75
@@ -341180,8 +341592,8 @@ rule SIGNATURE_BASE_Backdoor1_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4358-L4370"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4358-L4370"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e1adda1f866367f52de001257b4d6c98"
logic_hash = "7c8840dc91c16b9fa19fee16e0159a7f13db23c96596e18da0cdab07931ce35b"
score = 75
@@ -341205,8 +341617,8 @@ rule SIGNATURE_BASE_Elmaliseker_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4371-L4384"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4371-L4384"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b32d1730d23a660fd6aa8e60c3dc549f"
logic_hash = "969f0f12449375a9ebbb8a68fd4b3db395927416d5cceccdb7f2c64310430880"
score = 75
@@ -341231,8 +341643,8 @@ rule SIGNATURE_BASE_Indexer_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4385-L4396"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4385-L4396"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9ea82afb8c7070817d4cdf686abe0300"
logic_hash = "0a51f15bfb4289dcb70e1e0b96d100be12901ebf26ed9c0e543eda5f4aa91f1c"
score = 75
@@ -341255,8 +341667,8 @@ rule SIGNATURE_BASE_Dxshell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4397-L4408"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4397-L4408"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "33a2b31810178f4c2e71fbdeb4899244"
logic_hash = "821f9295eba6119ad08349e769d1909cd7836b4e35795915e94095cf715dc6e5"
score = 75
@@ -341279,8 +341691,8 @@ rule SIGNATURE_BASE_S72_Shell_V1_1_Coding_Html
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4409-L4421"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4409-L4421"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c2e8346a5515c81797af36e7e4a3828e"
logic_hash = "aef8840b72e5c435c11150007d6b3af2943126fefdc6df343d0f73755340e260"
score = 75
@@ -341304,8 +341716,8 @@ rule SIGNATURE_BASE_Kacak_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4422-L4435"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4422-L4435"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "907d95d46785db21331a0324972dda8c"
logic_hash = "8542a3985dff2d1eb42f4d2c9f30405a4817a8e30075225c518ec52381f1f7df"
score = 75
@@ -341330,8 +341742,8 @@ rule SIGNATURE_BASE_PHP_Backdoor_Connect_Pl_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4436-L4448"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4436-L4448"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "57fcd9560dac244aeaf95fd606621900"
logic_hash = "b141546f45767884f9c8b1cc4c09ea25f90c0f3a3633bfeecad78b60e7f20306"
score = 75
@@ -341355,8 +341767,8 @@ rule SIGNATURE_BASE_Antichat_Socks5_Server_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4449-L4461"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4449-L4461"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cbe9eafbc4d86842a61a54d98e5b61f1"
logic_hash = "d6b203561f95f431b3d2c241011ae08c05619d45c5900a28137481c029e8297e"
score = 75
@@ -341380,8 +341792,8 @@ rule SIGNATURE_BASE_Antichat_Shell_V1_3_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4462-L4474"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4462-L4474"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "40d0abceba125868be7f3f990f031521"
logic_hash = "566c324f3bf44ce9f32ddad82a8d3daa87a8a75b5ca0c8286bc912a8ae4ac8e9"
score = 75
@@ -341405,8 +341817,8 @@ rule SIGNATURE_BASE_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4475-L4487"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4475-L4487"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "49ad9117c96419c35987aaa7e2230f63"
logic_hash = "d6d2a3999f2e8ceb70f57697c0a845edbbcfce0aba151ec6a0ac23f55265cd47"
score = 75
@@ -341430,8 +341842,8 @@ rule SIGNATURE_BASE_Mysql_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4488-L4500"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4488-L4500"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "12bbdf6ef403720442a47a3cc730d034"
logic_hash = "60e235310f378698ffcc3ae6a07ab5dd94a660ca4b1504cc878d9741f751d5d1"
score = 75
@@ -341455,8 +341867,8 @@ rule SIGNATURE_BASE_Worse_Linux_Shell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4501-L4512"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4501-L4512"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8338c8d9eab10bd38a7116eb534b5fa2"
logic_hash = "47801296b700e85f9e08857eb06f845ef8ed3f88b7d0de34d4b7c47cef6cc7fb"
score = 75
@@ -341479,8 +341891,8 @@ rule SIGNATURE_BASE_Cyberlords_Sql_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4513-L4526"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4513-L4526"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "03b06b4183cb9947ccda2c3d636406d4"
logic_hash = "b3286f9fd86c90c5afc79801b6d65c9ae52ee1c37da93ff15461d84f37ef8019"
score = 75
@@ -341505,8 +341917,8 @@ rule SIGNATURE_BASE_Cmd_Asp_5_1_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4527-L4538"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4527-L4538"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8baa99666bf3734cbdfdd10088e0cd9f"
logic_hash = "a41c83da1a65e67b6f4ac6ad7cc8702486957ab0c7dda658d071e603338c324b"
score = 75
@@ -341529,8 +341941,8 @@ rule SIGNATURE_BASE_Pws_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4539-L4551"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4539-L4551"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ecdc6c20f62f99fa265ec9257b7bf2ce"
logic_hash = "98dae8aab5bfd58f4264e318f5a5b5900b38687386f9d7f09c31da0f51d57bc0"
score = 75
@@ -341554,8 +341966,8 @@ rule SIGNATURE_BASE_PHP_Shell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4552-L4563"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4552-L4563"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a2f8fa4cce578fc9c06f8e674b9e63fd"
logic_hash = "2d5b6e08bfe9e1551dab12b01189dadc924c097427c996684bab96c48d528395"
score = 75
@@ -341578,8 +341990,8 @@ rule SIGNATURE_BASE_Ayyildiz_Tim___AYT__Shell_V_2_1_Biz_Html
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4564-L4577"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4564-L4577"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8a8c8bb153bd1ee097559041f2e5cf0a"
logic_hash = "9e2d56b49df65a2c13e15f97ec91cdbb6852d86e86f921d7c8a4db82cbea12f5"
score = 75
@@ -341604,8 +342016,8 @@ rule SIGNATURE_BASE_EFSO_2_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4578-L4589"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4578-L4589"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5fde9682fd63415ae211d53c6bfaa4d"
logic_hash = "15e5419854bcbb08f28fff1e266cca7a004f01ec0a5c313c107ec17c3aa7ffee"
score = 75
@@ -341628,8 +342040,8 @@ rule SIGNATURE_BASE_Lamashell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4590-L4602"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4590-L4602"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "de9abc2e38420cad729648e93dfc6687"
logic_hash = "5e156c3057338fa7b306b91dd979851dd56b8b698cfe99e1d7b6d096a4c580e7"
score = 75
@@ -341653,8 +342065,8 @@ rule SIGNATURE_BASE_Ajax_PHP_Command_Shell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4603-L4615"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4603-L4615"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "93d1a2e13a3368a2472043bd6331afe9"
logic_hash = "37cba26018f3d37194a143871012a61a7bcee6775d2cf5f93a52b779010d3260"
score = 75
@@ -341678,8 +342090,8 @@ rule SIGNATURE_BASE_Jspwebshell_1_2_Jsp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4616-L4629"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4616-L4629"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "70a0ee2624e5bbe5525ccadc467519f6"
logic_hash = "32b3ddb00f89a3540118fe8ce5fc070556b00030dcf2b21245d38ae66e6cbc14"
score = 75
@@ -341704,8 +342116,8 @@ rule SIGNATURE_BASE_Sincap_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4630-L4642"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4630-L4642"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b68b90ff6012a103e57d141ed38a7ee9"
logic_hash = "e708a7dcb26ff7d0208c1f092e14e701f2ae94c4ffca019f13064bbe04ef74d7"
score = 75
@@ -341729,8 +342141,8 @@ rule SIGNATURE_BASE_Test_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4643-L4655"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4643-L4655"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "77e331abd03b6915c6c6c7fe999fcb50"
logic_hash = "575a2eeadc8113d779057f98e978ed4f8914546117b57944bf65f1d6d84c9521"
score = 50
@@ -341754,8 +342166,8 @@ rule SIGNATURE_BASE_Phyton_Shell_Py
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4656-L4669"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4656-L4669"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "92b3c897090867c65cc169ab037a0f55"
logic_hash = "ac16a95cd1fb09c93b315e3cd7d57c1ebec322b641f515854fb73a61393dd365"
score = 75
@@ -341780,8 +342192,8 @@ rule SIGNATURE_BASE_Mysql_Tool_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4670-L4682"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4670-L4682"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5fbe4d8edeb2769eda5f4add9bab901e"
logic_hash = "9f49bd6c56c919f678ecada82ff3d801c82c98a8abdee85cda1ec7e5b6756012"
score = 75
@@ -341805,8 +342217,8 @@ rule SIGNATURE_BASE_Zehir_4_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4683-L4694"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4683-L4694"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7f4e12e159360743ec016273c3b9108c"
logic_hash = "69063d866daf1709df81fa22d76177bf8d552e19725a94db4a1b2fca79387faf"
score = 75
@@ -341829,8 +342241,8 @@ rule SIGNATURE_BASE_Sh_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4695-L4706"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4695-L4706"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "330af9337ae51d0bac175ba7076d6299"
logic_hash = "b0c3307d451e5d7dadece114e2888503a46038e2edb2ff32bf566ce47b300e76"
score = 75
@@ -341853,8 +342265,8 @@ rule SIGNATURE_BASE_Phpbackdoor15_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4707-L4719"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4707-L4719"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0fdb401a49fc2e481e3dfd697078334b"
logic_hash = "cdd105f36593e8326ca32bf7cf1fba6fb754e7305c91fe6c078323db8f59b23c"
score = 75
@@ -341878,8 +342290,8 @@ rule SIGNATURE_BASE_Phpjackal_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4720-L4731"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4720-L4731"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ab230817bcc99acb9bdc0ec6d264d76f"
logic_hash = "6e2ff262aecd08e5feaa274a7fd128d75565d6cc03341da7cbeb2949070705e5"
score = 75
@@ -341902,8 +342314,8 @@ rule SIGNATURE_BASE_Sql_Php_Php : FILE
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4732-L4745"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4732-L4745"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8334249cbb969f2d33d678fec2b680c5"
logic_hash = "016ea01e9b53add0799f5c105fb3d54e6ee07d01c950772a618b2a780f14254f"
score = 75
@@ -341927,8 +342339,8 @@ rule SIGNATURE_BASE_Cgi_Python_Py
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4746-L4758"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4746-L4758"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0a15f473e2232b89dae1075e1afdac97"
logic_hash = "37c6c7db32a52c8a83ff85f0a50c6fa71e833b9e6d20b1f95e9512fe8bbd0aee"
score = 75
@@ -341952,8 +342364,8 @@ rule SIGNATURE_BASE_Ru24_Post_Sh_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4759-L4771"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4759-L4771"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b334d494564393f419af745dc1eeec7"
logic_hash = "e81e5345bbe07ca85c94a3d8411f0dd3c418689ccae7115c098f718f9093b3bf"
score = 75
@@ -341977,8 +342389,8 @@ rule SIGNATURE_BASE_Dtool_Pro_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4772-L4784"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4772-L4784"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "366ad973a3f327dfbfb915b0faaea5a6"
logic_hash = "e8f8b4ca2ab4607e700e897671fd230280763a70897b8ccfc31b3bcb7f2a1f4a"
score = 75
@@ -342002,8 +342414,8 @@ rule SIGNATURE_BASE_Telnetd_Pl
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4785-L4799"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4785-L4799"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5f61136afd17eb025109304bd8d6d414"
logic_hash = "faf21758b311fa4c2d11cd60169e6c9a67282cf739b73664456691361a480419"
score = 75
@@ -342029,8 +342441,8 @@ rule SIGNATURE_BASE_Php_Include_W_Shell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4800-L4811"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4800-L4811"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4e913f159e33867be729631a7ca46850"
logic_hash = "a63910d97b7ef447b2cadb7de12943d3dbb6eada27d3097b8acf58d9b65b6f60"
score = 75
@@ -342053,8 +342465,8 @@ rule SIGNATURE_BASE_Safe0Ver_Shell__Safe_Mod_Bypass_By_Evilc0Der_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4812-L4824"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4812-L4824"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6163b30600f1e80d2bb5afaa753490b6"
logic_hash = "46f6bb38f1175e02b03047c06a7aed968b1c1ce2e28cc4b88e15703040e91592"
score = 75
@@ -342078,8 +342490,8 @@ rule SIGNATURE_BASE_Shell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4825-L4837"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4825-L4837"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1a95f0163b6dea771da1694de13a3d8d"
logic_hash = "dbd08e71dc512f8dcf009150fb4448cd3608291ef9078c7e6b86e6f8d820bd94"
score = 75
@@ -342103,8 +342515,8 @@ rule SIGNATURE_BASE_Telnet_Cgi
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4838-L4850"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4838-L4850"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dee697481383052980c20c48de1598d1"
logic_hash = "689c1d43c64aa7469989686c60fc9ab46acde42fdf3c1157bae1e2b8373c845f"
score = 75
@@ -342128,8 +342540,8 @@ rule SIGNATURE_BASE_Ironshell_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4851-L4865"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4851-L4865"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8bfa2eeb8a3ff6afc619258e39fded56"
logic_hash = "23574299ee2bb33c3f71102adf71ac8f09b6f8ece5f798beacb9b2432d297ee7"
score = 75
@@ -342155,8 +342567,8 @@ rule SIGNATURE_BASE_Backdoorfr_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4866-L4877"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4866-L4877"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "91e4afc7444ed258640e85bcaf0fecfc"
logic_hash = "40a6fb41a65fd35acb7cdc36fdda90f5dc54b641adc3ba9eaae29c5e46622206"
score = 75
@@ -342179,8 +342591,8 @@ rule SIGNATURE_BASE_Aspydrv_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4878-L4891"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4878-L4891"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1c01f8a88baee39aa1cebec644bbcb99"
logic_hash = "64912d7521d4bff33b5f3a78525bf4ed94246f5933753bed7ca02bedffc85f0f"
score = 60
@@ -342204,8 +342616,8 @@ rule SIGNATURE_BASE_Cmdjsp_Jsp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4892-L4905"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4892-L4905"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b815611cc39f17f05a73444d699341d4"
logic_hash = "8b0e425c7d71ea2c536192ff186665e7f0fbdbc0e0d195d7107ac57cf9bd1773"
score = 75
@@ -342230,8 +342642,8 @@ rule SIGNATURE_BASE_H4Ntu_Shell__Powered_By_Tsoi_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4906-L4917"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4906-L4917"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "06ed0b2398f8096f1bebf092d0526137"
logic_hash = "32c620a4ed3f7a8640928e2211516978c12cfbdedb7d96e923303740407b5a1c"
score = 75
@@ -342254,8 +342666,8 @@ rule SIGNATURE_BASE_Ajan_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4918-L4930"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4918-L4930"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b6f468252407efc2318639da22b08af0"
logic_hash = "13988af864a62ca04501288d4f2d830815ab453b14cef6795fe993db1dd1a9ef"
score = 75
@@ -342279,8 +342691,8 @@ rule SIGNATURE_BASE_PHANTASMA_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4931-L4944"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4931-L4944"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "52779a27fa377ae404761a7ce76a5da7"
logic_hash = "d4a2a1bcc1ff3264b35f2b05d7de664b56807977f2a793fd87206f046a185d3b"
score = 75
@@ -342305,8 +342717,8 @@ rule SIGNATURE_BASE_Mysql_Web_Interface_Version_0_8_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4945-L4958"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4945-L4958"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "36d4f34d0a22080f47bb1cb94107c60f"
logic_hash = "f0a20870a3240948e3ef1ad61685b00c5fc90d6098b87af9ac43ab44ccd13c9e"
score = 75
@@ -342331,8 +342743,8 @@ rule SIGNATURE_BASE_Simple_Cmd_Html
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4959-L4972"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4959-L4972"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c6381412df74dbf3bcd5a2b31522b544"
logic_hash = "56b5b9e5518fa8a4be8c48735e997a538b0e534ad8fd72c1419dc0e8353bbc00"
score = 75
@@ -342357,8 +342769,8 @@ rule SIGNATURE_BASE__1_C2007_Php_Php_C100_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4973-L4987"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4973-L4987"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f6cb7c210bcd0f84c2ccff52850b1d673622ae49b83d614d63b5bbba7392327"
score = 75
quality = 85
@@ -342384,8 +342796,8 @@ rule SIGNATURE_BASE__Nst_Php_Php_Img_Php_Php_Nstview_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L4988-L5003"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L4988-L5003"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b1e13f75edbbc8f9263e0e516a54330ce57190ba0b45813dad4bafeaeefa389b"
score = 75
quality = 85
@@ -342412,8 +342824,8 @@ rule SIGNATURE_BASE__Network_Php_Php_Xinfo_Php_Php_Nfm_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5004-L5018"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5004-L5018"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "913ff19b6448d3b074440c2a5f85d85813fdf010d33dc57c89ba1e5db6455e11"
score = 75
quality = 85
@@ -342439,8 +342851,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Specials
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5019-L5034"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5019-L5034"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4bae5456baf0d8d894165c84d66118f2b16cfc040e299c2032eccb6a9eb4822"
score = 75
quality = 85
@@ -342467,8 +342879,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php_R57_Shell_Php_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5035-L5052"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5035-L5052"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0df3e00f752f85aa1f150c01e3ef41b9a5cd3d3ce2060965992320cb3c4d87ae"
score = 75
quality = 85
@@ -342497,8 +342909,8 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_Sses_Php_Php_Ctt_Sh_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5053-L5069"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5053-L5069"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "137f98b636ec012d7d5e687f7d24ae88e8d3261360e60a4bbc03da248cce381e"
score = 75
quality = 85
@@ -342526,8 +342938,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Spy_Php_Php_S_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5070-L5084"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5070-L5084"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "09892789e8dad16f9fc7c4e22525e5d0af3af401a4b2655b70f7a6856888875c"
score = 75
quality = 85
@@ -342553,8 +342965,8 @@ rule SIGNATURE_BASE_Webshell_C99_Generic
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5085-L5105"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5085-L5105"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "422bc3a0d9b04b1e37ad954faacb1ec7841fe529c1eb19634bdbfe83da374c73"
score = 75
quality = 85
@@ -342586,8 +342998,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5106-L5123"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5106-L5123"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b133cf947476a1c94ed90b5cd3757ca8aa429be4284d75664625896d9cfa687f"
score = 75
quality = 85
@@ -342616,8 +343028,8 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_Specialshell_99_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5124-L5138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5124-L5138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7bdaebfb093b58a2fd33b4bbeea8465d0f724383b4855eb521a3e339ee153781"
score = 75
quality = 85
@@ -342643,8 +343055,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Sses_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5139-L5155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5139-L5155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6dbd40e19d4d5753dbd1f7e627bccc08a60430de8138a923f13e836d19dde65c"
score = 75
quality = 85
@@ -342672,8 +343084,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php_Spy_Php_Php_S_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5156-L5172"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5156-L5172"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "834c33059e08e8075a8d3f69187b74f3b53afabfc37ae1f13a2f579f0948a363"
score = 75
quality = 85
@@ -342701,8 +343113,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5173-L5188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5173-L5188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f97846fdaac949185b4ce6a25cc276f4ae4243d891acb18c3a3ce0c18b540976"
score = 75
quality = 85
@@ -342729,8 +343141,8 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Shell_Php_Php_Spy_Php_Php_S_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5189-L5205"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5189-L5205"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "764a374c1e4acec8978db1e7e7e326c4fa95c6f92e1ca5a6d7f892bb05ecd289"
score = 75
quality = 85
@@ -342758,8 +343170,8 @@ rule SIGNATURE_BASE__Wacking_Php_Php_1_Specialshell_99_Php_Php_C100_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5206-L5222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5206-L5222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d32fc00ba2602a1140dc9030894bb9524c55b95c445a08f2bf6f8fc60108e64"
score = 75
quality = 85
@@ -342787,8 +343199,8 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Php_Php_R57_Shell_Php_Php_Spy_Php_Php_S_Ph
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5223-L5240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5223-L5240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "afbd2103b0c953d6aec070ba450f43e567560bc9743423a5731cd4d6e5e36bb6"
score = 75
quality = 85
@@ -342817,8 +343229,8 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_Sses_Php_Php_Specialshell_99_Php_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5241-L5257"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5241-L5257"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9bbcb687c83c01ad52e8978a60e604a74f10c33a63af3b91d0286b30dea42890"
score = 75
quality = 85
@@ -342846,8 +343258,8 @@ rule SIGNATURE_BASE_Multiple_Php_Webshells
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5259-L5280"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5259-L5280"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d55c96febd64107273001edadbda6d0a1b4b00e35fb41b46561b49fca6a9bd1b"
score = 75
quality = 85
@@ -342880,8 +343292,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5281-L5296"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5281-L5296"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c089f8175532ddc0e2d256b4972f7db32683bd213a456622ed27ab4844d1e435"
score = 75
quality = 85
@@ -342908,8 +343320,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5297-L5314"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5297-L5314"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e82882e89a1aeb256768f2af7a6d3674c89f9abc358710b33b8d3d425defcef1"
score = 75
quality = 85
@@ -342938,8 +343350,8 @@ rule SIGNATURE_BASE__GFS_Web_Shell_Ver_3_1_7___Priv8_Php_Nshell_Php_Php_Gfs_Sh_P
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5315-L5330"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5315-L5330"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9df5b6df25574b303044a0799c5eb5f38f9ebfbc6f6114275fe1e34adbde1f7c"
score = 75
quality = 85
@@ -342966,8 +343378,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5331-L5349"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5331-L5349"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0f44dc1ff243b234a718e8dbd5cc8c4dc8eb9d3b63300a5c6ff72b86280607bf"
score = 75
quality = 85
@@ -342997,8 +343409,8 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_C99Shell_V1_0_Php_Php_C99Php_Spec
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5350-L5366"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5350-L5366"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9cd7425b806f71d8889f5df7f3fc2f4a692279fc4e495104646cfe28c5b5fe5"
score = 75
quality = 85
@@ -343026,8 +343438,8 @@ rule SIGNATURE_BASE__Antichat_Php_Php_Fatalshell_Php_Php_A_Gedit_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5367-L5383"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5367-L5383"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "789340845aeed4accaef02afa1a1fe420e73b6f5af1b621f4ec2342994045278"
score = 75
quality = 85
@@ -343055,8 +343467,8 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_Sses_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5384-L5397"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5384-L5397"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2bdf4187ff3d63e4af5c70e8cc93cd8fac3257b33c38764ad2bb2e206066162"
score = 75
quality = 85
@@ -343081,8 +343493,8 @@ rule SIGNATURE_BASE__Crystal_Php_Nshell_Php_Php_Load_Shell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5398-L5413"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5398-L5413"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71a9310b19b66e3699f75f551cc604f535ea843eb9c50f4a009edcd9c11e01b9"
score = 75
quality = 85
@@ -343109,8 +343521,8 @@ rule SIGNATURE_BASE__Nst_Php_Php_Cybershell_Php_Php_Img_Php_Php_Nstview_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5414-L5430"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5414-L5430"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "afc0b1c83644aa323d308471e5978b6b03f444f5f46fbaddac28ff42d524df1e"
score = 75
quality = 85
@@ -343138,8 +343550,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Dc3_Secu
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5431-L5447"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5431-L5447"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a4c74912caa1855efc3a2ea7fa6d0082f62776d77a211e59f12892d4883f240"
score = 75
quality = 85
@@ -343167,8 +343579,8 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_1_C2007_Php_Php_C100_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5448-L5463"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5448-L5463"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a5dc73a12d8c8b89bab77b90cb3b561e9daf9db5f5ad550326a2fbce52c1c8da"
score = 75
quality = 85
@@ -343195,8 +343607,8 @@ rule SIGNATURE_BASE_Multiple_Php_Webshells_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5464-L5484"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5464-L5484"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26fe586ba7f4d1931b2df81aa27543ff422e699fd56b6b1be289a0f8d6954691"
score = 75
quality = 85
@@ -343228,8 +343640,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_1_Specia
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5485-L5503"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5485-L5503"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "160adf93d4f9e51022c427b2b0601207dd9ca917e98d99e2013fe83e09a85d21"
score = 75
quality = 85
@@ -343259,8 +343671,8 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Php_Php_Spy_Php_Php_S_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5504-L5520"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5504-L5520"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ba3d6927dc06bfcd98ee9d7146164ca9a9024ef26eac60fabc8ed1375db618d"
score = 75
quality = 85
@@ -343288,8 +343700,8 @@ rule SIGNATURE_BASE__Nixrem_Php_Php_C99Shell_V1_0_Php_Php_C99Php_NIX_REMOTE_WEB_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5521-L5538"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5521-L5538"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f7575db2c8f147d03d5b93b431d1a73c4182b5db6e801e672914778b2042a712"
score = 75
quality = 85
@@ -343318,8 +343730,8 @@ rule SIGNATURE_BASE_Darksecurityteam_Webshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5542-L5554"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5542-L5554"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f1c95b13a71ca3629a0bb79601fcacf57cdfcf768806a71b26f2448f8c1d5d24"
logic_hash = "0c58ed8845cb04d785322b280647d424e1028a3be7e92b2493fd907fae36b16d"
score = 50
@@ -343342,8 +343754,8 @@ rule SIGNATURE_BASE_PHP_Cloaked_Webshell_Superfetchexec
date = "2016-02-15"
modified = "2025-11-03"
reference = "http://goo.gl/xFvioC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5556-L5568"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5556-L5568"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "320b85b1ad39a90578f53c69838b6264af1e6a71c509aefc0986c7f0c77fdae9"
score = 50
quality = 85
@@ -343365,8 +343777,8 @@ rule SIGNATURE_BASE_Webshell_Remexp_Asp_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5572-L5587"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5572-L5587"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d9919dcf94a70d5180650de8b81669fa1c10c5a2"
logic_hash = "b3cfa44898629ffa20630436ae10a94ad72f0e793d61e1157a4de649aa048fe2"
score = 75
@@ -343393,8 +343805,8 @@ rule SIGNATURE_BASE_Webshell_Dc3_Security_Crew_Shell_Priv
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5588-L5604"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5588-L5604"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b2a4a7174ca170b4e3a8cdf4814c92695134c8a"
logic_hash = "f93a5d87d4a490844de578067dc0b7bac6b01ceb9130cd7c70a227566e18f16c"
score = 75
@@ -343422,8 +343834,8 @@ rule SIGNATURE_BASE_Webshell_Simattacker
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5605-L5623"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5605-L5623"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "258297b62aeaf4650ce04642ad5f19be25ec29c9"
logic_hash = "323b68f1d31df647775ad16a85b9f90bce4eac89188160a1e4853f8fec680160"
score = 75
@@ -343453,8 +343865,8 @@ rule SIGNATURE_BASE_Webshell_Dtool_Pro
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5624-L5642"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5624-L5642"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e2ee1c7ba7b05994f65710b7bbf935954f2c3353"
logic_hash = "da744efb521415fb8817c0982d8d538e1e38b1c0995f43716611df37bf371c38"
score = 75
@@ -343485,8 +343897,8 @@ rule SIGNATURE_BASE_Webshell_Ironshell_4
modified = "2025-11-03"
old_rule_name = "WebShell_ironshell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5643-L5662"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5643-L5662"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d47b8ba98ea8061404defc6b3a30839c4444a262"
logic_hash = "1810071f261ad7390532b07ef24115726f236131aa8ffd29adbde9ebe5085e9d"
score = 75
@@ -343516,8 +343928,8 @@ rule SIGNATURE_BASE_Webshell_Indexer_Asp_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5663-L5679"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5663-L5679"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e9a7aa5eb1fb228117dc85298c7d3ecd8e288a2d"
logic_hash = "c576925c95b5bd2549e8039a1fc6ac228bfab5ddee8c4e12264ea78e9828ba5c"
score = 75
@@ -343545,8 +343957,8 @@ rule SIGNATURE_BASE_Webshell_Toolaspshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5680-L5693"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5680-L5693"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "11d236b0d1c2da30828ffd2f393dd4c6a1022e3f"
logic_hash = "cb46d3170a9c144a22ef8c91b381495a471d2aa178a4a123eb9a1e32e1db7683"
score = 75
@@ -343571,8 +343983,8 @@ rule SIGNATURE_BASE_Webshell_B374K_Mini_Shell_Php_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5694-L5707"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5694-L5707"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "afb88635fbdd9ebe86b650cc220d3012a8c35143"
logic_hash = "553bd775d9662f9410d9ab946ccffe4b2ee92e367bcc6345fa595527653280cf"
score = 75
@@ -343597,8 +344009,8 @@ rule SIGNATURE_BASE_Webshell_Sincap_1_0
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5708-L5723"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5708-L5723"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9b72635ff1410fa40c4e15513ae3a496d54f971c"
logic_hash = "0cb8851285bd55b0b613ec4c46ab88142e2cbba7e527ad510b008cfb342af221"
score = 75
@@ -343625,8 +344037,8 @@ rule SIGNATURE_BASE_Webshell_B374K_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5724-L5739"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5724-L5739"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "04c99efd187cf29dc4e5603c51be44170987bce2"
logic_hash = "f44ecdcf327cf417a90a91c8d23f6137b80c2006bea2ca2e214f2bfdf5793771"
score = 75
@@ -343653,8 +344065,8 @@ rule SIGNATURE_BASE_Webshell_Simattacker___Vrsion_1_0_0___Priv8_4_My_Friend
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5740-L5757"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5740-L5757"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6454cc5ab73143d72cf0025a81bd1fe710351b44"
logic_hash = "63ebb0c673a5aee05d2d9d571ebf63942d826b5148a5f7ed587ba1efbb0dc923"
score = 75
@@ -343684,8 +344096,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi_2 : FILE
modified = "2025-03-21"
old_rule_name = "WebShell_h4ntu_shell__powered_by_tsoi_"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5759-L5774"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5759-L5774"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cbca8cd000e705357e2a7e0cf8262678706f18f9"
logic_hash = "c731f2f430e61277ec6c8e292aa50a31eea46fe67eb455811b3fbe9e8967a8c1"
score = 75
@@ -343710,8 +344122,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Myshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5776-L5794"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5776-L5794"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "42e283c594c4d061f80a18f5ade0717d3fb2f76d"
logic_hash = "2c39ffecb44ce2f936ba3563c6086d8b2ed75aec3b57b45e2a1f5e7321ac9a3f"
score = 75
@@ -343741,8 +344153,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Pws
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5795-L5811"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5795-L5811"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7a405f1c179a84ff8ac09a42177a2bcd8a1a481b"
logic_hash = "4b2eeb80200cc5dffa80cddc74f1902c0e8a5d2313d9a20d02eeb99ccb668ec0"
score = 75
@@ -343770,8 +344182,8 @@ rule SIGNATURE_BASE_Webshell_Reader_Asp_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5812-L5826"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5812-L5826"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "70656f3495e2b3ad391a77d5208eec0fb9e2d931"
logic_hash = "6ffda38584b6cdec818af8e09c62bb4a46f40230ffd5c1a68993a91c37f67680"
score = 75
@@ -343798,8 +344210,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_3
modified = "2025-11-03"
old_rule_name = "WebShell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5827-L5844"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5827-L5844"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "db076b7c80d2a5279cab2578aa19cb18aea92832"
logic_hash = "6840af0d9f99277277edce93deb54e9a319c8938169701c89fdeb65207590951"
score = 75
@@ -343828,8 +344240,8 @@ rule SIGNATURE_BASE_Webshell_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass
modified = "2025-11-03"
old_rule_name = "WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5845-L5861"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5845-L5861"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b2b797707e09c12ff5e632af84b394ad41a46fa4"
logic_hash = "92bfac3516a448bbb3e78cf8950c6e816bf35d0ae2f3d32bc9b9b2836309999b"
score = 75
@@ -343857,8 +344269,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Backdoor_2
modified = "2025-11-03"
old_rule_name = "WebShell_php_backdoor"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5862-L5878"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5862-L5878"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b190c03af4f3fb52adc20eb0f5d4d151020c74fe"
logic_hash = "4228bcbfff5d7756615347196270f7916843e2aceacc7298610070b8b923381b"
score = 75
@@ -343886,8 +344298,8 @@ rule SIGNATURE_BASE_Webshell_Worse_Linux_Shell_2
modified = "2025-11-03"
old_rule_name = "WebShell_Worse_Linux_Shell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5879-L5896"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5879-L5896"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "64623ab1246bc8f7d256b25f244eb2b41f543e96"
logic_hash = "6480c524213583511253ea1d37820994bba8a86f58a3775d4a9e4325725289d8"
score = 75
@@ -343915,8 +344327,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Phpinj
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5897-L5914"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5897-L5914"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "75116bee1ab122861b155cc1ce45a112c28b9596"
logic_hash = "271efaa8f370376f971d3d59256658b341599ac554cc216e09401e44b16bdede"
score = 75
@@ -343945,8 +344357,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_NGH
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5915-L5932"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5915-L5932"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c05b5deecfc6de972aa4652cb66da89cfb3e1645"
logic_hash = "572b026545b012951136bdb9b1101e38f27bc3321b895799bc853ea1190877f9"
score = 75
@@ -343975,8 +344387,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Matamu
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5933-L5949"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5933-L5949"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d477aae6bd2f288b578dbf05c1c46b3aaa474733"
logic_hash = "c0101dab5fe7c3a2652b2e23e1ef0274364137895a402a0367c6b5474c0e8a1f"
score = 75
@@ -344004,8 +344416,8 @@ rule SIGNATURE_BASE_Webshell_Ru24_Post_Sh
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5950-L5965"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5950-L5965"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d2c18766a1cd4dda928c12ff7b519578ccec0769"
logic_hash = "6cf15a67c311979d32edfb443701cef34ee32d7a672314fc7b60b262b6b2c402"
score = 75
@@ -344032,8 +344444,8 @@ rule SIGNATURE_BASE_Webshell_Hiddens_Shell_V1
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5966-L5977"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5966-L5977"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1674bd40eb98b48427c547bf9143aa7fbe2f4a59"
logic_hash = "b76400c320e6294b0c831fbbb8e08a9d2097fbb027065f9c4b496d4b005ba016"
score = 75
@@ -344056,8 +344468,8 @@ rule SIGNATURE_BASE_Webshell_C99_Madnet
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5978-L5993"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5978-L5993"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "17613df393d0a99fd5bea18b2d4707f566cff219"
logic_hash = "cd4048f28405f106302643656ae5f8a257aaec0184a8057a9dffbda9bb857027"
score = 75
@@ -344084,8 +344496,8 @@ rule SIGNATURE_BASE_Webshell_C99_Locus7S
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L5994-L6009"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L5994-L6009"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d413d4700daed07561c9f95e1468fb80238fbf3c"
logic_hash = "5ecfc5f6da471bd3037228c0bc762d50762933af3cf6674210c7b2017a45a646"
score = 75
@@ -344112,8 +344524,8 @@ rule SIGNATURE_BASE_Webshell_Jspwebshell_1_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6010-L6026"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6010-L6026"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0bed4a1966117dd872ac9e8dceceb54024a030fa"
logic_hash = "13e696c1c671d7fda832c84f150e3f41ed55bf888c4bebfeb06ea68d6be65527"
score = 75
@@ -344141,8 +344553,8 @@ rule SIGNATURE_BASE_Webshell_Safe0Ver
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6027-L6044"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6027-L6044"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "366639526d92bd38ff7218b8539ac0f154190eb8"
logic_hash = "ae5de63b79804cf8c99bc5ea0c8862cf05e4085451d2b516cf95565bf32f3876"
score = 75
@@ -344171,8 +344583,8 @@ rule SIGNATURE_BASE_Webshell_Uploader
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6045-L6056"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6045-L6056"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e216c5863a23fde8a449c31660fd413d77cce0b7"
logic_hash = "c4b915f60a952131caa2c4f5bb2eea85ef25f27cabb8ad36a6bb928433558954"
score = 75
@@ -344195,8 +344607,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Kral
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6057-L6073"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6057-L6073"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4cd1d1a2fd448cecc605970e3a89f3c2e5c80dfc"
logic_hash = "0aded226f4e54c0169b9fbda91458f581ea47f9f8bda61a350b5e6f8b60931f3"
score = 75
@@ -344224,8 +344636,8 @@ rule SIGNATURE_BASE_Webshell_Cgitelnet
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6074-L6088"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6074-L6088"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "72e5f0e4cd438e47b6454de297267770a36cbeb3"
logic_hash = "e9b7096d5a19c9d5423bbfe125ae0347853919ab092efa98f0687a5d0cf68953"
score = 75
@@ -344252,8 +344664,8 @@ rule SIGNATURE_BASE_Webshell_Simple_Backdoor_2
modified = "2025-11-03"
old_rule_name = "WebShell_simple_backdoor"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6089-L6109"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6089-L6109"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "edcd5157a68fa00723a506ca86d6cbb8884ef512"
logic_hash = "655e445e51ec0f1bdce006a72acf3bce95941a349c279c14768760fa9f6f9d76"
score = 75
@@ -344284,8 +344696,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6110-L6124"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6110-L6124"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8fdd4e0e87c044177e9e1c97084eb5b18e2f1c25"
logic_hash = "fbe1f77e00fbc4e58cbad564e2d96c0381765ac799dfdf6cc2580428c68f97a5"
score = 75
@@ -344311,8 +344723,8 @@ rule SIGNATURE_BASE_Webshell_Ntdaddy_V1_9
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6125-L6139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6125-L6139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "79519aa407fff72b7510c6a63c877f2e07d7554b"
logic_hash = "fdf8b4bb4980e588ad5ccee2d047660980d39f38617f887c5762dcdb0b858267"
score = 75
@@ -344338,8 +344750,8 @@ rule SIGNATURE_BASE_Webshell_Lamashell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6140-L6156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6140-L6156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b71181e0d899b2b07bc55aebb27da6706ea1b560"
logic_hash = "e58dbd6b9c65a139828890a3fadfad9031580fe189066489d266d37d7078ad98"
score = 75
@@ -344367,8 +344779,8 @@ rule SIGNATURE_BASE_Webshell_Simple_PHP_Backdoor_By_DK
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6157-L6172"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6157-L6172"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "03f6215548ed370bec0332199be7c4f68105274e"
logic_hash = "1f65f759ec4045c521085aad84d0aea4dcfcf26eac4357751cf1dde6886d1718"
score = 75
@@ -344395,8 +344807,8 @@ rule SIGNATURE_BASE_Webshell_Moroccan_Spamers_Ma_Edition_By_Ghost
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6173-L6186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6173-L6186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "31e5473920a2cc445d246bc5820037d8fe383201"
logic_hash = "0e3d2d97665b8849d121d63a22baf7393047a814dde3753e395418c1868b59be"
score = 75
@@ -344421,8 +344833,8 @@ rule SIGNATURE_BASE_Webshell_C99Madshell_V__2_0_Madnet_Edition
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6187-L6202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6187-L6202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f99f8228eb12746847f54bad45084f19d1a7e111"
logic_hash = "7cf825a604783ebc74b1dca53aaff5c886957c562e11276f2acce5ff1f6ab991"
score = 75
@@ -344449,8 +344861,8 @@ rule SIGNATURE_BASE_Webshell_Cmdasp_Asp_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6203-L6222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6203-L6222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cb18e1ac11e37e236e244b96c2af2d313feda696"
logic_hash = "0fd9c7e83ad9ddf5cf88f1d1573324d9f24ae03a1951446fe11c116fd0cf4932"
score = 75
@@ -344481,8 +344893,8 @@ rule SIGNATURE_BASE_Webshell_NCC_Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6223-L6239"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6223-L6239"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "64d4495875a809b2730bd93bec2e33902ea80a53"
logic_hash = "c58edc548b7804be25f6956e9407cc9f8c74dfd8651f601a87ba639284e612d9"
score = 75
@@ -344510,8 +344922,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_README
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6240-L6252"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6240-L6252"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ef2c567b4782c994db48de0168deb29c812f7204"
logic_hash = "aa8a9be74bbac08518d5ba442aa6fa37d3f1b255df48b49ccb9842f5728a49d5"
score = 75
@@ -344535,8 +344947,8 @@ rule SIGNATURE_BASE_Webshell_Backupsql
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6253-L6268"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6253-L6268"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "863e017545ec8e16a0df5f420f2d708631020dd4"
logic_hash = "0126bfad6eb3861e8322ac3e11b4fd95bc8b88597d916e66c6646d7d5529c1d5"
score = 75
@@ -344563,8 +344975,8 @@ rule SIGNATURE_BASE_Webshell_AK_74_Security_Team_Web_Shell_Beta_Version
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6269-L6282"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6269-L6282"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c90b0ba575f432ecc08f8f292f3013b5532fe2c4"
logic_hash = "4fbf8f5cab8593fd88e5a430b849e61d7d663c13700f459aa516c5b337d5438b"
score = 75
@@ -344589,8 +345001,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Cpanel
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6283-L6299"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6283-L6299"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "433dab17106b175c7cf73f4f094e835d453c0874"
logic_hash = "e4dc90c52648f1e5b7dc2d77dcb94feb774ec9e3c156c923c54a9e8f537bbf07"
score = 75
@@ -344618,8 +345030,8 @@ rule SIGNATURE_BASE_Webshell_Accept_Language
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6300-L6311"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6300-L6311"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "180b13576f8a5407ab3325671b63750adbcb62c9"
logic_hash = "6d45071722268f5b39b1486a7dce883ecefb2b3c9993357b7b58bd603ff1c40d"
score = 75
@@ -344642,8 +345054,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_529
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6312-L6329"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6312-L6329"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ba3fb2995528307487dff7d5b624d9f4c94c75d3"
logic_hash = "f46b84d51077f157c83cd01534dfe7f9cd0d9ef04ad9935ced22d2abc873c171"
score = 75
@@ -344672,8 +345084,8 @@ rule SIGNATURE_BASE_Webshell_STNC_Webshell_V0_8
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6330-L6343"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6330-L6343"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "52068c9dff65f1caae8f4c60d0225708612bb8bc"
logic_hash = "c2067a1b78c441aa05366b612090e0df895c621843038cc9e65beb6719c0cb9a"
score = 75
@@ -344698,8 +345110,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Tryag
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6344-L6359"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6344-L6359"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "42d837e9ab764e95ed11b8bd6c29699d13fe4c41"
logic_hash = "2af3bbe8d1940e60843f3f5d40c9c6550e76df21568c374f7a871f73aeefae44"
score = 75
@@ -344726,8 +345138,8 @@ rule SIGNATURE_BASE_Webshell_Dc3_Security_Crew_Shell_Priv_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6360-L6375"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6360-L6375"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9077eb05f4ce19c31c93c2421430dd3068a37f17"
logic_hash = "52dc0449c205ff9105e2dedc3cb4858f83a2efc7bae579656a26da493dc59500"
score = 75
@@ -344754,8 +345166,8 @@ rule SIGNATURE_BASE_Webshell_Qsd_Php_Backdoor
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6376-L6390"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6376-L6390"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4856bce45fc5b3f938d8125f7cdd35a8bbae380f"
logic_hash = "3ef7b67cd60370a99fdfa6fd614f71ee314af27c9d983383dde8f03a127a28b3"
score = 75
@@ -344781,8 +345193,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Spygrup
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6391-L6405"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6391-L6405"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "12f9105332f5dc5d6360a26706cd79afa07fe004"
logic_hash = "5981f8cc1a98f799b1573cf73297383f995acf1c40f0227ac10302dc4d6fd6cc"
score = 75
@@ -344808,8 +345220,8 @@ rule SIGNATURE_BASE_Webshell_Web_Shell__C_Shankar
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6406-L6420"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6406-L6420"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3dd4f25bd132beb59d2ae0c813373c9ea20e1b7a"
logic_hash = "9d320eed18a5d76a87cee4ea0fa9caf08f096f7eeaab55420540aa082b596e0f"
score = 75
@@ -344835,8 +345247,8 @@ rule SIGNATURE_BASE_Webshell_Ayyildiz_Tim___AYT__Shell_V_2_1_Biz
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6421-L6435"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6421-L6435"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5fe8c1d01dc5bc70372a8a04410faf8fcde3cb68"
logic_hash = "2d096baad162c0e3e01732007a3be2804155e614a8fa4cd2d5dd3a7ac808fb49"
score = 75
@@ -344862,8 +345274,8 @@ rule SIGNATURE_BASE_Webshell_Gamma_Web_Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6436-L6450"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6436-L6450"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7ef773df7a2f221468cc8f7683e1ace6b1e8139a"
logic_hash = "1de868c4948a95272d288aeba3ac38b84bf6b33ede6b3b600b32530c85586404"
score = 75
@@ -344889,8 +345301,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Aspydrv
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6451-L6466"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6451-L6466"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3d8996b625025dc549d73cdb3e5fa678ab35d32a"
logic_hash = "314fd671b163b9904cc78cb3a5858f5b1e3dfae9d520d5ebc545a7abd922e9f7"
score = 75
@@ -344917,8 +345329,8 @@ rule SIGNATURE_BASE_Webshell_Jspwebshell_1_2_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6467-L6482"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6467-L6482"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "184fc72b51d1429c44a4c8de43081e00967cf86b"
logic_hash = "41d937fce969a850a2e4e07eb168becc96a036317a78d620e812707be9466dfc"
score = 75
@@ -344945,8 +345357,8 @@ rule SIGNATURE_BASE_Webshell_G00Nshell_V1_3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6483-L6498"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6483-L6498"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "70fe072e120249c9e2f0a8e9019f984aea84a504"
logic_hash = "2ecb3ce2aa43a99552fb26e610c35bdb04f4ff0dc75c867e4327d6e27eed0177"
score = 75
@@ -344974,8 +345386,8 @@ rule SIGNATURE_BASE_Webshell_Winx_Shell_2
modified = "2025-11-03"
old_rule_name = "WebShell_WinX_Shell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6499-L6515"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6499-L6515"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a94d65c168344ad9fa406d219bdf60150c02010e"
logic_hash = "f953c297763e41d197ce186dc818b656951dfa8c855c5063fc4abb54eeefc7bb"
score = 75
@@ -345002,8 +345414,8 @@ rule SIGNATURE_BASE_Webshell_PHANTASMA
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6516-L6530"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6516-L6530"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cd12d42abf854cd34ff9e93a80d464620af6d75e"
logic_hash = "355be62807182f9a53bac20a6dead8f0a3bee83b6bdc4566502c157f16076b9b"
score = 75
@@ -345029,8 +345441,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Cw
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6531-L6547"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6531-L6547"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e65e0670ef6edf0a3581be6fe5ddeeffd22014bf"
logic_hash = "52bfb14f4d5d3df787ce7782cbbee25ea1556758eed48e3001c8a3f35a541526"
score = 75
@@ -345058,8 +345470,8 @@ rule SIGNATURE_BASE_Webshell_Php_Include_W_Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6548-L6561"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6548-L6561"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1a7f4868691410830ad954360950e37c582b0292"
logic_hash = "2be144060d4fdaee38214dc2eba80c2a6fd3699060d274e66356fd5a08c9be4b"
score = 75
@@ -345084,8 +345496,8 @@ rule SIGNATURE_BASE_Webshell_Mysql_Tool
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6562-L6574"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6562-L6574"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c9cf8cafcd4e65d1b57fdee5eef98f0f2de74474"
logic_hash = "611636b3fa9a3163574b18cf8eacebea9733a1ad381261387f79a532b003e8fd"
score = 75
@@ -345109,8 +345521,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy_Ver_2006
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6575-L6589"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6575-L6589"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "34a89e0ab896c3518d9a474b71ee636ca595625d"
logic_hash = "69bd2c387b0e676168116f3b3c3c081e08fd555cc6bc9a94b9c8ef97f194b09f"
score = 75
@@ -345136,8 +345548,8 @@ rule SIGNATURE_BASE_Webshell_Zyklonshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6590-L6604"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6590-L6604"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3fa7e6f3566427196ac47551392e2386a038d61c"
logic_hash = "5d49f2599781836156f6bbb0c50cfcffdb2ca51c7cb688abbc6245d7f856ad01"
score = 75
@@ -345164,8 +345576,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Myshell_2
modified = "2025-11-03"
old_rule_name = "WebShell_php_webshells_myshell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6605-L6620"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6605-L6620"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5bd52749872d1083e7be076a5e65ffcde210e524"
logic_hash = "7765e43189d6ec0cda0b58d00cfd7fc8cec89287dbac7487083b6ce1ce55f306"
score = 75
@@ -345191,8 +345603,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Lolipop
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6621-L6634"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6621-L6634"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "86f23baabb90c93465e6851e40104ded5a5164cb"
logic_hash = "8b0dcf76a244f80d4bee0c62189df55c1f8d71cf0900cd8ebb5916f5fe972bed"
score = 75
@@ -345217,8 +345629,8 @@ rule SIGNATURE_BASE_Webshell_Simple_Cmd
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6635-L6649"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6635-L6649"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "466a8caf03cdebe07aa16ad490e54744f82e32c2"
logic_hash = "82a65f4bbdcd2fc626aa9f36fe530d19aa19a48389e970c26e525597818914ee"
score = 75
@@ -345244,8 +345656,8 @@ rule SIGNATURE_BASE_Webshell_Go_Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6650-L6665"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6650-L6665"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3dd85981bec33de42c04c53d081c230b5fc0e94f"
logic_hash = "f2fcefb9a0536c80fa74ceb002e113f95de53d1f56e22c81b542c395dd11071d"
score = 75
@@ -345273,8 +345685,8 @@ rule SIGNATURE_BASE_Webshell_Azrailphp_V1_0_2
modified = "2025-11-03"
old_rule_name = "WebShell_aZRaiLPhp_v1_0"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6666-L6681"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6666-L6681"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a2c609d1a8c8ba3d706d1d70bef69e63f239782b"
logic_hash = "8309338bb327cc14ae5970bd921b3dba68353d55be31b9dbbc5374ded24ed563"
score = 75
@@ -345300,8 +345712,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_Zehir4
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6682-L6695"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6682-L6695"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "788928ae87551f286d189e163e55410acbb90a64"
logic_hash = "36b6940ffecd9be190cce62252ec7d87f1c0bc0d19b4442df63f4404eb316364"
score = 55
@@ -345325,8 +345737,8 @@ rule SIGNATURE_BASE_Webshell_Zehir4_Asp_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6696-L6709"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6696-L6709"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1d9b78b5b14b821139541cc0deb4cbbd994ce157"
logic_hash = "dfaf685ac3b364143bfbe289b05f066b09f01622fec3e9157f4b4791f7567619"
score = 75
@@ -345351,8 +345763,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Lostdc
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6710-L6725"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6710-L6725"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d54fe07ea53a8929620c50e3a3f8fb69fdeb1cde"
logic_hash = "e3cd28f4a72f5a8a92c728fe76a7159c28256e87daf4c1dd10190a57263f5b45"
score = 75
@@ -345379,8 +345791,8 @@ rule SIGNATURE_BASE_Webshell_Casus_1_5
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6726-L6739"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6726-L6739"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7eee8882ad9b940407acc0146db018c302696341"
logic_hash = "0dbaa39bd33047d24e5bc9716108c5581da3f54e93d90f9c550b3d84de1ebfe2"
score = 75
@@ -345405,8 +345817,8 @@ rule SIGNATURE_BASE_Webshell_Ftpsearch
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6740-L6754"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6740-L6754"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c945f597552ccb8c0309ad6d2831c8cabdf4e2d6"
logic_hash = "6b32553be4fdf26776e3cbb8a5d4d011d88f2bd50949b65934df72b89065aeec"
score = 75
@@ -345432,8 +345844,8 @@ rule SIGNATURE_BASE_Webshell__Cyber_Shell_Cybershell_Cyber_Shell__V_1_0_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6755-L6772"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6755-L6772"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fc2cf9a25ccc5aa3d9dc287ef9600b065ba9025cfb0a1ccca1bce9120ea03ff4"
score = 75
quality = 85
@@ -345462,8 +345874,8 @@ rule SIGNATURE_BASE_Webshell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_Sold
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6773-L6793"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6773-L6793"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b9e0d96c8a618a4883235e8c5c9a03a1e0b586cb4b30e0273e24c35ee5ee502"
score = 75
quality = 85
@@ -345495,8 +345907,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_7
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6794-L6812"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6794-L6812"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9d9b6b1333f2061c357fad110b5cc508288c70aea1212aa2fcbf283a2ce4fb2c"
score = 75
quality = 85
@@ -345526,8 +345938,8 @@ rule SIGNATURE_BASE_Webshell__Small_Web_Shell_By_Zaco_Small_Zaco_Zacosmall
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6813-L6831"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6813-L6831"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "840c58043e39014e90e7621c1d2417d5a970c744560738abc4fea3db3cbb8d5a"
score = 75
quality = 85
@@ -345557,8 +345969,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_8
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6832-L6851"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6832-L6851"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "346df2686c4d43b3210b07a30845477e057602500e67baba69b50c41e8d501fa"
score = 75
quality = 85
@@ -345589,8 +346001,8 @@ rule SIGNATURE_BASE_Webshell__PH_Vayv_Phvayv_PH_Vayv_Klasvayv_Asp_Php
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6852-L6870"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6852-L6870"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "42959ba1e3c0f7f198f953e98b9df87059999f5526df4338c109828d0a5a518a"
score = 75
quality = 85
@@ -345620,8 +346032,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_9
date = "2014-04-06"
modified = "2022-12-06"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6872-L6892"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6872-L6892"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9f8768f609ccd464f7c2b9d10ce8ea423355e11b05b39e629e5e3de0787e212b"
score = 70
quality = 77
@@ -345649,8 +346061,8 @@ rule SIGNATURE_BASE_Webshell__PH_Vayv_Phvayv_PH_Vayv
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6894-L6910"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6894-L6910"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2f2b95415bc990adac38eada20cbc793f286d51f2054bc969e9c667f16717f9"
score = 75
quality = 85
@@ -345678,8 +346090,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_1
date = "2014-04-06"
modified = "2022-12-06"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6912-L6931"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6912-L6931"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9e3759d45d13e33481b962c4b59a019647a3e80bdd3885c4404169af74288b89"
score = 70
quality = 79
@@ -345707,8 +346119,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6933-L6952"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6933-L6952"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a63d3b00ad9719140da9bb5dcb49981c4d3758fac13c392d016b47e54f356c8"
score = 75
quality = 85
@@ -345739,8 +346151,8 @@ rule SIGNATURE_BASE_Webshell__Crystalshell_V_1_Erne_Stres
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6953-L6974"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6953-L6974"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0484a5a71715d6a79c89e20919ab89aaa7e85a18ee502651f1f6b29153847a3"
score = 75
quality = 85
@@ -345773,8 +346185,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6975-L6994"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6975-L6994"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5c264a294fc75cf2cadd3dba61bc64658989ffe5ddecfa18ba18e66492ad3c71"
score = 75
quality = 85
@@ -345805,8 +346217,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_4
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L6995-L7017"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L6995-L7017"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18db4c6728f0575b4d8388dab9563ee98ca9aa5fdc8534bf76856a87820b4596"
score = 75
quality = 85
@@ -345840,8 +346252,8 @@ rule SIGNATURE_BASE_Webshell_GFS
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7019-L7035"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7019-L7035"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "72a3f117cb11e1461b760c47a3de74283640b6e1daa87b24e45210213bb76609"
score = 75
quality = 85
@@ -345869,8 +346281,8 @@ rule SIGNATURE_BASE_Webshell__Crystalshell_V_1_Sosyete_Stres
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7036-L7056"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7036-L7056"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "78aeabe38f7457060d81c3863098b5e424bc38f13e9e86bbb6ea54827f27afcd"
score = 75
quality = 85
@@ -345902,8 +346314,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_10
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7057-L7077"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7057-L7077"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bf731edef55cde5d2ad16510fb9f1a240c1a06b535af7e13300fdbea470df74"
score = 75
quality = 85
@@ -345935,8 +346347,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_11
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7078-L7100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7078-L7100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5a559a26314ce603d6454efb71f1243bf89daed920ca2a495a51b94a4cca0045"
score = 75
quality = 85
@@ -345970,8 +346382,8 @@ rule SIGNATURE_BASE_Webshell__Findsock_Php_Findsock_Shell_Php_Reverse_Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7101-L7115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7101-L7115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2459f7114482e17f087bda4b638c29e237f2f3cb5a9e41e326ed65fc1834b6be"
score = 75
quality = 85
@@ -345997,8 +346409,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_6
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7116-L7137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7116-L7137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b3f2ca3cb9516ddda1b9cac2ca5eb5d9e62e1839dad041f69a3dc7a2a186897"
score = 75
quality = 85
@@ -346031,8 +346443,8 @@ rule SIGNATURE_BASE_Unpack_Injectt
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7139-L7152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7139-L7152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8a5d2158a566c87edc999771e12d42c5"
logic_hash = "d8e9ed4f2604617bd6410f36ab827affa3cc6729ba996d0d9cd9c8eb0fd96533"
score = 75
@@ -346057,8 +346469,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Fso
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7153-L7165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7153-L7165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b37f3cde1a08890bd822a182c3a881f6"
logic_hash = "9d071c1e2e0725091a2abe24759e6e71d78e29caa76b4fff77c44e3bb381b1a2"
score = 75
@@ -346082,8 +346494,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Ssh
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7166-L7177"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7166-L7177"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1aa5307790d72941589079989b4f900e"
logic_hash = "40c5a5d1d714947454f4aa9f7ed09d777cb60c23933201ac8eaf0d49452af8c6"
score = 75
@@ -346106,8 +346518,8 @@ rule SIGNATURE_BASE_Debug_Bdoor
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7178-L7190"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7178-L7190"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e4e8e31dd44beb9320922c5f49739955"
logic_hash = "ed8caeb96a6fc48fe23d5db078bbb8ba5aec3c5d4ee382cbc6bc4e01630f1460"
score = 75
@@ -346131,8 +346543,8 @@ rule SIGNATURE_BASE_Bin_Client
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7191-L7205"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7191-L7205"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5f91a5b46d155cacf0cc6673a2a5461b"
logic_hash = "28ce9aa136b5d41bb580e6b5b8580d3ccbb7eeec31007e68241d23c5a0f40d40"
score = 75
@@ -346158,8 +346570,8 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Zxshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7206-L7218"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7206-L7218"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "246ce44502d2f6002d720d350e26c288"
logic_hash = "72eaf90551144eccb7329e0a0e05bcc955ea2bfdb37aa87e9cae7b5f5a26bea0"
score = 75
@@ -346183,8 +346595,8 @@ rule SIGNATURE_BASE_Rkntload
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7219-L7237"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7219-L7237"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "262317c95ced56224f136ba532b8b34f"
logic_hash = "ab767a7016318633055a85195ca2bab08a8c68222d46018aaf8772ab27a373c4"
score = 75
@@ -346214,8 +346626,8 @@ rule SIGNATURE_BASE_Binder2_Binder2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7238-L7254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7238-L7254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d594e90ad23ae0bc0b65b59189c12f11"
logic_hash = "fbe56b7d37fc7863fcf55761c0b5b671d661a713ac95f90d65b79eee9a447a9b"
score = 75
@@ -346243,8 +346655,8 @@ rule SIGNATURE_BASE_Thelast_Orice2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7255-L7267"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7255-L7267"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aa63ffb27bde8d03d00dda04421237ae"
logic_hash = "075f3377a9b90c6c1ba74682415b9c0832a839afe647fa6d3c85d4e987618405"
score = 75
@@ -346268,8 +346680,8 @@ rule SIGNATURE_BASE_FSO_S_Sincap
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7268-L7280"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7268-L7280"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dc5c2c2392b84a1529abd92e98e9aa5b"
logic_hash = "705030e93248f5ea6744f78bd7a1816aaa9772880059286b8d686e05b193d4a0"
score = 75
@@ -346293,8 +346705,8 @@ rule SIGNATURE_BASE_Phpshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7281-L7292"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7281-L7292"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "539baa0d39a9cf3c64d65ee7a8738620"
logic_hash = "95b3cedac370bf9b06092035a738722f3ec97e6cbafe3d4f742429a865576ad8"
score = 75
@@ -346317,8 +346729,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Config
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7293-L7306"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7293-L7306"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b41d0e64e64a685178a3155195921d61"
logic_hash = "b2806c30db413bca518943352f233c9d2915356a41eceed5e352b88ee34fbbd3"
score = 75
@@ -346343,8 +346755,8 @@ rule SIGNATURE_BASE_Sendmail
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7307-L7319"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7307-L7319"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "75b86f4a21d8adefaf34b3a94629bd17"
logic_hash = "bcca9a9380d2695bc277afc9fa72c24cb26ac44c6fbcc87113b017cfe190bdab"
score = 75
@@ -346368,8 +346780,8 @@ rule SIGNATURE_BASE_FSO_S_Zehir4
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7320-L7331"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7320-L7331"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b496a61363d304532bcf52ee21f5d55"
logic_hash = "6bcfb1ee40403394bf996ecbe1bb17f9afa0c3ba9e1906881b94bbc785b4a510"
score = 75
@@ -346392,8 +346804,8 @@ rule SIGNATURE_BASE_Hkshell_Hkshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7332-L7345"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7332-L7345"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "168cab58cee59dc4706b3be988312580"
logic_hash = "bee4d4c957ede41c771d690d52ac2fd3655238cc1fc106d30fb2721084b38aa1"
score = 75
@@ -346418,8 +346830,8 @@ rule SIGNATURE_BASE_Imhapftp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7346-L7357"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7346-L7357"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "12911b73bc6a5d313b494102abcf5c57"
logic_hash = "c24bb80a0ae4284b4303450e9103c5dda30c41b41f323641ac1175461f741ced"
score = 75
@@ -346442,8 +346854,8 @@ rule SIGNATURE_BASE_Unpack_Tback
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7358-L7369"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7358-L7369"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a9d1007823bf96fb163ab38726b48464"
logic_hash = "0fb43766c305f4235cc0987f411fdc3b3674723687f0b63d346429f4a7b5b87f"
score = 75
@@ -346466,8 +346878,8 @@ rule SIGNATURE_BASE_Darkspy105
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7370-L7381"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7370-L7381"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f0b85e7bec90dba829a3ede1ab7d8722"
logic_hash = "0f1c9dba4525f9c30f309500652ed6af647ddf492f483e101fc23c891e15fc85"
score = 75
@@ -346490,8 +346902,8 @@ rule SIGNATURE_BASE_Editserver_EXE
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7382-L7395"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7382-L7395"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f945de25e0eba3bdaf1455b3a62b9832"
logic_hash = "d440669b0c0bf575cf9dea946edf55f724300a4c765e90c631fc1eee062bf006"
score = 75
@@ -346516,8 +346928,8 @@ rule SIGNATURE_BASE_FSO_S_Reader
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7396-L7407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7396-L7407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b598c8b662f2a1f6cc61f291fb0a6fa2"
logic_hash = "89a948f8da66173965884cd525615c8eeb91cf98a4984c05be7472034bb72f76"
score = 75
@@ -346540,8 +346952,8 @@ rule SIGNATURE_BASE_ASP_Cmdasp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7408-L7421"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7408-L7421"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "79d4f3425f7a89befb0ef3bafe5e332f"
logic_hash = "84c3148fe74b1afaa6e3bbff0aca8df1f1775759a36a673cc13d35ef7658929c"
score = 75
@@ -346566,8 +346978,8 @@ rule SIGNATURE_BASE_KA_Ushell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7422-L7434"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7422-L7434"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "685f5d4f7f6751eaefc2695071569aab"
logic_hash = "58d25e19e2e14a909b4b623a85dfd8c62974121d3b23574d1e94b62385e42b45"
score = 75
@@ -346591,8 +347003,8 @@ rule SIGNATURE_BASE_PHP_Backdoor_V1
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7435-L7448"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7435-L7448"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0506ba90759d11d78befd21cabf41f3d"
logic_hash = "396ae1ee34a06ab4863f4f54257a9020b8747fb99dff15372f0aa54fa4598e43"
score = 75
@@ -346616,8 +347028,8 @@ rule SIGNATURE_BASE_Svchostdll
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7449-L7468"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7449-L7468"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0f6756c8cb0b454c452055f189e4c3f4"
logic_hash = "4a7a7bb7d827c2e7801f8c33b292bb3d312428fc4ae79f07e103f456984c3b83"
score = 75
@@ -346648,8 +347060,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Server
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7469-L7480"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7469-L7480"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1d38526a215df13c7373da4635541b43"
logic_hash = "66b8513a532f64af535c948da28674795ae6495b9844165c3b039bf61c25eb46"
score = 75
@@ -346672,8 +347084,8 @@ rule SIGNATURE_BASE_Vanquish
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7481-L7494"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7481-L7494"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "684450adde37a93e8bb362994efc898c"
logic_hash = "223c59d06a9389f380fa29959c54e53a17b53080f704189ae519b9527b2c6384"
score = 75
@@ -346698,8 +347110,8 @@ rule SIGNATURE_BASE_Winshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7495-L7514"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7495-L7514"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3144410a37dd4c29d004a814a294ea26"
logic_hash = "addbfa598039af09c0e4c50138fcfabd16c35c5516259cf9595cf49855da518d"
score = 75
@@ -346730,8 +347142,8 @@ rule SIGNATURE_BASE_FSO_S_Remview
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7515-L7528"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7515-L7528"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b4a09911a5b23e00b55abe546ded691c"
logic_hash = "19719e8c9215ec9ba9fab55b604907e0a6d0a0507a5662926acff1e9dc03440e"
score = 75
@@ -346756,8 +347168,8 @@ rule SIGNATURE_BASE_Saphpshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7529-L7540"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7529-L7540"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d7bba8def713512ddda14baf9cd6889a"
logic_hash = "24d558292a709bb29334b1acdc53cdb6c5bc6803caec527edcacd6a19f6dc7c9"
score = 75
@@ -346780,8 +347192,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006Z
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7541-L7553"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7541-L7553"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fd1b6129abd4ab177fed135e3b665488"
logic_hash = "4b427132541cd26ee47c387a98f6f46f86808f9a775068e1d114c9ef4abca9f6"
score = 75
@@ -346805,8 +347217,8 @@ rule SIGNATURE_BASE_Admin_Ad
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7554-L7566"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7554-L7566"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e6819b8f8ff2f1073f7d46a0b192f43b"
logic_hash = "0febd10979a959af73332a8e064a510e949109abf863b5fd0fef19b635968d1d"
score = 75
@@ -346830,8 +347242,8 @@ rule SIGNATURE_BASE_FSO_S_Casus15
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7567-L7578"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7567-L7578"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8d155b4239d922367af5d0a1b89533a3"
logic_hash = "58921290952f23ff5b828d8c92c818ebd91b726cdbbc9137b0f55a0e5ca90636"
score = 75
@@ -346854,8 +347266,8 @@ rule SIGNATURE_BASE_BIN_Client
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7579-L7595"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7579-L7595"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9f0a74ec81bc2f26f16c5c172b80eca7"
logic_hash = "e1277f6b7adc2e832a3aad96c7e44796596d2e61eb9247977da3c3569777e0b2"
score = 75
@@ -346883,8 +347295,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Uptime
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7596-L7611"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7596-L7611"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d1f56102bc5d3e2e37ab3ffa392073b9"
logic_hash = "5d91dda859a63a965250bd4d76565c6adf18e4ee306be3b91965e5d35bc521e8"
score = 75
@@ -346911,8 +347323,8 @@ rule SIGNATURE_BASE_Simple_PHP_Backdoor
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7612-L7625"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7612-L7625"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a401132363eecc3a1040774bec9cb24f"
logic_hash = "9739217c23f583452fbf1d7a8e20b2f1379ebf430e0a4fd73ad62e88d544670a"
score = 75
@@ -346937,8 +347349,8 @@ rule SIGNATURE_BASE_Sig_2005Gray
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7626-L7640"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7626-L7640"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "75dbe3d3b70a5678225d3e2d78b604cc"
logic_hash = "927ed5cdaa14b6cd63a6ca7d7bec6635b69fa19d88808890e7d198fb7a0b57b4"
score = 75
@@ -346964,8 +347376,8 @@ rule SIGNATURE_BASE_Dllinjection
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7641-L7652"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7641-L7652"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a7b92283a5102886ab8aee2bc5c8d718"
logic_hash = "6e01ae1cc8a91a5e0d22bdf477aa72bf0116dbe31752a069b1e34d8a09ec6213"
score = 75
@@ -346988,8 +347400,8 @@ rule SIGNATURE_BASE_Mithril_V1_45_Mithril
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7653-L7665"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7653-L7665"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f1484f882dc381dde6eaa0b80ef64a07"
logic_hash = "a3e74bfb34762553eccaddd745d9e17dc3a5a25201e4bc9e2ea9a49342295c78"
score = 75
@@ -347013,8 +347425,8 @@ rule SIGNATURE_BASE_Hkshell_Hkrmv
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7666-L7678"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7666-L7678"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bd3a0b7a6b5536f8d96f50956560e9bf"
logic_hash = "f1da0778456272e6d93633a564018bdf0fa74f1db1c9e963a03a59c69c752b6e"
score = 75
@@ -347039,8 +347451,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_1
modified = "2025-11-03"
old_rule_name = "phpshell"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7679-L7693"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7679-L7693"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1dccb1ea9f24ffbd085571c88585517b"
logic_hash = "eed450ae6668bbee01ea2689e9864f10a66714ec4c91afabb12609ad4ebdac8c"
score = 75
@@ -347065,8 +347477,8 @@ rule SIGNATURE_BASE_FSO_S_Cmd
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7694-L7706"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7694-L7706"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cbe8e365d41dd3cd8e462ca434cf385f"
logic_hash = "43f3379a57210f0e3b70575313115a7ba3d71359de7c5ac9a6a178b93af3545e"
score = 75
@@ -347090,8 +347502,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Phpft
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7707-L7719"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7707-L7719"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "60ef80175fcc6a879ca57c54226646b1"
logic_hash = "741536acafdc4da618d69bdae2f0a3e8c004a4027cc76c796158ee111c006414"
score = 75
@@ -347115,8 +347527,8 @@ rule SIGNATURE_BASE_FSO_S_Indexer
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7720-L7731"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7720-L7731"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "135fc50f85228691b401848caef3be9e"
logic_hash = "a1bfba9c24819f5c1574aa179d853a6cc2fcf58c7b9a14eeab2639248178549c"
score = 75
@@ -347139,8 +347551,8 @@ rule SIGNATURE_BASE_R57Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7732-L7743"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7732-L7743"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8023394542cddf8aee5dec6072ed02b5"
logic_hash = "40ff6bceb3f9bd95fbf5e75681fadadaa64243007e10fcc86bb909282b8161c5"
score = 75
@@ -347163,8 +347575,8 @@ rule SIGNATURE_BASE_Bdcli100
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7744-L7756"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7744-L7756"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b12163ac53789fb4f62e4f17a8c2e028"
logic_hash = "48c70413c71d5a84f8cea48c77935b7cc26d9e1348d7ab257de4540d69f0f817"
score = 75
@@ -347188,8 +347600,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_2005Red
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7757-L7770"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7757-L7770"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d8ccda2214b3f6eabd4502a050eb8fe8"
logic_hash = "716b6faa8d1216f592d63b658cdd65d7be0226bf746b5fdf1827bdf881562711"
score = 75
@@ -347214,8 +347626,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006X2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7771-L7783"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7771-L7783"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cc5bf9fc56d404ebbc492855393d7620"
logic_hash = "0df587ccaf41d11c6be90ef631ce8b21f95f08fa8f71e62463c378455b312f4a"
score = 75
@@ -347239,8 +347651,8 @@ rule SIGNATURE_BASE_Rdrbs084
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7784-L7796"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7784-L7796"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ed30327b255816bdd7590bf891aa0020"
logic_hash = "8a743d62723c4a5f863f986edd4b149728680b40d6a4b9a99b093d62ccb70cf8"
score = 75
@@ -347264,8 +347676,8 @@ rule SIGNATURE_BASE_Hytop_Caseswitch_2005
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7797-L7815"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7797-L7815"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8bf667ee9e21366bc0bd3491cb614f41"
logic_hash = "0ecf28b5abb918cd1d8f38b76019dddf19dff5dbb114f16ef6ec9b46cb590a46"
score = 75
@@ -347295,8 +347707,8 @@ rule SIGNATURE_BASE_Ebayid_Index3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7816-L7827"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7816-L7827"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0412b1e37f41ea0d002e4ed11608905f"
logic_hash = "47660cb71d6787683e51aa14fc0f4a9d6f1c59517b77bfe4135098a0020ded11"
score = 75
@@ -347319,8 +347731,8 @@ rule SIGNATURE_BASE_FSO_S_Phvayv
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7828-L7839"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7828-L7839"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "205ecda66c443083403efb1e5c7f7878"
logic_hash = "d0482607f7d9cf6c89963cb9b1f943fa0b80636e857e0fb044cd9a0b3f974deb"
score = 75
@@ -347343,8 +347755,8 @@ rule SIGNATURE_BASE_Byshell063_Ntboot
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7840-L7854"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7840-L7854"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "99b5f49db6d6d9a9faeffb29fd8e6d8c"
logic_hash = "2fdc930eacb87d02ebe69a2b64df4103bd0f3417a76f1b2922b3d4cd4c0dffe9"
score = 75
@@ -347370,8 +347782,8 @@ rule SIGNATURE_BASE_FSO_S_Casus15_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7855-L7866"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7855-L7866"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8d155b4239d922367af5d0a1b89533a3"
logic_hash = "45820e0398cca8e75fc4acf6863d962a817afd95a4592acd4ac4a50029684220"
score = 75
@@ -347394,8 +347806,8 @@ rule SIGNATURE_BASE_Installer
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7867-L7879"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7867-L7879"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a507919ae701cf7e42fa441d3ad95f8f"
logic_hash = "73c1032313155ceb752fe2f94c8d242833127fe0443d7e3044fa1de2b2b7742b"
score = 75
@@ -347419,8 +347831,8 @@ rule SIGNATURE_BASE_FSO_S_Remview_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7880-L7892"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7880-L7892"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b4a09911a5b23e00b55abe546ded691c"
logic_hash = "0a682431f7044e9a49c8dd4842a22c521e2a07d5df045b0a12449e3b3206716b"
score = 75
@@ -347444,8 +347856,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_R57
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7893-L7904"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7893-L7904"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "903908b77a266b855262cdbce81c3f72"
logic_hash = "8d0f3b2009594d4aa413c4794dca12e3c66a19974cc6d0b47cc3f5e2572a4c57"
score = 75
@@ -347468,8 +347880,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006X
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7905-L7917"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7905-L7917"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cf3ee0d869dd36e775dfcaa788db8e4b"
logic_hash = "b71cf90900c7eae4caef57564292ca497a2c6c77e3de2994ba9e4cecae7f2697"
score = 75
@@ -347493,8 +347905,8 @@ rule SIGNATURE_BASE_FSO_S_Phvayv_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7918-L7929"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7918-L7929"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "205ecda66c443083403efb1e5c7f7878"
logic_hash = "11418a11692412ccb309983bdadd9bda2b27b692c3282eb0386094e76c7ba1e0"
score = 75
@@ -347517,8 +347929,8 @@ rule SIGNATURE_BASE_Elmaliseker
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7930-L7942"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7930-L7942"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ccf48af0c8c09bbd038e610a49c9862e"
logic_hash = "54c0b8e74a9b10fe54901c0595600af1dfc54abd3f710fc20ca87ca92236bb49"
score = 75
@@ -347542,8 +347954,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Resolve
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7943-L7960"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7943-L7960"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "69bf9aa296238610a0e05f99b5540297"
logic_hash = "39d8ac274e94f13b5eb197be5827a95ac09df70793bd584c96b81983a565c1ce"
score = 75
@@ -347572,8 +347984,8 @@ rule SIGNATURE_BASE_FSO_S_Remexp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7961-L7974"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7961-L7974"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b69670ecdbb40012c73686cd22696eeb"
logic_hash = "b9b966a89ab097494d7af90775bf124f1310c77145be67fa57ebdacd0164e3d0"
score = 75
@@ -347598,8 +348010,8 @@ rule SIGNATURE_BASE_FSO_S_Tool
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7975-L7986"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7975-L7986"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3a1e1e889fdd974a130a6a767b42655b"
logic_hash = "a3449aca3124aa4d920d78e5e674ddd9d8a181b0ce0143032352a69dfdbcad2d"
score = 75
@@ -347622,8 +348034,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_2005
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L7987-L7999"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L7987-L7999"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "97f2552c2fafc0b2eb467ee29cc803c8"
logic_hash = "4d04174b23c9057acf2618c01cd702eaaec2d3508a8c25dd87fdd320c076a3b1"
score = 75
@@ -347647,8 +348059,8 @@ rule SIGNATURE_BASE_Byloader
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8000-L8015"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8000-L8015"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0f0d6dc26055653f5844ded906ce52df"
logic_hash = "66c900e4bc771fb23d7623e57ad51edaa95696c2e31554720582f3e33a1b2e25"
score = 75
@@ -347675,8 +348087,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Fport
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8016-L8028"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8016-L8028"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dbb75488aa2fa22ba6950aead1ef30d5"
logic_hash = "b9dc66e249c0577839cc3748f129c343d2ccb7327b92a2a67e4467782d10a25e"
score = 75
@@ -347700,8 +348112,8 @@ rule SIGNATURE_BASE_Backdoor__Fr_
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8029-L8040"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8029-L8040"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a79cac2cf86e073a832aaf29a664f4be"
logic_hash = "6c16c200712015eed71aeb119e46bad5f93445a8f719d98ef31f9012cb3551ae"
score = 75
@@ -347724,8 +348136,8 @@ rule SIGNATURE_BASE_FSO_S_Ntdaddy
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8041-L8052"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8041-L8052"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f6262f3ad9f73b8d3e7d9ea5ec07a357"
logic_hash = "4df6f53ee9bfc0214e69dd858878026e962b90573ed48a5ffdd5523538e8f3bf"
score = 75
@@ -347748,8 +348160,8 @@ rule SIGNATURE_BASE_Nstview_Nstview
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8053-L8064"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8053-L8064"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3871888a0c1ac4270104918231029a56"
logic_hash = "2b25e22d86a672af0b8957f1b0336ed80e09f3389f5045c230af2372db0e3415"
score = 75
@@ -347772,8 +348184,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Upload
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8065-L8076"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8065-L8076"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b09852bda534627949f0259828c967de"
logic_hash = "312020a72a37adb0111ac6d61810c8e476be39dc6456e80e83cd6a680e8ea051"
score = 75
@@ -347796,8 +348208,8 @@ rule SIGNATURE_BASE_Passwordreminder
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8077-L8088"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8077-L8088"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ea49d754dc609e8bfa4c0f95d14ef9bf"
logic_hash = "f3da5381f5e352c541654d2af918ca8cea8049d137078670dd0538a4d13f676e"
score = 75
@@ -347820,8 +348232,8 @@ rule SIGNATURE_BASE_Pack_Injectt
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8089-L8104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8089-L8104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "983b74ccd57f6195a0584cdfb27d55e8"
logic_hash = "9f66b7b429ed585888c0fb4943bb12262247b3af8d85bc67309b27752171e66a"
score = 75
@@ -347848,8 +348260,8 @@ rule SIGNATURE_BASE_FSO_S_Remexp_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8105-L8117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8105-L8117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b69670ecdbb40012c73686cd22696eeb"
logic_hash = "e31e25a7c2b2e970a379a61d2dac335bd37cac48328eee9f3966ff5c77ef6f18"
score = 75
@@ -347873,8 +348285,8 @@ rule SIGNATURE_BASE_FSO_S_C99
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8118-L8129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8118-L8129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5f9ba02eb081bba2b2434c603af454d0"
logic_hash = "de769299bbd8b895b84db757fcc037b807f7caaa624c06e9d330934a968b2381"
score = 75
@@ -347897,8 +348309,8 @@ rule SIGNATURE_BASE_Rknt_Zip_Folder_Rknt
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8130-L8147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8130-L8147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5f97386dfde148942b7584aeb6512b85"
logic_hash = "59de8a40a7081ee5fbea9f413590237c1da9985f2352b32571529baf38c93ddb"
score = 75
@@ -347927,8 +348339,8 @@ rule SIGNATURE_BASE_Dbgntboot
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8148-L8160"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8148-L8160"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4d87543d4d7f73c1529c9f8066b475ab"
logic_hash = "10f86f18aff4995928efb3c8000eca166fe37e6006de7938139cad718ff7653f"
score = 75
@@ -347952,8 +348364,8 @@ rule SIGNATURE_BASE_PHP_Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8161-L8173"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8161-L8173"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "45e8a00567f8a34ab1cccc86b4bc74b9"
logic_hash = "a62061b2fa851f5798158198e26f188408f3f37dca69a85ca155777c0b8407ee"
score = 75
@@ -347977,8 +348389,8 @@ rule SIGNATURE_BASE_Hxdef100
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8174-L8187"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8174-L8187"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "55cc1769cef44910bd91b7b73dee1f6c"
logic_hash = "a2002dcddad7ffdbe9614723163016f9357347bb704640d3933ce4513c37d474"
score = 75
@@ -348003,8 +348415,8 @@ rule SIGNATURE_BASE_Rdrbs100
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8188-L8200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8188-L8200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7c752bcd6da796d80a6830c61a632bff"
logic_hash = "8a427ef9e0ecd0c810913203aaef43647964f33658dfdca8195fce6f0545f8f4"
score = 75
@@ -348028,8 +348440,8 @@ rule SIGNATURE_BASE_Mithril_Mithril
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8201-L8219"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8201-L8219"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "017191562d72ab0ca551eb89256650bd"
logic_hash = "5d19eb4132a0401d226c9cffc927b2838e9c69428746296b55a488d097759587"
score = 75
@@ -348059,8 +348471,8 @@ rule SIGNATURE_BASE_Hxdef100_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8220-L8233"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8220-L8233"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b393e2e13b9c57fb501b7cd7ad96b25"
logic_hash = "d44131f6c1bfdc36079f474832a79a361dfad96d1b84f7004d682150c93eccc5"
score = 75
@@ -348085,8 +348497,8 @@ rule SIGNATURE_BASE_Release_Dlltest
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8234-L8254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8234-L8254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "76a59fc3242a2819307bb9d593bef2e0"
logic_hash = "ba759ae1bbde357085b2b2dfda0780b5a239a44b4e999244e8eceed246090ce3"
score = 50
@@ -348118,8 +348530,8 @@ rule SIGNATURE_BASE_Webadmin
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8255-L8266"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8255-L8266"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3a90de401b30e5b590362ba2dde30937"
logic_hash = "6e215c3d8b8357b839416ee6951f7739387bb94aa1284ea7e827ae2205221294"
score = 75
@@ -348142,8 +348554,8 @@ rule SIGNATURE_BASE_Commands
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8267-L8279"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8267-L8279"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "174486fe844cb388e2ae3494ac2d1ec2"
logic_hash = "5251ee090934c8f99a8a2ffef2605593943306937dc56a135a47f1da7e732587"
score = 75
@@ -348167,8 +348579,8 @@ rule SIGNATURE_BASE_Hkdoordll
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8280-L8291"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8280-L8291"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b715c009d47686c0e62d0981efce2552"
logic_hash = "a3c4d262b59cdf82390c0457810505e9e7a18c9b26ba4524bc368fd2141ec306"
score = 75
@@ -348191,8 +348603,8 @@ rule SIGNATURE_BASE_R57Shell_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8292-L8303"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8292-L8303"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8023394542cddf8aee5dec6072ed02b5"
logic_hash = "5319426928d33b62527efb561c2b7a226a5a473735f501b267e6b3b174972085"
score = 75
@@ -348215,8 +348627,8 @@ rule SIGNATURE_BASE_Mithril_V1_45_Dlltest
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8304-L8317"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8304-L8317"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b9e518aaa62b15079ff6edb412b21e9"
logic_hash = "cf1e2ca39ae6b726792bbbaf0f1dd90788a4bb9ba5e3d50c22d75f2b3d4e9e7d"
score = 50
@@ -348241,8 +348653,8 @@ rule SIGNATURE_BASE_Dbgiis6Cli
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8318-L8330"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8318-L8330"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3044dceb632b636563f66fee3aaaf8f3"
logic_hash = "f6de3c9b8fbcca230540d1b41659ab02c9548df69f53fa9d5730ac7bb7dfe88a"
score = 75
@@ -348266,8 +348678,8 @@ rule SIGNATURE_BASE_Remview_2003_04_22
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8331-L8342"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8331-L8342"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "17d3e4e39fbca857344a7650f7ea55e3"
logic_hash = "2957f6ec7a022ac04759724276f6928625708346903597b0765b5e81207fc6b9"
score = 75
@@ -348290,8 +348702,8 @@ rule SIGNATURE_BASE_FSO_S_Test
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8343-L8355"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8343-L8355"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "82cf7b48da8286e644f575b039a99c26"
logic_hash = "62613bead716717f116290b1c9eca9aa63eadd280050811e30a54e5d186af2fc"
score = 50
@@ -348315,8 +348727,8 @@ rule SIGNATURE_BASE_Debug_Cress
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8356-L8368"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8356-L8368"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "36a416186fe010574c9be68002a7286a"
logic_hash = "670e236e72d3cb52ea5dba865749baee58a70f8d100db1dd8eddfe3183339181"
score = 75
@@ -348340,8 +348752,8 @@ rule SIGNATURE_BASE_Webshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8369-L8384"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8369-L8384"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f2f8c02921f29368234bfb4d4622ad19"
logic_hash = "e3fdce426d2f6e88d8e9412a3026ea05d027af934763eafe0188602458c2289d"
score = 75
@@ -348368,8 +348780,8 @@ rule SIGNATURE_BASE_FSO_S_EFSO_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8385-L8397"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8385-L8397"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a341270f9ebd01320a7490c12cb2e64c"
logic_hash = "462c713e5d4fb6d0db91b14bfacdca73f780559ba2dad80988c356ee1a3d369d"
score = 75
@@ -348393,8 +348805,8 @@ rule SIGNATURE_BASE_Thelast_Index3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8398-L8409"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8398-L8409"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cceff6dc247aaa25512bad22120a14b4"
logic_hash = "3700141ca2cf53f49618e2d4cab8866efccdce843921f1733b3d6260b8feea68"
score = 75
@@ -348417,8 +348829,8 @@ rule SIGNATURE_BASE_Adjustcr
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8410-L8424"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8410-L8424"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "17037fa684ef4c90a25ec5674dac2eb6"
logic_hash = "d2a86083ff5cb34a0453f812e2d316c63342e529f00099a8869fa7e0a43321ef"
score = 75
@@ -348444,8 +348856,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Xishell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8425-L8436"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8425-L8436"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "997c8437c0621b4b753a546a53a88674"
logic_hash = "13393bc72477ab9a4ebc16b409de8ed73e086cc41f25f34315d11401b63c2471"
score = 75
@@ -348468,8 +348880,8 @@ rule SIGNATURE_BASE_Hytop_Apppack_2005
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8437-L8448"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8437-L8448"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "63d9fd24fa4d22a41fc5522fc7050f9f"
logic_hash = "0de4800291132efca24b40bebcc895d6873110214c8cbf8384317208e0d9db82"
score = 75
@@ -348492,8 +348904,8 @@ rule SIGNATURE_BASE_Xssshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8449-L8460"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8449-L8460"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8fc0ffc5e5fbe85f7706ffc45b3f79b4"
logic_hash = "6b0e602b523f58ec61850b4ba2e69da4fe4bf2833fb45e529785a398445db127"
score = 75
@@ -348516,8 +348928,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Usr
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8461-L8472"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8461-L8472"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ade3357520325af50c9098dc8a21a024"
logic_hash = "f5fd4a4c1b531b23b09505d302dc27d7ba2eb733fcf313c04ba9085b090f7cbe"
score = 75
@@ -348540,8 +348952,8 @@ rule SIGNATURE_BASE_FSO_S_Phpinj
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8473-L8484"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8473-L8484"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dd39d17e9baca0363cc1c3664e608929"
logic_hash = "de4ac200f5426ec4c6fef21d5fbc37281811569a3e71a9bcb6fa51d13eb600a4"
score = 75
@@ -348564,8 +348976,8 @@ rule SIGNATURE_BASE_Xssshell_Db
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8485-L8496"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8485-L8496"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cb62e2ec40addd4b9930a9e270f5b318"
logic_hash = "3fdbaa17c12abef8576bf859065d90f4b6e80c187af734b71b26a1bd5d073e86"
score = 75
@@ -348588,8 +349000,8 @@ rule SIGNATURE_BASE_PHP_Sh
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8497-L8508"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8497-L8508"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1e9e879d49eb0634871e9b36f99fe528"
logic_hash = "da0b572f116cc5c55e8d7469f222896d602d09be4761a0e2139fc8ce67ac4050"
score = 75
@@ -348612,8 +349024,8 @@ rule SIGNATURE_BASE_Xssshell_Default
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8509-L8520"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8509-L8520"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d156782ae5e0b3724de3227b42fcaf2f"
logic_hash = "6a8772a8a6399c3266abcc22a3c55eda70ec9703346398f5f1768bbd35974f8c"
score = 75
@@ -348636,8 +349048,8 @@ rule SIGNATURE_BASE_Editserver_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8521-L8534"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8521-L8534"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5c1f25a4d206c83cdfb006b3eb4c09ba"
logic_hash = "c581936928ce0f1061feb5665c743f14f12a9f875e360f40cc064f3047b23adf"
score = 75
@@ -348662,8 +349074,8 @@ rule SIGNATURE_BASE_By064Cli
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8535-L8547"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8535-L8547"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "10e0dff366968b770ae929505d2a9885"
logic_hash = "51efd5c510efc6657ae175af47b09437ae70eb0237d88ffdf3cdae365d0ec7be"
score = 75
@@ -348687,8 +349099,8 @@ rule SIGNATURE_BASE_Mithril_Dlltest
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8548-L8560"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8548-L8560"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a8d25d794d8f08cd4de0c3d6bf389e6d"
logic_hash = "c8c8d1b75ed4eb4bc66a762e53aa6b3ab439e96ef464a8b9ffa4dff887986465"
score = 50
@@ -348712,8 +349124,8 @@ rule SIGNATURE_BASE_Peek_A_Boo
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8561-L8577"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8561-L8577"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aca339f60d41fdcba83773be5d646776"
logic_hash = "b103c1b873dd0df9626d72a1127fbadc821777a05012a080423263a2083c398b"
score = 75
@@ -348741,8 +349153,8 @@ rule SIGNATURE_BASE_Fmlibraryv3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8578-L8589"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8578-L8589"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c34c248fed6d5a20d8203924a2088acc"
logic_hash = "a7dc83db26cdda757f626c42022c17bb2764074a3cc5f87b4a3aaa991fac5dc2"
score = 75
@@ -348765,8 +349177,8 @@ rule SIGNATURE_BASE_Debug_Dlltest_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8590-L8602"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8590-L8602"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1b9e518aaa62b15079ff6edb412b21e9"
logic_hash = "bf260ce0f8d4728920679573cd77927b44db28ba6102923707af8d1ad7d0ef2d"
score = 50
@@ -348790,8 +349202,8 @@ rule SIGNATURE_BASE_Connector
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8603-L8615"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8603-L8615"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3ba1827fca7be37c8296cd60be9dc884"
logic_hash = "b8cadb7aa23a8cdef10e7b1eb05586d6c3e7c398958a80861b6f1ccd4edf1eca"
score = 75
@@ -348815,8 +349227,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Hiderun
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8616-L8628"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8616-L8628"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "45436d9bfd8ff94b71eeaeb280025afe"
logic_hash = "3a6dea2314800b28e92b59595c8b79c64e66dc66ebfa8f89c2f4028b574b9a91"
score = 75
@@ -348840,8 +349252,8 @@ rule SIGNATURE_BASE_PHP_Shell_V1_7
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8629-L8640"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8629-L8640"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5978501c7112584532b4ca6fb77cba5"
logic_hash = "e03904177309de9ce1afa0b12bf70913b106650c3db5807f9d4ccb91fb2ade77"
score = 75
@@ -348864,8 +349276,8 @@ rule SIGNATURE_BASE_Xssshell_Save
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8641-L8653"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8641-L8653"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "865da1b3974e940936fe38e8e1964980"
logic_hash = "c53034c6ebc4f01c4573e688f548e71dae944913797b12eb8f22a5ef0a368ccf"
score = 75
@@ -348889,8 +349301,8 @@ rule SIGNATURE_BASE_Screencap
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8654-L8667"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8654-L8667"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "51139091dea7a9418a50f2712ea72aa6"
logic_hash = "9be7ec97ef8e9b8838f7931a8fcf8d85b1543a202a7bf34fab9791fc47889cb9"
score = 75
@@ -348915,8 +349327,8 @@ rule SIGNATURE_BASE_FSO_S_Phpinj_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8668-L8679"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8668-L8679"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dd39d17e9baca0363cc1c3664e608929"
logic_hash = "12af5182b94f01ac4fbdee92c007556aaa7f196aca116575803cedd84b81f3b0"
score = 75
@@ -348939,8 +349351,8 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Zxrecv
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8680-L8697"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8680-L8697"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5d3d12a39f41d51341ef4cb7ce69d30f"
logic_hash = "7eef63e45f6902e4f2d5f854b2794df3101a2ef145e2d627263db429c2b728d7"
score = 75
@@ -348969,8 +349381,8 @@ rule SIGNATURE_BASE_FSO_S_Ajan
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8698-L8709"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8698-L8709"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "22194f8c44524f80254e1b5aec67b03e"
logic_hash = "a7766caae5845ce43cff2212c25fea9a78979d10c79d8c40290b5c1471b101cd"
score = 75
@@ -348993,8 +349405,8 @@ rule SIGNATURE_BASE_C99Shell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8710-L8721"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8710-L8721"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "90b86a9c63e2cd346fe07cea23fbfc56"
logic_hash = "a0fcc43a80ac4d059aea36da8b4b5a81c99a54f7c66c521697805ae890d66fe8"
score = 75
@@ -349017,8 +349429,8 @@ rule SIGNATURE_BASE_Phpspy_2005_Full
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8722-L8733"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8722-L8733"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d1c69bb152645438440e6c903bac16b2"
logic_hash = "8561161726a49374a9bc3389fef593e5d68dc437552e06736a235412183bef45"
score = 75
@@ -349041,8 +349453,8 @@ rule SIGNATURE_BASE_FSO_S_Zehir4_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8734-L8745"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8734-L8745"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b496a61363d304532bcf52ee21f5d55"
logic_hash = "bb10f2e28bb375366b9140c06bb242cd13fdb69e67ce72ecae0e50270566f116"
score = 75
@@ -349065,8 +349477,8 @@ rule SIGNATURE_BASE_FSO_S_Indexer_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8746-L8757"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8746-L8757"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "135fc50f85228691b401848caef3be9e"
logic_hash = "8cf4c8fb1e985adbed2cf20578fcfc14240f6d9fe6062bbe3fe2f895f58bc172"
score = 75
@@ -349089,8 +349501,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_2005
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8758-L8771"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8758-L8771"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "63d9fd24fa4d22a41fc5522fc7050f9f"
logic_hash = "b312cddff4c5292cc51acc39448c815fede3c9356d7d225c3a08c7124712b3f8"
score = 75
@@ -349115,8 +349527,8 @@ rule SIGNATURE_BASE__Root_040_Zip_Folder_Deploy
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8772-L8785"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8772-L8785"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2c9f9c58999256c73a5ebdb10a9be269"
logic_hash = "9852b105e6a28f5500fc6739b196dd14b9b0b69b1077be4063735380b0699abb"
score = 75
@@ -349140,8 +349552,8 @@ rule SIGNATURE_BASE_By063Cli
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8786-L8798"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8786-L8798"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "49ce26eb97fd13b6d92a5e5d169db859"
logic_hash = "c89159b73232bc8fd7430b3330009f4b3eb25b9511515bc9b4cd433f7a67f30e"
score = 75
@@ -349165,8 +349577,8 @@ rule SIGNATURE_BASE_Icyfox007V1_10_Rar_Folder_Asp
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8799-L8810"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8799-L8810"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2c412400b146b7b98d6e7755f7159bb9"
logic_hash = "3cc36668f0a2a6807b59c7da0b6e504b519a616ab63fb9f606eba5dc4a9e7e2f"
score = 75
@@ -349189,8 +349601,8 @@ rule SIGNATURE_BASE_Byshell063_Ntboot_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8812-L8823"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8812-L8823"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cb9eb5a6ff327f4d6c46aacbbe9dda9d"
logic_hash = "25df29000bb410c0ba1fec78920124f6eedbc2585541536239522d2b116270ab"
score = 75
@@ -349213,8 +349625,8 @@ rule SIGNATURE_BASE_U_Uay
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8824-L8836"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8824-L8836"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "abbc7b31a24475e4c5d82fc4c2b8c7c4"
logic_hash = "45e8938ce34fd5a253cee3867aa8c4429c6bf3fcc91098ed9df3f95656bc5f8f"
score = 75
@@ -349238,8 +349650,8 @@ rule SIGNATURE_BASE_Bin_Wuaus
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8837-L8853"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8837-L8853"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "46a365992bec7377b48a2263c49e4e7d"
logic_hash = "0509ca39662430c3ababf65ca3a6e9af95250163980829d90eddf5341168c864"
score = 75
@@ -349267,8 +349679,8 @@ rule SIGNATURE_BASE_Pwreveal
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8854-L8868"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8854-L8868"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b4e8447826a45b76ca45ba151a97ad50"
logic_hash = "01c9582897c65e608d49a151fe9ade97b9a031d7d10f5fd4b4d0c2a3fd83e7b6"
score = 75
@@ -349294,8 +349706,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Xwhois
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8869-L8883"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8869-L8883"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0bc98bd576c80d921a3460f8be8816b4"
logic_hash = "75ee56dae5fde75ae4dc4bba835a96016781b747f3cff0dc6d52e665463a6070"
score = 75
@@ -349321,8 +349733,8 @@ rule SIGNATURE_BASE_Vanquish_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8884-L8895"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8884-L8895"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2dcb9055785a2ee01567f52b5a62b071"
logic_hash = "428dc4e6d8bcc888e6f99f69ee9f211aa029d3486b99b9716d09709dc391d9a2"
score = 75
@@ -349345,8 +349757,8 @@ rule SIGNATURE_BASE_Down_Rar_Folder_Down
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8896-L8907"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8896-L8907"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "db47d7a12b3584a2e340567178886e71"
logic_hash = "bc666d6333d49a2b01553e1946fc304195193b9be92e26805474e64da61455da"
score = 75
@@ -349369,8 +349781,8 @@ rule SIGNATURE_BASE_Cmdshell
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8908-L8919"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8908-L8919"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8a9fef43209b5d2d4b81dfbb45182036"
logic_hash = "5e7c7537b355b162d58b8bce570b1f94a8e6b479856685a245ffaed8f9482680"
score = 75
@@ -349393,8 +349805,8 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Nc
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8920-L8934"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8920-L8934"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2cd1bf15ae84c5f6917ddb128827ae8b"
logic_hash = "6106758aedb33f8983f387a58fcd815c47f793cd2a7ea3b0ebed13dd1d5b6e83"
score = 75
@@ -349420,8 +349832,8 @@ rule SIGNATURE_BASE_Portlessinst
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8935-L8948"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8935-L8948"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "74213856fc61475443a91cd84e2a6c2f"
logic_hash = "72ca80de2ad2048d1fcbbffeebd0e4fd7d9d47d6736360674e6a85ef9943abe8"
score = 75
@@ -349446,8 +349858,8 @@ rule SIGNATURE_BASE_Setupbdoor
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8949-L8960"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8949-L8960"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "41f89e20398368e742eda4a3b45716b6"
logic_hash = "b4b6a0e4b9f8975d769d340a420af37dbc344d32c72447a8c56b05e985e6d806"
score = 75
@@ -349470,8 +349882,8 @@ rule SIGNATURE_BASE_Phpshell_3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8961-L8973"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8961-L8973"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e8693a2d4a2ffea4df03bb678df3dc6d"
logic_hash = "b86fa40fd7bbcae86926182882faa226530e44c20bc611b8433a7da7f012106c"
score = 75
@@ -349495,8 +349907,8 @@ rule SIGNATURE_BASE_BIN_Server
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8974-L8990"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8974-L8990"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1d5aa9cbf1429bb5b8bf600335916dcd"
logic_hash = "34f9d78e0f61717fae2945e7a833c2c6d59e28035ee95da2c5d32b4e196bc957"
score = 75
@@ -349524,8 +349936,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L8991-L9002"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L8991-L9002"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c19d6f4e069188f19b08fa94d44bc283"
logic_hash = "536232bbdd21bddb88eefe06a82927abcdd3ed10404c052957896960a6d10932"
score = 75
@@ -349548,8 +349960,8 @@ rule SIGNATURE_BASE_R57Shell_3
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9003-L9014"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9003-L9014"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "87995a49f275b6b75abe2521e03ac2c0"
logic_hash = "0fdca080c7ce57b7bd818a968840aebf3c5c74f188ed062fec794bfadb4e75b0"
score = 75
@@ -349572,8 +349984,8 @@ rule SIGNATURE_BASE_Hdconfig
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9015-L9030"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9015-L9030"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7d60e552fdca57642fd30462416347bd"
logic_hash = "9001f79db15548cf3ca931d0043d078db7d900ab26093afbf5cd44d0a85800f4"
score = 60
@@ -349600,8 +350012,8 @@ rule SIGNATURE_BASE_FSO_S_Ajan_2
date = "2016-02-15"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9031-L9043"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9031-L9043"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "22194f8c44524f80254e1b5aec67b03e"
logic_hash = "0ac31ee735c94289932369dfba5b408cbf71cc23fd48ce3e09dc7ce640a0d733"
score = 75
@@ -349625,8 +350037,8 @@ rule SIGNATURE_BASE_Webshell_And_Exploit_CN_APT_HK : WEBSHELL
date = "2014-10-10"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9045-L9060"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9045-L9060"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec3f1e985585e1bf77a46e971a20cd127064a64467761a5a570548dd63ec57e2"
score = 50
quality = 85
@@ -349650,8 +350062,8 @@ rule SIGNATURE_BASE_JSP_Browser_APT_Webshell
date = "2014-10-10"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9062-L9076"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9062-L9076"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a352bf394f1b4f70218650758db39225a5a505656299405ccd077592d29480a7"
score = 60
quality = 85
@@ -349675,8 +350087,8 @@ rule SIGNATURE_BASE_JSP_Jfigueiredo_APT_Webshell
date = "2014-12-10"
modified = "2025-11-03"
reference = "http://ceso.googlecode.com/svn/web/bko/filemanager/Browser.jsp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9078-L9091"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9078-L9091"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7efaca469d09ce7ecba4ed38cb0b07d1b9fc4f45172d2ffb6f5d3259c000fdc5"
score = 60
quality = 85
@@ -349698,8 +350110,8 @@ rule SIGNATURE_BASE_JSP_Jfigueiredo_APT_Webshell_2
date = "2014-12-10"
modified = "2025-11-03"
reference = "http://ceso.googlecode.com/svn/web/bko/filemanager/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9093-L9108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9093-L9108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f7fa5872d8eb4ba1d0b26d966d7650d70b1a10c56945d5a5340b8e1cb5d0f5f0"
score = 60
quality = 85
@@ -349723,8 +350135,8 @@ rule SIGNATURE_BASE_Webshell_Insomnia
date = "2014-12-09"
modified = "2025-11-03"
reference = "http://www.darknet.org.uk/2014/12/insomniashell-asp-net-reverse-shell-bind-shell/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9110-L9131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9110-L9131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e0cfb2ffaa1491aeaf7d3b4ee840f72d42919d22"
logic_hash = "d170c60f94092a38ba4af92283debd059eef2e4c683fd7737ffd60d1a2581d9c"
score = 80
@@ -349754,8 +350166,8 @@ rule SIGNATURE_BASE_Hawkeye_PHP_Panel : FILE
date = "2014-12-14"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9133-L9148"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9133-L9148"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e29b6df4e3aa3892b10e68218320ac76cecb5a1bbe6c48f2276014b972cbbdd8"
score = 60
quality = 85
@@ -349780,8 +350192,8 @@ rule SIGNATURE_BASE_Soaksoak_Infected_Wordpress
date = "2014-12-15"
modified = "2025-11-03"
reference = "http://goo.gl/1GzWUX"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9150-L9165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9150-L9165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4cba18a0d14be2795d71a1973265a1742beda57636f64c1974001ecf70e3e91d"
score = 60
quality = 85
@@ -349805,8 +350217,8 @@ rule SIGNATURE_BASE_Pastebin_Webshell
date = "2015-01-13"
modified = "2025-11-03"
reference = "http://goo.gl/7dbyZs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9167-L9189"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9167-L9189"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e71429e9280c37a90ee77be888ae743a86521d3632afc4eeec480b82a22a1445"
score = 70
quality = 85
@@ -349835,8 +350247,8 @@ rule SIGNATURE_BASE_Aspxspy2
date = "2015-01-24"
modified = "2025-11-03"
reference = "not set"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9191-L9217"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9191-L9217"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5642387d92139bfe9ae11bfef6bfe0081dcea197"
logic_hash = "59c88f8e2542dcde4bf5123147ea2c1ca408925ca966f3f34a4692a3ba7a0935"
score = 75
@@ -349872,8 +350284,8 @@ rule SIGNATURE_BASE_Webshell_27_9_C66_C99 : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9228-L9253"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9228-L9253"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71ae0a3843151a2eec913f62167b23cf9e0c759b18ebe0759174d3503fb23717"
score = 70
quality = 85
@@ -349907,8 +350319,8 @@ rule SIGNATURE_BASE_Webshell_Acid_Antisecshell_3 : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9255-L9287"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9255-L9287"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8c3fcde7afdafe8ead59e24e432fdd4ccae99f96f67b4be3e5a9cd74ff9b2e7"
score = 70
quality = 85
@@ -349949,8 +350361,8 @@ rule SIGNATURE_BASE_Webshell_C99_4 : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9289-L9320"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9289-L9320"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa095d8da737e24a913eeadaca2882475366bf5cf0911dd9ff44aaa04871cc0f"
score = 70
quality = 85
@@ -349990,8 +350402,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell_2 : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9322-L9349"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9322-L9349"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2af51c3d181801b14d5dbb3107cd78cf7ab4a590b7967f231ec707b7ee03fa26"
score = 70
quality = 85
@@ -350027,8 +350439,8 @@ rule SIGNATURE_BASE_Webshell_27_9_Acid_C99_Locus7S : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9351-L9373"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9351-L9373"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3005c09dfcb1f2e33a09ed73e28ef889c74e1f5daf619dd272e0b9b30cdb0f94"
score = 70
quality = 85
@@ -350059,8 +350471,8 @@ rule SIGNATURE_BASE_Webshell_Backdoor_PHP_Agent_R57_Mod_Bizzz_Shell_R57 : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9375-L9400"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9375-L9400"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51660ea25d1b2290c0ca30377dbf378cac8d7b7650603f1dbe5b7914c530d5cf"
score = 70
quality = 85
@@ -350094,8 +350506,8 @@ rule SIGNATURE_BASE_Webshell_C100 : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9402-L9426"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9402-L9426"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cc8c59f70f5ec6c89812b1597e9b864e358593ea5782e359cd483dee1a84b28b"
score = 70
quality = 85
@@ -350128,8 +350540,8 @@ rule SIGNATURE_BASE_Webshell_Acidpoison : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9428-L9451"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9428-L9451"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "31add38bcdc33d5e4b825bfa18ff1a47d5aa5aaeebd8e3adac533c471aa30629"
score = 70
quality = 85
@@ -350161,8 +350573,8 @@ rule SIGNATURE_BASE_Webshell_Acid_Fatalisticz_Fx_Fx_P0Ison_Sh3Ll_X0Rg_Byp4Ss_256
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9453-L9472"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9453-L9472"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "07cd255247c9a77b1c9b6049a2b96632252ea9572880b10991c6797c14a05d48"
score = 70
quality = 85
@@ -350190,8 +350602,8 @@ rule SIGNATURE_BASE_Webshell_Ayyildiz : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9474-L9493"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9474-L9493"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8441b7d730e337e002eeb7ae8f489e405409ddbe62f45bbc9a74c935d1d9fe66"
score = 70
quality = 85
@@ -350219,8 +350631,8 @@ rule SIGNATURE_BASE_Webshell_Zehir : FILE
date = "2016-01-11"
modified = "2025-11-03"
reference = "https://github.com/nikicat/web-malware-collection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9495-L9514"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9495-L9514"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8fda66ada3581d2471b322ae65032b68c69b882c29f7469dd2ed78800c9c5f7"
score = 70
quality = 85
@@ -350248,8 +350660,8 @@ rule SIGNATURE_BASE_Uploadshell_98038F1Efa4203432349Badabad76D44337319A6 : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9525-L9540"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9525-L9540"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "68f0de84a387a9af1a32dd8d38c66b002e16e1c954a51e6bc307580180faedbf"
score = 75
quality = 85
@@ -350274,8 +350686,8 @@ rule SIGNATURE_BASE_Dkshell_F0772Be3C95802A2D1E7A4A3F5A45Dcdef6997F3 : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9542-L9556"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9542-L9556"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "81b0a08d1b9d3640e656a5cd08b79c0a2f940a2db5c2d939d19509f993514e86"
score = 75
quality = 85
@@ -350299,8 +350711,8 @@ rule SIGNATURE_BASE_Unknown_8Af033424F9590A15472A23Cc3236E68070B952E : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9558-L9573"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9558-L9573"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d7dc9a2a5e0800b5061cb2101d7cda023a6e637f1e7b14054fdb6a0b2cec6084"
score = 75
quality = 85
@@ -350325,8 +350737,8 @@ rule SIGNATURE_BASE_Dkshell_4000Bd83451F0D8501A9Dfad60Dce39E55Ae167D : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9575-L9593"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9575-L9593"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26d586e32d1b0b7800b4b61f592dadc3dd0583628e4cd3fa4e24e02067077da5"
score = 75
quality = 85
@@ -350353,8 +350765,8 @@ rule SIGNATURE_BASE_Webshell_5786D7D9F4B0Df731D79Ed927Fb5A124195Fc901 : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9595-L9609"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9595-L9609"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "348ccdf997965fbea791d835f1dd4e2c16d37a17ff4195e585fa4226f18faad6"
score = 75
quality = 85
@@ -350378,8 +350790,8 @@ rule SIGNATURE_BASE_Webshell_E8Eaf8Da94012E866E51547Cd63Bb996379690Bf : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9611-L9626"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9611-L9626"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "044491f0b07ef606aa76e70a07d161565f9cecf73e8f9f8db63cacc1c475b056"
score = 75
quality = 85
@@ -350404,8 +350816,8 @@ rule SIGNATURE_BASE_Unknown_0F06C5D1B32F4994C3B3Abf8Bb76D5468F105167 : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9628-L9643"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9628-L9643"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f4bdf8aecd527335c29a8e964c7d8688c3e77419595d3fd10a6cf3704711816"
score = 75
quality = 85
@@ -350430,8 +350842,8 @@ rule SIGNATURE_BASE_Wsoshell_0Bbebaf46F87718Caba581163D4Beed56Ddf73A7 : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9645-L9659"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9645-L9659"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf5090fb909fea690c8a2af3cca35136eda3b9773976189158c25fb8877cc266"
score = 75
quality = 85
@@ -350455,8 +350867,8 @@ rule SIGNATURE_BASE_Webshell_Generic_1609_A : FILE
date = "2016-09-10"
modified = "2025-11-03"
reference = "https://github.com/bartblaze/PHP-backdoors"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9661-L9676"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9661-L9676"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e5a4bba3a7b1c712203fcc8b85e4089b0ff18a26e96f5a04529616dbfb9de651"
score = 75
quality = 85
@@ -350481,8 +350893,8 @@ rule SIGNATURE_BASE_Nishang_Webshell : FILE
date = "2016-09-11"
modified = "2025-11-03"
reference = "https://github.com/samratashok/nishang"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9678-L9693"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9678-L9693"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b8a3c8e80a4e41e556e2d65df4126d84723ded6ca623302afc4cc328bded346c"
score = 75
quality = 85
@@ -350507,8 +350919,8 @@ rule SIGNATURE_BASE_PHP_Webshell_1_Feb17 : FILE
date = "2017-02-28"
modified = "2025-11-03"
reference = "https://isc.sans.edu/diary/Analysis+of+a+Simple+PHP+Backdoor/22127"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9705-L9726"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9705-L9726"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8576b20ec3f81b3ef0aa5a508c94e07d591d68767cb4598ad10778b4305915d"
score = 75
quality = 85
@@ -350536,8 +350948,8 @@ rule SIGNATURE_BASE_Webshell_Tiny_JSP_2 : FILE
date = "2015-12-05"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9728-L9740"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9728-L9740"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6fd514df9d53293a8cfd4b9c807f993558e39979592aa221f18cd76079c00fb7"
score = 100
quality = 85
@@ -350559,8 +350971,8 @@ rule SIGNATURE_BASE_Wordpress_Config_Webshell_Preprend : FILE
date = "2017-06-25"
modified = "2025-11-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9752-L9774"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9752-L9774"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "97d7b85fa191380fe8b26ea60c8735a8f7179acc3a496ff0fc0dc5eefde2fe8a"
score = 65
quality = 85
@@ -350585,8 +350997,8 @@ rule SIGNATURE_BASE_PAS_Webshell_Encoded : FILE
date = "2017-07-11"
modified = "2025-11-03"
reference = "http://blog.talosintelligence.com/2017/07/the-medoc-connection.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9785-L9820"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9785-L9820"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "59f4f8caa60c2367b46f6af1aefa62e03e228b382ff58be3a27dad527a685eca"
score = 80
quality = 85
@@ -350618,8 +351030,8 @@ rule SIGNATURE_BASE_ALFA_SHELL : FILE
date = "2017-09-21"
modified = "2025-11-03"
reference = "Internal Research - APT33"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9832-L9850"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9832-L9850"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "651568b2b95c9e5c2b60fb3245e5afe4290235979e3df15bad96ccd08ae234ef"
score = 75
quality = 85
@@ -350647,8 +351059,8 @@ rule SIGNATURE_BASE_Webshell_FOPO_Obfuscation_APT_ON_Nov17_1 : FILE
date = "2017-11-17"
modified = "2025-11-03"
reference = "Internal Research - ON"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9852-L9871"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9852-L9871"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c5bc3ee0218d4ce6902e49d7f938264ecd158f1f458e2fcef878f06f003ed08"
score = 75
quality = 85
@@ -350673,8 +351085,8 @@ rule SIGNATURE_BASE_Webshell_Jexboss_JSP_1 : FILE
date = "2018-11-08"
modified = "2025-11-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9873-L9890"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9873-L9890"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f540bbc88bffd0c961837416bd5166fd3cb54b6124ffffbf1cd60e49ab01bd30"
score = 75
quality = 85
@@ -350700,8 +351112,8 @@ rule SIGNATURE_BASE_Webshell_Jexboss_WAR_1 : FILE
date = "2018-11-08"
modified = "2025-11-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9892-L9915"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9892-L9915"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee9cb22496d2e36d215caa9c7e295b41cb8434322a0097bbc3d1a365dce0c156"
score = 75
quality = 85
@@ -350734,8 +351146,8 @@ rule SIGNATURE_BASE_Webshell_Tinyasp : FILE
date = "2019-01-09"
modified = "2025-11-03"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9917-L9928"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9917-L9928"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8b7db89ea623d5bcf14476779df727827cfc752d4c6ba4208445fd7305e6943"
score = 75
quality = 83
@@ -350757,8 +351169,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Mar21_1 : FILE
date = "2021-03-12"
modified = "2025-11-03"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor-webshells.yar#L9930-L9956"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor-webshells.yar#L9930-L9956"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c20163871bf424c0b594c4b75d35e782df03761552f792474761c603ddb8478"
score = 75
quality = 85
@@ -350791,8 +351203,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_LNX_Macos_Lockbit_Apr23_1 : FILE
date = "2023-04-15"
modified = "2023-12-05"
reference = "https://twitter.com/malwrhunterteam/status/1647384505550876675?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lockbit_lnx_macos_apr23.yar#L2-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lockbit_lnx_macos_apr23.yar#L2-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d838e8b207b97d7c335dc4066de2c6dc87f7adc9cac31742677edbe85386cf7"
score = 85
quality = 85
@@ -350831,8 +351243,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Apr23_1
date = "2023-04-17"
modified = "2023-12-05"
reference = "https://objective-see.org/blog/blog_0x75.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lockbit_lnx_macos_apr23.yar#L43-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lockbit_lnx_macos_apr23.yar#L43-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd5bffa5571abfd1446b065d26c8c23f00fe1376d505af539c6f37356014a86f"
score = 75
quality = 85
@@ -350859,8 +351271,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Locker_LOG_Apr23_1
date = "2023-04-17"
modified = "2023-12-05"
reference = "https://objective-see.org/blog/blog_0x75.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lockbit_lnx_macos_apr23.yar#L69-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lockbit_lnx_macos_apr23.yar#L69-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d5f96e601150209382d3f6458863bc79768beb99b587aa8d9ba37cb2c11ef634"
score = 75
quality = 85
@@ -350884,8 +351296,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Forensicartifacts_Apr23_1
date = "2023-04-17"
modified = "2023-12-05"
reference = "https://objective-see.org/blog/blog_0x75.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_lockbit_lnx_macos_apr23.yar#L86-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_lockbit_lnx_macos_apr23.yar#L86-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "81021f8c9aed17c007d7329a598c644a706fa9750818c8974984eefcba8d06c2"
score = 75
quality = 85
@@ -350908,8 +351320,8 @@ rule SIGNATURE_BASE_Beepservice_Hacktool : FILE
date = "2016-05-12"
modified = "2023-12-05"
reference = "https://goo.gl/p32Ozf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_beepservice.yar#L10-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_beepservice.yar#L10-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "176136e8a5ffec258caebf8d6b452b556093c5998414a7c9a4451ad78482f862"
score = 85
quality = 85
@@ -350938,8 +351350,8 @@ rule SIGNATURE_BASE_Quasar_RAT_1 : FILE
date = "2017-04-07"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_quasar_rat.yar#L10-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_quasar_rat.yar#L10-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7cceccb7c283774318f6285b482a422566f4f821eb51d564104205783401931a"
score = 75
quality = 85
@@ -350971,8 +351383,8 @@ rule SIGNATURE_BASE_Quasar_RAT_2 : FILE
date = "2017-04-07"
modified = "2023-12-05"
reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_quasar_rat.yar#L35-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_quasar_rat.yar#L35-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b113cb63b0bb75766c905dd3b327b1b2df228733622df8f7517d3daed72432a3"
score = 75
quality = 85
@@ -351005,8 +351417,8 @@ rule SIGNATURE_BASE_MAL_Quasarrat_May19_1 : FILE
date = "2019-05-27"
modified = "2023-01-06"
reference = "https://blog.ensilo.com/uncovering-new-activity-by-apt10"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_quasar_rat.yar#L61-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_quasar_rat.yar#L61-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a189bce433c71d45fd7f5d7fc284fc5b35c88a7ec616dd392d0e931165263aca"
score = 75
quality = 85
@@ -351042,8 +351454,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Robinhood_May19_1 : FILE
date = "2019-05-15"
modified = "2023-12-05"
reference = "https://twitter.com/BThurstonCPTECH/status/1128489465327030277"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_robinhood.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_robinhood.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5eef71b94f2488dceff80ec2daba689c12d13b2742ba9ae5ead58711339d6026"
score = 75
quality = 85
@@ -351072,8 +351484,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_1 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L10-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L10-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94"
logic_hash = "d8044761fa51f2afd16eb096aa9e896483387c47e10ce922f2ef32ebcbd1a520"
score = 60
@@ -351106,8 +351518,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_2 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L36-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L36-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8d80f9ef55324212759f4b6070cb8fce18a008ae9dd8b9598553206654d13a6f"
logic_hash = "3a796199a2e9f2711e5fbdc1050234a8f3c09f762bc645f49a705d9f112d9cdc"
score = 60
@@ -351137,8 +351549,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_3 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L59-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L59-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0"
logic_hash = "16d511412576df2eb6d9646856d37bd94af7648cc602510696b74fa0534e405d"
score = 60
@@ -351169,8 +351581,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_4 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L85-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L85-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45"
logic_hash = "4882b7c5f469615436490cd628ee3bb5b0dded43fb556ac6477cdadc6c8eff05"
score = 60
@@ -351201,8 +351613,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_5 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L110-L133"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L110-L133"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1604e36ccef5fa221b101d7f043ad7f856b84bf1a80774aa33d91c2a9a226206"
logic_hash = "57792a54c96c59a1e9ed961715c72187936aee6f001c2ed4f95ca84e799e9c8c"
score = 60
@@ -351234,8 +351646,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_6 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L135-L149"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L135-L149"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4bd548fe07b19178281edb1ee81c9711525dab03dc0b6676963019c44cc75865"
logic_hash = "7dc7f9815f2b2c934ecf93f5813bdb87364b2b9e2a5aebc04f76cfff43e46d30"
score = 60
@@ -351258,8 +351670,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_7 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L151-L176"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L151-L176"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c"
logic_hash = "8a081932be8fd03c37a87486570a02a31756ba6bd125dbed7da9703197447ea5"
score = 60
@@ -351293,8 +351705,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_9 : FILE
date = "2015-07-10"
modified = "2023-01-06"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L203-L223"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L203-L223"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e"
logic_hash = "2029c94088e075cbcbae8d7d514cfc56add022d8776e59f04824d9ce9fd12794"
score = 60
@@ -351322,8 +351734,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_10 : FILE
date = "2015-07-10"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L225-L267"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L225-L267"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1d3bdabb350ba5a821849893dabe5d6056bf7ba1ed6042d93174ceeaa5d6dad7"
logic_hash = "b282b6892f9cb6769bf0e302deaa8062fd69bfd51144bc06fc9501fde9537dae"
score = 60
@@ -351369,8 +351781,8 @@ rule SIGNATURE_BASE_APT_MAL_Wildneutron_Javacpl : FILE
modified = "2023-01-06"
old_rule_name = "WildNeutron_javacpl"
reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_wildneutron.yar#L272-L300"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_wildneutron.yar#L272-L300"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c9cb6ab956d29df9f59520262ab308a0256747cc3c898979347304950e093098"
score = 60
quality = 85
@@ -351401,8 +351813,8 @@ rule SIGNATURE_BASE_APT_IN_TA397_Wmrat : HUNTING
date = "2024-11-20"
modified = "2025-01-17"
reference = "https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta397_dec24.yar#L2-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta397_dec24.yar#L2-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3bf4bbd5564f4381820fb8da5810bd4d9718b5c80a7e8f055961007c6f30da2b"
hash = "3e9a08972b8ec9c2e64eeb46ce1db92ae3c40bc8de48d278ba4d436fc3c8b3a4"
hash = "40ddb4463be9d8131f363fd78e21d9de5d838a3ec4044526aea45a473d6ddd61"
@@ -351486,8 +351898,8 @@ rule SIGNATURE_BASE_SUSP_RAR_NTFS_ADS : HUNTING FILE
date = "2024-12-17"
modified = "2025-01-17"
reference = "https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ta397_dec24.yar#L82-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ta397_dec24.yar#L82-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bcca4771e8f940ce8cfcff08284545fec6163df549e1fb589d89ca3fa335f04c"
score = 70
quality = 83
@@ -351523,8 +351935,8 @@ rule SIGNATURE_BASE_Trojandownloader : FILE
date = "2015-02-11"
modified = "2023-12-05"
reference = "http://goo.gl/wJ8V1I"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_generic.yar#L4-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_generic.yar#L4-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b8d4280ff6fc9c8e1b9593cbaeb04a29e64a81e"
logic_hash = "4911098beea1d348d41d6a38c03b343bb7b8a8090ba664fd4b0747045127c686"
score = 60
@@ -351568,8 +351980,8 @@ rule SIGNATURE_BASE_Ismdoor_Jul17_A2 : FILE
date = "2017-08-01"
modified = "2023-12-05"
reference = "https://twitter.com/Voulnet/status/892104753295110145"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_generic.yar#L54-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_generic.yar#L54-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7944f690be190927c905d3b3c6e26765504af9fcfb445cf70c8899af115d5001"
score = 75
quality = 85
@@ -351596,8 +352008,8 @@ rule SIGNATURE_BASE_Unknown_Malware_Sample_Jul17_2 : FILE
date = "2017-08-01"
modified = "2023-12-05"
reference = "https://goo.gl/iqH8CK"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_generic.yar#L73-L89"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_generic.yar#L73-L89"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "966e14331fa89f2cdb5593a0c10227264085ee127deed28341e395ba6845e19d"
score = 75
quality = 85
@@ -351623,8 +352035,8 @@ rule SIGNATURE_BASE_MAL_Unspecified_Jan18_1 : FILE
date = "2018-01-19"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_malware_generic.yar#L91-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_malware_generic.yar#L91-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd4f7247473e04c348b49970ee3a6fd01415f005ac6dc7a79fbf937a693a80f4"
score = 75
quality = 85
@@ -351653,8 +352065,8 @@ rule SIGNATURE_BASE_Emissary_APT_Malware_1 : FILE
date = "2016-01-02"
modified = "2023-12-05"
reference = "http://goo.gl/V0epcf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_emissary.yar#L8-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_emissary.yar#L8-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cab20ac0c17dcc5cb9d0c9f4cffe47e5880acd9dee935cb0eb1ef59579a23f17"
score = 75
quality = 85
@@ -351698,8 +352110,8 @@ rule SIGNATURE_BASE_EXPL_Citrix_Netscaler_ADC_Forensicartifacts_CVE_2023_3519_Ju
date = "2023-07-21"
modified = "2023-12-05"
reference = "https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L27-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L27-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "48d4225d0935084003f7a98c554d7c4722a91290dfe190001da52bce332b3f7d"
score = 70
quality = 85
@@ -351722,8 +352134,8 @@ rule SIGNATURE_BASE_EXPL_Citrix_Netscaler_ADC_Forensicartifacts_CVE_2023_3519_Ju
date = "2023-07-24"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L43-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L43-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e78e1a788503b841ed0f4e5cd415eb35d8911092778120d7fd061ed20820da37"
score = 70
quality = 85
@@ -351750,11 +352162,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Citrix_Netscaler_ADC_Exploitation_Attempt_CVE_2023_
date = "2023-07-27"
modified = "2023-12-05"
reference = "https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L63-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L63-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ad3164c5b2616b12a513a2bb3736d530769e75fca03346a72351a27b8343b2a"
score = 65
- quality = 60
+ quality = 85
tags = "CVE-2023-3519"
strings:
@@ -351773,8 +352185,8 @@ rule SIGNATURE_BASE_WEBSHELL_SECRETSAUCE_Jul23_1 : CVE_2023_3519 FILE
date = "2023-07-24"
modified = "2023-12-05"
reference = "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L79-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L79-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c762d46ae43a3e10453c2ee17039812a06086ac85bdb000cf8308f5196a9dee2"
score = 85
quality = 85
@@ -351800,8 +352212,8 @@ rule SIGNATURE_BASE_APT_MAL_APT27_Rshell_Jul24 : MALWARE RSHELL___SYSUPDATE FILE
date = "2024-07-11"
modified = "2024-12-12"
reference = "https://x.com/bfv_bund/status/1811364839656185985?s=12&t=C0_T_re0wRP_NfKa27Xw9w"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt27_rshell.yar#L2-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt27_rshell.yar#L2-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "be5f6281d722bd07e53acd459c794fe3ae870a05ed8979de4c28d357110617bd"
score = 75
quality = 85
@@ -351838,8 +352250,8 @@ rule SIGNATURE_BASE_Shamoon2_Wiper : FILE
date = "2016-12-01"
modified = "2023-12-05"
reference = "https://goo.gl/jKIfGB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shamoon2.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shamoon2.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "245b03d9606f2e391f53a60aa333c6b037aa1f013794d83b761813d54782b885"
score = 70
quality = 85
@@ -351866,8 +352278,8 @@ rule SIGNATURE_BASE_Shamoon2_Comcomp : FILE
date = "2016-12-01"
modified = "2023-12-05"
reference = "https://goo.gl/jKIfGB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shamoon2.yar#L30-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shamoon2.yar#L30-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "edebdbcf17bd9fadc67c7d76839cf569f0ea20127d4e0d216411c35e9ba54208"
score = 70
quality = 85
@@ -351893,8 +352305,8 @@ rule SIGNATURE_BASE_Eldos_Rawdisk : FILE
date = "2016-12-01"
modified = "2023-01-27"
reference = "https://goo.gl/jKIfGB"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shamoon2.yar#L50-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shamoon2.yar#L50-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab09371b91ab6889f342c7992108ad374b5ecf67b6c2144a6282670f177d0f15"
score = 50
quality = 85
@@ -351926,8 +352338,8 @@ rule SIGNATURE_BASE_Coreimpact_Sysdll_Exe
date = "2014-12-27"
modified = "2023-01-06"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_coreimpact_agent.yar#L6-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_coreimpact_agent.yar#L6-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f89a4d4ae5cca6d69a5256c96111e707"
logic_hash = "332b68e797e8ee3e26d797e106ae31e7240585ccb0ea599bebd8ac8f94313eab"
score = 70
@@ -351956,8 +352368,8 @@ rule SIGNATURE_BASE_MAL_Avemaria_RAT_Jul19 : FILE
date = "2019-07-01"
modified = "2023-12-05"
reference = "https://twitter.com/abuse_ch/status/1145697917161934856"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_avemaria_rat.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_avemaria_rat.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a848ec579db6a07faeab5c855a56889b4bfeaa2958d0388f7fe8c6dcdea7e457"
score = 75
quality = 85
@@ -351981,8 +352393,8 @@ rule SIGNATURE_BASE_Gen_Python_Pyminifier_Encoded_Payload : FILE
date = "2019-12-16"
modified = "2023-12-05"
reference = "https://github.com/liftoff/pyminifier"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_python_pyminifier_encoded_payload.yar#L1-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_python_pyminifier_encoded_payload.yar#L1-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "01df8765ea35db382d1dd67a502bf1d9647d8fe818ec31abff41c7e41c2816c0"
hash = "15d201152a9465497a0f9dd6939e48315b358702c5e2a3c506ad436bb8816da7"
hash = "ab91f76394ddf866cc0b315d862a19b57ded93be5dfc2dd0a81e6a43d0c5f301"
@@ -352013,8 +352425,8 @@ rule SIGNATURE_BASE_Irontiger_Aspxspy : HIGHVOL
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L1-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L1-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b5830d3fd6aa346b27788cd4abd581b4724fecc4e880b14dd7b1dd27ef1eea3"
score = 75
quality = 85
@@ -352036,8 +352448,8 @@ rule SIGNATURE_BASE_Irontiger_Changeport_Toolkit_Driversinstall : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L15-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L15-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ae32596da4f98a0ec2556c2cd87fc7a0f85c37ce96c7163664f2e8cc3ec498d"
score = 75
quality = 85
@@ -352061,8 +352473,8 @@ rule SIGNATURE_BASE_Irontiger_Changeport_Toolkit_Changeportexe : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L31-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L31-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5a5a1cff372d97bfa281d297b6230279cd1526c5df636efe4dec3aa3d923edf"
score = 75
quality = 85
@@ -352087,8 +352499,8 @@ rule SIGNATURE_BASE_Irontiger_Dllshellexc2010 : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L48-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L48-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b75477f01627ac05013c5e4ccb1d58a6bb25bfbe83ad0cec392140d44637a028"
score = 75
quality = 85
@@ -352113,8 +352525,8 @@ rule SIGNATURE_BASE_Irontiger_Dnstunnel : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L65-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L65-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "84b7dec3a89fe309149c7a3141279755adafbf793521c7b9b4031827f1020d7d"
score = 75
quality = 85
@@ -352143,8 +352555,8 @@ rule SIGNATURE_BASE_Irontiger_EFH3_Encoder : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L86-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L86-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e620222f815a6c915e372c11d28c480179fd2abdb139ed6984ca5a7a61b8088c"
score = 75
quality = 85
@@ -352167,8 +352579,8 @@ rule SIGNATURE_BASE_Irontiger_Getpassword_X64 : FILE
date = "2023-01-06"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L101-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L101-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2adabc629fcd4bc89a015874376daf51b2a367bb13ec25e917e5d899080d8a74"
score = 75
quality = 85
@@ -352195,8 +352607,8 @@ rule SIGNATURE_BASE_Irontiger_Gtalk_Trojan : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L121-L135"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L121-L135"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b6139d34ad91db2e418668be9ca947442ff614a241f0c1aa61f8334af5421c0"
score = 75
quality = 85
@@ -352220,8 +352632,8 @@ rule SIGNATURE_BASE_Irontiger_HTTP_SOCKS_Proxy_Soexe : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L137-L152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L137-L152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f262751727de3d47a8d7cdc1f8ba8d92f4f60e22bc4e897bd5e53a8f2c118c95"
score = 75
quality = 85
@@ -352246,8 +352658,8 @@ rule SIGNATURE_BASE_Irontiger_Nbddos_Gh0Stvariant_Dropper : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L154-L169"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L154-L169"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e877c52d5cb0067388e9a138f48dcf7d3bd6d7d491eea6acffb2527ba0a906c7"
score = 75
quality = 85
@@ -352272,8 +352684,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Dosemulator : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L171-L185"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L171-L185"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "502adc142b0f7a2980b4b851f2360086cec855b5e9851a6e9afbaba1846d11ed"
score = 75
quality = 85
@@ -352297,8 +352709,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Fastproxy : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L187-L203"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L187-L203"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6659595f65b445d2bd69b13b8d01c2dd78b5c055fa39f810a61646d9408df2ff"
score = 75
quality = 85
@@ -352324,8 +352736,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Server : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L205-L225"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L205-L225"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14b3f3b75cf6d042934e6916c99fe41d54065d59be6eb30b3cecc799997ac9d4"
score = 75
quality = 85
@@ -352355,8 +352767,8 @@ rule SIGNATURE_BASE_Irontiger_Readpwd86 : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L227-L240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L227-L240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c188b033aee6b7e811c125af545aa7851cd45ba02e057ee93967fa98d1c13947"
score = 75
quality = 85
@@ -352379,8 +352791,8 @@ rule SIGNATURE_BASE_Irontiger_Ring_Gh0Stvariant : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L242-L257"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L242-L257"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6df729e3b472d3930f5bc4a1b5b8736567df43b78bec3401f5d41bf7ba30d93b"
score = 75
quality = 85
@@ -352405,8 +352817,8 @@ rule SIGNATURE_BASE_Irontiger_Wmiexec
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/T5fSJC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_irontiger_trendmicro.yar#L259-L276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_irontiger_trendmicro.yar#L259-L276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7988b993345e13b64e5f02ecd2679fc484b063a4cd2f18b52d00d2dfa34d82cb"
score = 75
quality = 85
@@ -352433,8 +352845,8 @@ rule SIGNATURE_BASE_APT_UNC5221_Ivanti_Forensicartifacts_Jan24_1 : FILE
date = "2024-01-11"
modified = "2024-04-24"
reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_report_ivanti_mandiant_jan24.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_report_ivanti_mandiant_jan24.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7f485f41072f5584dc76e71564e13066d9fe41685f33bff9c2886fa7d2155f94"
score = 75
quality = 85
@@ -352457,8 +352869,8 @@ rule SIGNATURE_BASE_M_Hunting_Backdoor_ZIPLINE_1 : FILE
date = "2024-01-11"
modified = "2024-04-24"
reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_report_ivanti_mandiant_jan24.yar#L18-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_report_ivanti_mandiant_jan24.yar#L18-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "41857ba465dd1f2e1aa8c1eed36b73606385eeedf233fd480bb8a4ef15499174"
score = 75
quality = 85
@@ -352484,8 +352896,8 @@ rule SIGNATURE_BASE_M_Hunting_Dropper_WIREFIRE_1 : FILE
date = "2024-01-11"
modified = "2024-04-24"
reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_report_ivanti_mandiant_jan24.yar#L40-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_report_ivanti_mandiant_jan24.yar#L40-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6de651357a15efd01db4e658249d4981"
logic_hash = "c389a666bd093cdd7700385da43c8fa58b9f3d899e658c516df0f3aca439401d"
score = 75
@@ -352511,8 +352923,8 @@ rule SIGNATURE_BASE_M_Hunting_Webshell_LIGHTWIRE_2 : FILE
date = "2024-01-11"
modified = "2024-01-12"
reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_report_ivanti_mandiant_jan24.yar#L60-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_report_ivanti_mandiant_jan24.yar#L60-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3d97f55a03ceb4f71671aa2ecf5b24e9"
logic_hash = "37b22a6c45dd53bc7b3f0c75cc5072e990246fea24591d192176c0b496e92084"
score = 75
@@ -352538,8 +352950,8 @@ rule SIGNATURE_BASE_M_Hunting_Dropper_THINSPOOL_1 : FILE
date = "2024-01-11"
modified = "2024-04-24"
reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_report_ivanti_mandiant_jan24.yar#L83-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_report_ivanti_mandiant_jan24.yar#L83-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "677c1aa6e2503b56fe13e1568a814754"
logic_hash = "a8043822cd36a802ba6656c42085f09d67cedb0689c9da48438d788b320bd6c0"
score = 75
@@ -352564,8 +352976,8 @@ rule SIGNATURE_BASE_M_Hunting_Credtheft_WARPWIRE_1 : FILE
date = "2024-01-11"
modified = "2024-04-24"
reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_report_ivanti_mandiant_jan24.yar#L102-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_report_ivanti_mandiant_jan24.yar#L102-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d0c7a334a4d9dcd3c6335ae13bee59ea"
logic_hash = "8029df5998166ab3db3319b0dd765ef3356b4b44dc16d2d418015a0f7ffac97e"
score = 75
@@ -352592,8 +353004,8 @@ rule SIGNATURE_BASE_SUSP_Adobepdf_SFX_Bitmap_Combo_Executable : FILE
date = "2020-11-02"
modified = "2023-12-05"
reference = "https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_icon_anomalies.yar#L3-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_icon_anomalies.yar#L3-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac515d698507be6085684a6ec4622c6f3c26d0c3a0d94cbbeacfab7dfb9fe135"
score = 60
quality = 85
@@ -352633,8 +353045,8 @@ rule SIGNATURE_BASE_SUSP_Adobepdf_Bitmap_Executable : FILE
date = "2020-11-02"
modified = "2023-12-05"
reference = "https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_icon_anomalies.yar#L39-L68"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_icon_anomalies.yar#L39-L68"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8ef5ce2e876565c7d6367ce555d00bd3535699f1907f867811f2f6749672c67"
score = 60
quality = 85
@@ -352668,8 +353080,8 @@ rule SIGNATURE_BASE_VULN_PHP_Hack_Backdoored_Phpass_May21 : FILE
date = "2022-05-24"
modified = "2023-12-05"
reference = "https://twitter.com/s0md3v/status/1529005758540808192"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_backdoor_antitheftweb.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_backdoor_antitheftweb.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d9669dadc698c6fa63d61857f9ada16a9303aa8bf4139bec75104f2e9f00a36a"
score = 75
quality = 85
@@ -352690,8 +353102,8 @@ rule SIGNATURE_BASE_VULN_Python_Hack_Backdoored_Ctx_May21 : FILE
date = "2022-05-24"
modified = "2023-12-05"
reference = "https://twitter.com/s0md3v/status/1529005758540808192"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vul_backdoor_antitheftweb.yar#L16-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vul_backdoor_antitheftweb.yar#L16-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f8047eb4e0420e4ec01fb038acdc4abdcc3aa4dada5ce072d20f78acac942079"
score = 75
quality = 85
@@ -352715,8 +353127,8 @@ rule SIGNATURE_BASE_Crowdstrike_Shamoon_Droppedfile
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shamoon.yar#L1-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shamoon.yar#L1-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed550832b217f7edceea2edf7c4453925ed1759d97db7728f7face6ff10ee361"
score = 75
quality = 85
@@ -352741,8 +353153,8 @@ rule SIGNATURE_BASE_Windowsshell_S3 : FILE
date = "2016-03-26"
modified = "2023-12-05"
reference = "https://github.com/odzhan/shells/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winshells.yar#L10-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winshells.yar#L10-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "344575a58db288c9b5dacc654abc36d38db2e645acff05e894ff51183c61357d"
logic_hash = "b9274f909b50247a4f5111a14806faadba7814e26805bef7d61eaaf8be4b46ed"
score = 75
@@ -352773,8 +353185,8 @@ rule SIGNATURE_BASE_Windosshell_S1 : FILE
date = "2016-03-26"
modified = "2023-12-05"
reference = "https://github.com/odzhan/shells/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winshells.yar#L33-L53"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winshells.yar#L33-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4a397497cfaf91e05a9b9d6fa6e335243cca3f175d5d81296b96c13c624818bd"
logic_hash = "29fcddc549c615ca5cdda60272926671bc1446c3c7b51c9a2fd867b6b68858b2"
score = 75
@@ -352804,8 +353216,8 @@ rule SIGNATURE_BASE_Windowsshell_S4 : FILE
date = "2016-03-26"
modified = "2023-12-05"
reference = "https://github.com/odzhan/shells/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winshells.yar#L55-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winshells.yar#L55-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f00a1af494067b275407c449b11dfcf5cb9b59a6fac685ebd3f0eb193337e1d6"
logic_hash = "fff280debdd32a736e37a73800f226bf6def5dd107abd1d9237d92904622c9ec"
score = 75
@@ -352835,8 +353247,8 @@ rule SIGNATURE_BASE_Windowsshell_Gen : FILE
date = "2016-03-26"
modified = "2023-12-05"
reference = "https://github.com/odzhan/shells/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winshells.yar#L79-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winshells.yar#L79-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "753dd12f649bcbfcc2c60a2f3be27df5297a671a0ee1856093eed04113616581"
score = 75
quality = 85
@@ -352866,8 +353278,8 @@ rule SIGNATURE_BASE_Windowsshell_Gen2 : FILE
date = "2016-03-26"
modified = "2023-12-05"
reference = "https://github.com/odzhan/shells/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winshells.yar#L101-L122"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winshells.yar#L101-L122"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c5ce27554b2ee25b974b567ef5a9ae877906250073da477f0ab5d71d162ac81a"
score = 75
quality = 85
@@ -352898,8 +353310,8 @@ rule SIGNATURE_BASE_MAL_Envrial_Jan18_1 : FILE
date = "2018-01-21"
modified = "2023-12-05"
reference = "https://twitter.com/malwrhunterteam/status/953313514629853184"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_envrial.yar#L11-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_envrial.yar#L11-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f047bedaac4dd934657b282a2587c55f3087a7cceb1a80becf14e7db3c365e8b"
score = 75
quality = 85
@@ -352932,8 +353344,8 @@ rule SIGNATURE_BASE_Hatman_Compiled_Python : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L86-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L86-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a18018e4c6ea5b7ab6e1dbdc050e565f66520676565db6d352f58a786097960f"
score = 75
quality = 85
@@ -352951,8 +353363,8 @@ rule SIGNATURE_BASE_Hatman_Injector : HATMAN
date = "2017-12-19"
modified = "2023-01-09"
reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L96-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L96-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "19edf44bec6e1cbccefa145c5ae1bf0820729a80ac3ef1c8e7100b465b487e3c"
score = 75
quality = 85
@@ -352970,8 +353382,8 @@ rule SIGNATURE_BASE_Hatman_Payload : HATMAN
date = "2017-12-19"
modified = "2023-12-05"
reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hatman.yar#L107-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hatman.yar#L107-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a6e5d2c2f2be35e6dc8b418e33419977460006923ecd9f029cacf51d8c0477a"
score = 75
quality = 85
@@ -352989,8 +353401,8 @@ rule SIGNATURE_BASE_WEBSHELL_JAVA_Versamem_JAR_Aug24_1 : FILE
date = "2024-08-27"
modified = "2024-08-29"
reference = "https://x.com/ryanaraine/status/1828440883315999117"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_volttyphoon_versamem.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_volttyphoon_versamem.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d21558eb6c8e700b8a4cb86fdaa5487179828152af68828e878397859d6d3952"
score = 75
quality = 85
@@ -353019,8 +353431,8 @@ rule SIGNATURE_BASE_WEBSHELL_JAVA_Versamem_JAR_Aug24_2 : FILE
date = "2024-08-29"
modified = "2024-12-12"
reference = "https://x.com/craiu/status/1828687700884336990"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_volttyphoon_versamem.yar#L27-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_volttyphoon_versamem.yar#L27-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bdf3bf5130c51c1355f179704933ca473a702595c580642035c8d3b9aad5725"
score = 75
quality = 60
@@ -353043,8 +353455,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Msg_CVE_2023_23397_Mar23 : CVE_2023_23397 FILE
date = "2023-03-15"
modified = "2024-12-03"
reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_outlook_cve_2023_23397.yar#L1-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_outlook_cve_2023_23397.yar#L1-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "47fee24586cd2858cfff2dd7a4e76dc95eb44c8506791ccc2d59c837786eafe3"
hash = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
hash = "6c0087a5cbccb3c776a471774d1df10fe46b0f0eb11db6a32774eb716e1b7909"
@@ -353076,8 +353488,8 @@ rule SIGNATURE_BASE_EXPL_SUSP_Outlook_CVE_2023_23397_Exfil_IP_Mar23 : CVE_2023_2
date = "2023-03-15"
modified = "2023-03-18"
reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_outlook_cve_2023_23397.yar#L41-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_outlook_cve_2023_23397.yar#L41-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "47fee24586cd2858cfff2dd7a4e76dc95eb44c8506791ccc2d59c837786eafe3"
hash = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
hash = "6c0087a5cbccb3c776a471774d1df10fe46b0f0eb11db6a32774eb716e1b7909"
@@ -353110,8 +353522,8 @@ rule SIGNATURE_BASE_EXPL_SUSP_Outlook_CVE_2023_23397_SMTP_Mail_Mar23 : CVE_2023_
date = "2023-03-17"
modified = "2023-03-24"
reference = "https://twitter.com/wdormann/status/1636491612686622723"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_outlook_cve_2023_23397.yar#L83-L112"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_outlook_cve_2023_23397.yar#L83-L112"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a361eb3abf98655f43efff2a5399f112d9ac2d23df85a642ab744c78e98330e0"
score = 60
quality = 85
@@ -353139,8 +353551,8 @@ rule SIGNATURE_BASE_Pirpi_1609_A : FILE
date = "2016-09-08"
modified = "2023-12-05"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_pirpi.yar#L10-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_pirpi.yar#L10-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "470745d0dd44c161ed6ec474f85531a3aca8ebb0adb98b902cb0b7465ca07d8b"
score = 75
quality = 85
@@ -353180,8 +353592,8 @@ rule SIGNATURE_BASE_Pirpi_1609_B : FILE
date = "2016-09-08"
modified = "2023-12-05"
reference = "http://goo.gl/igxLyF"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_pirpi.yar#L45-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_pirpi.yar#L45-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4dafff80fb7bfcffccf96d991245c13b3208fd4f5a21488d7d6885758ef05078"
score = 75
quality = 85
@@ -353211,8 +353623,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_1 : FILE
date = "2017-03-03"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kriskynote.yar#L11-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kriskynote.yar#L11-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cc4861f3a612cbaba6abf8ded76972941c879f04b59c29756bf0ba8083bf93ab"
score = 75
quality = 85
@@ -353239,8 +353651,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_2 : FILE
date = "2017-03-03"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kriskynote.yar#L32-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kriskynote.yar#L32-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4a1a7c1c75cc64df32d2f055538c5ad15418802733046471520c372a616f1e11"
score = 75
quality = 85
@@ -353264,8 +353676,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_3 : FILE
date = "2017-03-03"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kriskynote.yar#L48-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kriskynote.yar#L48-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fda8a7944cdd12cadb1c902664909a8164835f660e6fa56209bc51164a90e77c"
score = 75
quality = 85
@@ -353291,8 +353703,8 @@ rule SIGNATURE_BASE_PLEAD_Downloader_Jun18_1 : FILE
date = "2018-06-16"
modified = "2023-12-05"
reference = "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_plead_downloader.yar#L1-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_plead_downloader.yar#L1-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "82fa4629aeb67a657af8b40527414e59d1c45a7c4e3c68398d3472c080c9487b"
score = 75
quality = 85
@@ -353320,8 +353732,8 @@ rule SIGNATURE_BASE_APT_MAL_Revil_Kaseya_Jul21_1 : FILE
date = "2021-07-02"
modified = "2023-12-05"
reference = "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_revil_general.yar#L3-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_revil_general.yar#L3-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a7f9fa8f8e8a3a25728aa6a334924e0b4075f3422df6b92a2f544bb0ebb6bfad"
score = 75
quality = 85
@@ -353352,8 +353764,8 @@ rule SIGNATURE_BASE_APT_MAL_Revil_Kaseya_Jul21_2 : FILE
date = "2021-07-02"
modified = "2023-12-05"
reference = "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_revil_general.yar#L32-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_revil_general.yar#L32-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "44948d93c71370a9976f22bf78cd1af80359f2c9804ea7995791109785cfaf84"
score = 75
quality = 85
@@ -353386,8 +353798,8 @@ rule SIGNATURE_BASE_APT_MAL_RANSOM_Vicesociety_Polyvice_Jan23_1 : FILE
date = "2023-01-12"
modified = "2023-01-13"
reference = "https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_vicesociety_dec22.yar#L2-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_vicesociety_dec22.yar#L2-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c7b76a693e5666515afee5c819b21e119ce5f1b0be675252673e6a24251ce8d"
score = 75
quality = 60
@@ -353418,8 +353830,8 @@ rule SIGNATURE_BASE_APT_MAL_RANSOM_Vicesociety_Chily_Jan23_1 : FILE
date = "2023-01-12"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_vicesociety_dec22.yar#L33-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_vicesociety_dec22.yar#L33-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fc2967d86bf73033e68b8b9409a197ae8f7fcdf06e1e2a17e3d277d243caa541"
score = 80
quality = 83
@@ -353451,8 +353863,8 @@ rule SIGNATURE_BASE_Crime_H2Miner_Kinsing : FILE
date = "2020-06-09"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_h2miner_kinsing.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_h2miner_kinsing.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8795f01f4ce85ca37a4e4667a4ee9756dae6af42884cf79830877a5c35a3bd3b"
score = 75
quality = 85
@@ -353481,8 +353893,8 @@ rule SIGNATURE_BASE_Korplug_FAST : FILE
date = "2015-08-20"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_korplug_fast.yar#L1-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_korplug_fast.yar#L1-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371"
logic_hash = "31aeb634eecc0f93353432b0dde113bfb54810ea74b02f959447a1d42e7e9e1b"
score = 75
@@ -353512,8 +353924,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_Keylogger_Unknown_Nov19_1 : FILE
date = "2019-11-06"
modified = "2023-12-05"
reference = "https://twitter.com/CNMF_VirusAlert/status/1192131508007505921"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_gen.yar#L2-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_gen.yar#L2-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a3b5c82cb8aa09e3c1b955bb175046e86f96da1f187eb46df83caaaf9e1370b2"
score = 75
quality = 85
@@ -353555,8 +353967,8 @@ rule SIGNATURE_BASE_Servantshell : FILE
date = "2017-02-02"
modified = "2023-12-05"
reference = "https://tinyurl.com/jmp7nrs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_servantshell.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_servantshell.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "739057dc95831c9ed35981b40c606ecd0b3fd2118b42ed7c09e200dc0bc395db"
score = 70
quality = 85
@@ -353582,8 +353994,8 @@ rule SIGNATURE_BASE_MAL_Gandcrab_Apr18_1 : FILE
date = "2018-04-23"
modified = "2023-12-05"
reference = "https://twitter.com/MarceloRivero/status/988455516094550017"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_mal_grandcrab.yar#L3-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_mal_grandcrab.yar#L3-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "70fc8deb91126a7404095aaa512e9b7542fe8605f83a037a10f8ccff76c27d4f"
score = 75
quality = 85
@@ -353603,8 +354015,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Revil_Oct20_1 : FILE
date = "2020-10-13"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_revil.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_revil.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "756e49362c01abbca3208967630f09ed957e5c51956e0e5210b0167590582a82"
score = 75
quality = 85
@@ -353634,8 +354046,8 @@ rule SIGNATURE_BASE_Tscookie_RAT : FILE
date = "2018-03-06"
modified = "2023-12-05"
reference = "http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_tscookie_rat.yar#L13-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_tscookie_rat.yar#L13-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c6121c541a77219b17351787973a4bc06a8d941ebd5f9e5e1e14ad4740a3fe7b"
score = 75
quality = 85
@@ -353661,8 +354073,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Fakefilemaker : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DamonMohammadbagher/FakeFileMaker"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L3-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L3-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27d402835f31b6383c837e90248ae5c6d22f4c267d52625ebfbcc2ee5099ccad"
score = 75
quality = 85
@@ -353685,8 +354097,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Wmipersistence : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/mdsecactivebreach/WMIPersistence"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L18-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L18-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f8f5e1b6d9b9e8e2f76a7e02385142bbeb755d1b1e41e501f4f74fcaba0a7dad"
score = 75
quality = 85
@@ -353709,8 +354121,8 @@ rule SIGNATURE_BASE_HKTL_NET_Adcollector_Sep22_1 : FILE
date = "2022-09-15"
modified = "2024-12-10"
reference = "https://github.com/dev-2null/ADCollector"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L55-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L55-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "66d5363e885378c442e7532f69d4c36618d7a0f5dbe67490631d1ed5078d3fba"
score = 75
quality = 85
@@ -353738,8 +354150,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Maliciousclickoncegenerator : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/Mr-Un1k0d3r/MaliciousClickOnceGenerator"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L77-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L77-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "91e5878d49ad9af5420d4e29afaa600337fb8051951598a997cd74d72c884206"
score = 75
quality = 85
@@ -353762,8 +354174,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Directinjectorpoc : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/badBounty/directInjectorPOC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L92-L105"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L92-L105"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ffdc5694668af6c82b493403373d2e2e915e45bca8d58ec1ab41c5a8bd28d781"
score = 75
quality = 85
@@ -353786,8 +354198,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Asstrongasfuck : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/Charterino/AsStrongAsFuck"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L107-L120"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L107-L120"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4765f2099bf8fa8ebccd8cdcc561354f4aeba28c2473fd8556f1ef1d5d28dadd"
score = 75
quality = 85
@@ -353810,8 +354222,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Magentoscanner : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/soufianetahiri/MagentoScanner"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L122-L135"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L122-L135"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "245dce3be07c8e84dfcd2cdb2d9f24406a9b11b437e74969f1472a6ee149fd9c"
score = 75
quality = 85
@@ -353834,8 +354246,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Revengerat_Stub_Cssharp : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/NYAN-x-CAT/RevengeRAT-Stub-CSsharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L137-L150"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L137-L150"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a3bd1f8e52e6ed468b6a4fea83456ca813b69e2d676dfab687bbea5a746fed3c"
score = 75
quality = 85
@@ -353858,8 +354270,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpyshell : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/antonioCoco/SharPyShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L152-L165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L152-L165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "89d0010c08349f8982c7f5aa5f7855702556ce10f9f3b5b18b61349c5233e001"
score = 75
quality = 85
@@ -353882,8 +354294,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ghostloader : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/TheWover/GhostLoader"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L167-L180"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L167-L180"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "91527b4b35f2bb1aeee236647c5169c67f2b9cfb867f2b6d486bd8d8b7455d4b"
score = 75
quality = 85
@@ -353906,8 +354318,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Dotnetinject : FILE
date = "2021-01-22"
modified = "2022-06-28"
reference = "https://github.com/dtrizna/DotNetInject"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L182-L202"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L182-L202"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "07ba4ba23372dbc2618dcea89ef643cd68371ace1116bfeb939b0f9adfc425bb"
score = 75
quality = 85
@@ -353932,8 +354344,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Atpminidump : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/b4rtik/ATPMiniDump"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L204-L217"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L204-L217"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7498ed5d11b9c3646ebd2d1330a239c43e9c5b270b1778871c2821a2fefb5137"
score = 75
quality = 85
@@ -353956,8 +354368,8 @@ rule SIGNATURE_BASE_SUSP_NET_NAME_Confuserex : FILE
date = "2021-01-22"
modified = "2021-01-25"
reference = "https://github.com/yck1509/ConfuserEx"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L219-L234"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L219-L234"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "beecb7b66830a033e2048da246d320c1ffc5015b280b34fb61aee87c8a42fff3"
score = 40
quality = 85
@@ -353980,8 +354392,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpbuster : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/passthehashbrowns/SharpBuster"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L236-L249"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L236-L249"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cdc19e03f75f34e6349937c0bff313298fc9310f361eec7af022c450d083ad96"
score = 75
quality = 85
@@ -354004,8 +354416,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Amsibypass : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/0xB455/AmsiBypass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L251-L269"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L251-L269"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8fa4ba512b34a898c4564a8eac254b6a786d195b"
logic_hash = "f93b1014c7e26462fbbd3cd572cfa21a09c5da915a9a51d3e58a46a2b9b7cfe4"
score = 75
@@ -354030,8 +354442,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Recon_AD : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/outflanknl/Recon-AD"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L271-L284"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L271-L284"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7bfafb2d3e85bb584bd02cb92457d22b07626f71d071c44a4aefbb5748045446"
score = 75
quality = 85
@@ -354054,8 +354466,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpwatchdogs : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/RITRedteam/SharpWatchdogs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L286-L299"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L286-L299"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b9410d7e502a5fd55e534d8fe79710d48cf65a0e9859bdd0fea6c8d32311df0"
score = 75
quality = 85
@@ -354078,8 +354490,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpcat : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/Cn33liz/SharpCat"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L301-L314"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L301-L314"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b9e5946f8df1649e71abf014aa6579edbbc93a12ddcc56f8d85d97ae087c8711"
score = 75
quality = 85
@@ -354102,8 +354514,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_K8Tools : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/k8gege/K8tools"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L316-L329"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L316-L329"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "370cab83917bbc76f7f3a1b7793773ddf139879880e55efe59c72a07b34120f1"
score = 75
quality = 85
@@ -354126,8 +354538,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Httpsbeaconshell : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/limbenjamin/HTTPSBeaconShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L331-L344"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L331-L344"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6a0d7e1f796ae6cefa297978c743916a08b2406c37fa2c1f3f697a17cb032517"
score = 75
quality = 85
@@ -354150,8 +354562,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ghostpack_Compiledbinaries : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L346-L359"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L346-L359"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8e90f07b7d1ec309e51e3606169a05c4bb2b2aa7e31ca26b21f927d648c13cd"
score = 75
quality = 85
@@ -354174,8 +354586,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Metasploit_Sharp : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/VolatileMindsLLC/metasploit-sharp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L361-L374"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L361-L374"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a1c4e077e197a5cdca8cb12713abb3fa86a3f6ea8e8f2f632c9c8e42d829acc"
score = 75
quality = 85
@@ -354198,8 +354610,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Trevorc2 : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/trustedsec/trevorc2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L376-L389"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L376-L389"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c1d56ef865e6619d9d0deff90b154c63cc3036a8521d3952819e45f51fca9fea"
score = 75
quality = 85
@@ -354222,8 +354634,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_DNS2 : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DamonMohammadbagher/NativePayload_DNS2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L391-L404"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L391-L404"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "765e6117f69fb58e5e71544badc8135b2ec641a74cc0489a7c79308ca2837bd7"
score = 75
quality = 85
@@ -354246,8 +354658,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Aggressiveproxy : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/EncodeGroup/AggressiveProxy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L406-L419"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L406-L419"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "702b0cc858cb1687962ac403a730e5f778bf51fc91627c50103e4299f4a3ca5f"
score = 75
quality = 85
@@ -354270,8 +354682,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Msbuildapicaller : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/rvrsh3ll/MSBuildAPICaller"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L421-L434"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L421-L434"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c1f33c759e6331c562dbf76ce7e34ee82d10070e331d0967143d9d7fad077fc"
score = 75
quality = 85
@@ -354294,8 +354706,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Graykeylogger : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DarkSecDevelopers/GrayKeylogger"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L436-L449"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L436-L449"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b8e12c5ddf0d50d0b3681594c8bc3410a24dab00035a5959e20d20045dacbbbd"
score = 75
quality = 85
@@ -354318,8 +354730,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Weevely3 : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/epinna/weevely3"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L451-L464"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L451-L464"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c57c6ba5276679a2d32e9b0ebb61059c5bed1ba45f9792ecef3d5c7244f38f24"
score = 75
quality = 85
@@ -354342,8 +354754,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Fudgec2 : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/Ziconius/FudgeC2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L466-L479"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L466-L479"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "89f3bf4b81a901e813c3021422c362d7e075dec7fd76240be121f677039f1994"
score = 75
quality = 85
@@ -354366,8 +354778,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_Reverse_Tcp : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DamonMohammadbagher/NativePayload_Reverse_tcp"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L481-L494"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L481-L494"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "055ee105cd46e54b4f49dd92975ecc08a6184fa8508585ee528d19de34914758"
score = 75
quality = 85
@@ -354390,8 +354802,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharphose : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/ustayready/SharpHose"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L496-L509"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L496-L509"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e3af2a156c2451f7ed2fe3e888fdf2ae080298f7eff56801ddc0c612f04902ee"
score = 75
quality = 85
@@ -354414,8 +354826,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_RAT_Njrat_0_7D_Modded_Source_Code : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/AliBawazeEer/RAT-NjRat-0.7d-modded-source-code"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L511-L524"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L511-L524"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f437195348452242adc8b55d6d517a17764c53188fa2de5cd15848fd23827381"
score = 75
quality = 85
@@ -354438,8 +354850,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Rdpthief : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/0x09AL/RdpThief"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L526-L539"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L526-L539"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8e472c8265d517e512eada819627d56ff449fae4d80054946e9ea96f74004f05"
score = 75
quality = 85
@@ -354462,8 +354874,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Runascs : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/antonioCoco/RunasCs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L541-L554"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L541-L554"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9fd22a3e92222134c101693b944a2ad53055f9cfafe99823fd6f412981f5afa3"
score = 75
quality = 85
@@ -354486,8 +354898,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_IP6DNS : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DamonMohammadbagher/NativePayload_IP6DNS"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L556-L569"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L556-L569"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "509c396b97524335735107644460eebed3146b2bc5f8dedb909c9754b2121f5f"
score = 75
quality = 85
@@ -354510,8 +354922,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_ARP : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DamonMohammadbagher/NativePayload_ARP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L571-L584"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L571-L584"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e8cecfe09f1cb80eb693eb293dfb8c1bc3885a96dfa045b2391216c5f6f6f983"
score = 75
quality = 85
@@ -354534,8 +354946,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_C2Bridge : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/cobbr/C2Bridge"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L586-L599"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L586-L599"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d5f6d6e9d475bf2d8a49d7550bf3b718539753f3494b58462094bfc0a37b813a"
score = 75
quality = 85
@@ -354558,8 +354970,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Infrastructure_Assessment : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/NyaMeeEain/Infrastructure-Assessment"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L601-L614"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L601-L614"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b2f1481c2880b5b3ee158f2a526ab7fc5e587bbf3847ebe9ddf447742109a78"
score = 75
quality = 85
@@ -354582,8 +354994,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Shellcodetester : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/tophertimzen/shellcodeTester"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L616-L629"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L616-L629"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3101b62428eba5e36572a190bd3a11f59cf9cca10aec3cfe3000028f1b1f0a3f"
score = 50
quality = 85
@@ -354606,8 +355018,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Gray_Hat_Csharp_Code : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/brandonprry/gray_hat_csharp_code"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L631-L644"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L631-L644"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4520528cd6b1832c97fa79442f9d448d54bad4e6944984fa6e71f34246259e28"
score = 75
quality = 85
@@ -354630,8 +355042,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_Reverseshell : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/DamonMohammadbagher/NativePayload_ReverseShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L646-L659"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L646-L659"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79ebde95674d76e58938b06a97cb6c65e6ac0606398fc9c30d90e517bbdd62a8"
score = 75
quality = 85
@@ -354654,8 +355066,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Dotnetavbypass : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/mandreko/DotNetAVBypass"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L661-L674"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L661-L674"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "574a5f1bc1873321042e932ddfd53853e8e06dff3b25f2ad41e6b8aaf150a8b2"
score = 75
quality = 85
@@ -354678,8 +355090,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Hexyrunner : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/bao7uo/HexyRunner"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L676-L689"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L676-L689"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c55be1fe285358378a98fd1027650dd20dd8cd0aad4dc062df7a0d4538c78c3b"
score = 75
quality = 85
@@ -354702,8 +355114,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpoffensiveshell : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/darkr4y/SharpOffensiveShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L691-L704"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L691-L704"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "36bcae7817eed375e48822a49e6875295ea1037217231a7f9ae88a9b8af95530"
score = 75
quality = 85
@@ -354726,8 +355138,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Reconness : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/reconness/reconness"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L706-L719"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L706-L719"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9cb7a3522bada1c724999058ec4ddfde09b22166f8fb3ba184dfe6bec276cfc5"
score = 75
quality = 85
@@ -354750,8 +355162,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Tvasion : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/loadenmb/tvasion"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L721-L734"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L721-L734"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b6262f751cbb85e702d89e7c5b4efdc8eaf3085101cd7685218ab1e8a2599385"
score = 75
quality = 85
@@ -354774,8 +355186,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ibombshell : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/Telefonica/ibombshell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L736-L749"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L736-L749"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "30de65328e2e2230eca3a30490e20c2c6d8ac9bdc835ee15d44300a00b801921"
score = 75
quality = 85
@@ -354798,8 +355210,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Remoteprocessinjection : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/Mr-Un1k0d3r/RemoteProcessInjection"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L751-L764"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L751-L764"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87d803c361462877f5ebba2a70f611c95b8684fe9f9f747ccf9643fc4e97d9df"
score = 75
quality = 85
@@ -354822,8 +355234,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_CACTUSTORCH : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/mdsecactivebreach/CACTUSTORCH"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L766-L779"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L766-L779"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51a125a44b5d1e73509bcd29865b26f44a5ee53f6907ee9abffa3eef1bbbdea8"
score = 75
quality = 85
@@ -354846,8 +355258,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Pandasniper : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/QAX-A-Team/PandaSniper"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L781-L794"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L781-L794"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c5a32f22a429777186d88f3fcfa79ad4d971e86ebd6117df74aae19728c6addd"
score = 75
quality = 85
@@ -354870,8 +355282,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Xbapappwhitelistbypasspoc : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/jpginc/xbapAppWhitelistBypassPOC"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L796-L809"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L796-L809"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c79b70d3a72084dff391ba297518c4fe748d35b794278c4edf2d1faa4bd216e"
score = 75
quality = 85
@@ -354894,8 +355306,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Stagestrike : FILE
date = "2021-01-22"
modified = "2024-12-10"
reference = "https://github.com/RedXRanger/StageStrike"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_github_net_redteam_tools_names.yar#L811-L824"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_github_net_redteam_tools_names.yar#L811-L824"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99abc2fee732f27ea94c8ce244dc1742ed01a7753adedd7e80226d1e1c8dee4a"
score = 75
quality = 85
@@ -354918,8 +355330,8 @@ rule SIGNATURE_BASE_Gen_Excel_Auto_Open_Evasion : FILE
date = "2020-09-24"
modified = "2023-12-05"
reference = "https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_excel_auto_open_evasion.yar#L1-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_excel_auto_open_evasion.yar#L1-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e23f9f55e10f3f31a2e76a12b174b6741a2fa1f51cf23dbd69cf169d92c56ed5"
logic_hash = "d7d81683b9abd7b89d6d6ee4d14ff37359acd353a6bd1d88bc793525c8f203d9"
score = 70
@@ -354947,8 +355359,8 @@ rule SIGNATURE_BASE_EXT_HKTL_MAL_Tinyshell_Backdoor : FILE
date = "2022-03-17"
modified = "2026-01-30"
reference = "https://www.mandiant.com/resources/blog/unc2891-overview"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2891_tinyshell_slapstick.yar#L1-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2891_tinyshell_slapstick.yar#L1-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fe9def11dced638ad38236652877427b61d7138fc8c6ce3fe7f1403c367468f"
score = 80
quality = 85
@@ -354985,8 +355397,8 @@ rule SIGNATURE_BASE_EXT_HKTL_MAL_Tinyshell_Backdoor_SPARC : FILE
date = "2022-03-17"
modified = "2026-01-30"
reference = "https://www.mandiant.com/resources/blog/unc2891-overview"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2891_tinyshell_slapstick.yar#L30-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2891_tinyshell_slapstick.yar#L30-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cda78e26c2e274d24d1e4656fcd09af2930f43af7fac01a3f410a5692d79a5ae"
score = 80
quality = 85
@@ -355008,8 +355420,8 @@ rule SIGNATURE_BASE_EXT_APT_UNC2891_SLAPSTICK : FILE
date = "2022-03-17"
modified = "2026-01-30"
reference = "https://www.mandiant.com/resources/blog/unc2891-overview"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2891_tinyshell_slapstick.yar#L44-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2891_tinyshell_slapstick.yar#L44-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b046a949dab2f38b8181782cc6ea0782d2e102c0c30bc782de74112a77c23d6e"
score = 80
quality = 85
@@ -355032,8 +355444,8 @@ rule SIGNATURE_BASE_Invoke_Mimikittenz : FILE
date = "2016-07-19"
modified = "2023-12-05"
reference = "https://github.com/putterpanda/mimikittenz"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mimikittenz.yar#L10-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mimikittenz.yar#L10-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f0410a0290d09d3574854b55ffe578f6f799368e14677b581cd65d18700a8656"
score = 90
quality = 85
@@ -355060,8 +355472,8 @@ rule SIGNATURE_BASE_KINS_Dropper
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/arPhm3"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kins_dropper.yar#L1-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kins_dropper.yar#L1-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cdab93f823e13e0c3104de8e05cb1572f83fb5294f359698092d73fc7983955b"
score = 75
quality = 85
@@ -355094,11 +355506,11 @@ rule SIGNATURE_BASE_KINS_DLL_Zeus
date = "2016-02-15"
modified = "2023-12-05"
reference = "http://goo.gl/arPhm3"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_kins_dropper.yar#L28-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_kins_dropper.yar#L28-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bd1ebe7976d1f93856b4f8d1d62d8fff68ce6234204da9fbdc233ddbef56864d"
score = 75
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -355125,8 +355537,8 @@ rule SIGNATURE_BASE_EXT_HKTL_Nighthawk_RAT : FILE
date = "2022-11-22"
modified = "2025-07-01"
reference = "https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_nighthawk_c2.yar#L3-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_nighthawk_c2.yar#L3-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46404445e1fee89b598b0d42888f793dd602533cff2f72524800597af5b61197"
score = 75
quality = 85
@@ -355157,8 +355569,8 @@ rule SIGNATURE_BASE_HKTL_MAL_Nighthawk_Nov_2022_1 : NIGHTHAWK BEACON FILE
date = "2022-11-22"
modified = "2025-07-01"
reference = "https://web.archive.org/web/20221125224850/https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_nighthawk_c2.yar#L32-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_nighthawk_c2.yar#L32-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8dec7752ee6e1af87129ce7ac09130f94a20807c4f45ceb1fce434358ac727bf"
score = 75
quality = 85
@@ -355185,8 +355597,8 @@ rule SIGNATURE_BASE_Sysinternals_Tool_Anomaly : FILE
date = "2016-12-06"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_sysinternals_anomaly.yar#L10-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_sysinternals_anomaly.yar#L10-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "760795a51965197bd101ffbf0f7c8cfbbb16d2f443d0941de4a75c8f33f4cad0"
score = 50
quality = 85
@@ -355215,8 +355627,8 @@ rule SIGNATURE_BASE_MAL_CRIME_RAT_WIN_PE_Godrat_Aug25 : GODRAT RAT WINDOWS GH0ST
date = "2025-08-23"
modified = "2025-09-09"
reference = "https://securelist.com/godrat/117119/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_crime_win_pe_godrat_aug25.yar#L4-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_crime_win_pe_godrat_aug25.yar#L4-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "154e800ed1719dbdcb188c00d5822444717c2a89017f2d12b8511eeeda0c2f41"
logic_hash = "eda3175277bbf9f6408f5d2dd25d6780552aad4104fe62bb92125c734f9fdd98"
score = 75
@@ -355252,8 +355664,8 @@ rule SIGNATURE_BASE_Lokibot_Dropper_Scancopypdf_Feb18 : FILE
date = "2018-02-14"
modified = "2023-12-05"
reference = "https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_loki_bot.yar#L11-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_loki_bot.yar#L11-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b9f10a09d91c10731e34dc88f87104693cdc794ddc3c63ee382f976d0a75f30f"
score = 75
quality = 85
@@ -355280,8 +355692,8 @@ rule SIGNATURE_BASE_Lokibot_Dropper_Packed_R11_Feb18 : FILE
date = "2018-02-14"
modified = "2023-12-05"
reference = "https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_loki_bot.yar#L33-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_loki_bot.yar#L33-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ca39cac8dcbbbe1697ef96bde60c522bb9cc190c208483220aa96bc672f325a"
score = 75
quality = 85
@@ -355304,8 +355716,8 @@ rule SIGNATURE_BASE_Chafer_Mimikatz_Custom : FILE
date = "2018-03-22"
modified = "2023-12-05"
reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_chafer_mar18.yar#L11-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_chafer_mar18.yar#L11-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d3b74be6d221592fb867bd9589f5e4b246a093bd276efa3515d9e948a38eda48"
score = 75
quality = 85
@@ -355327,8 +355739,8 @@ rule SIGNATURE_BASE_Chafer_Exploit_Copyright_2017 : FILE
date = "2018-03-22"
modified = "2023-12-05"
reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_chafer_mar18.yar#L25-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_chafer_mar18.yar#L25-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "53d3e735bc368de152f4f4058617bc2cc5574bc13777f743442ff2bfafe92791"
score = 75
quality = 85
@@ -355353,8 +355765,8 @@ rule SIGNATURE_BASE_Chafer_Portscanner : FILE
date = "2018-03-22"
modified = "2023-12-05"
reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_chafer_mar18.yar#L45-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_chafer_mar18.yar#L45-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6e0475a5c0fc8155359376113f88f3de080968388bd3ea60664a063540688faf"
score = 75
quality = 85
@@ -355378,8 +355790,8 @@ rule SIGNATURE_BASE_Oilrig_Myrtille : FILE
date = "2018-03-22"
modified = "2022-12-21"
reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_chafer_mar18.yar#L61-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_chafer_mar18.yar#L61-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "373115c0a3fbfe93435aca07cbac52c7649a77d8b7d6eda8af5ce4a1a42e53a6"
score = 75
quality = 85
@@ -355403,8 +355815,8 @@ rule SIGNATURE_BASE_Chafer_Packed_Mimikatz : FILE
date = "2018-03-22"
modified = "2023-12-05"
reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_chafer_mar18.yar#L78-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_chafer_mar18.yar#L78-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0cee5270c9b76f1419c6989113dca221c5ba6f027a104d71f61d38cb59af51cd"
score = 75
quality = 85
@@ -355428,8 +355840,8 @@ rule SIGNATURE_BASE_Oilrig_PS_Cnc : FILE
date = "2018-03-22"
modified = "2023-12-05"
reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig_chafer_mar18.yar#L94-L107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig_chafer_mar18.yar#L94-L107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0566f0707021af0d08426eec497292098273d46b020a5f0be6b98835ceeb82bc"
score = 75
quality = 85
@@ -355452,8 +355864,8 @@ rule SIGNATURE_BASE_Zeus_Panda : FILE
date = "2017-08-04"
modified = "2023-12-05"
reference = "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_zeus_panda.yar#L11-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_zeus_panda.yar#L11-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "63312763196259204dcee6b6c46ae1a16abeab0afabbce9e2e8413131856b04e"
score = 75
quality = 85
@@ -355484,8 +355896,8 @@ rule SIGNATURE_BASE_SUSP_Macro_Staroffice : FILE
date = "2019-02-06"
modified = "2021-05-27"
reference = "https://twitter.com/JohnLaTwC/status/1093259873993732096"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_macro_staroffice_suspicious.yar#L1-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_macro_staroffice_suspicious.yar#L1-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49385335488fa0a598ed48203d9483c5c2f53ae287e003a8cf7d64d56280e62a"
score = 60
quality = 81
@@ -355525,8 +355937,8 @@ rule SIGNATURE_BASE_MAL_Hogfish_Report_Related_Sample : FILE
date = "2018-05-01"
modified = "2023-12-05"
reference = "https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt10_redleaves.yar#L13-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt10_redleaves.yar#L13-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bff74f7a72a3e40e828284ed37b2f7ea64d8df52e946372d38e379d9b7b7a445"
score = 75
quality = 85
@@ -355552,8 +355964,8 @@ rule SIGNATURE_BASE_MAL_Redleaves_Apr18_1 : FILE
date = "2018-05-01"
modified = "2023-12-05"
reference = "https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt10_redleaves.yar#L33-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt10_redleaves.yar#L33-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e34b95e96de88aef20050b6b9580600365284117918c24f76c884b089fa20623"
score = 75
quality = 85
@@ -355574,8 +355986,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Implantstrings : FILE
date = "2015-04-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hellsing_kaspersky.yar#L2-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hellsing_kaspersky.yar#L2-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d62dc766a40d1dc7044cc5c9f07a78d36e231b771fafb52442b26514f4c603db"
score = 75
quality = 85
@@ -355612,8 +356024,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Installer : FILE
date = "2015-04-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hellsing_kaspersky.yar#L31-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hellsing_kaspersky.yar#L31-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "556898e9507835d93e2cf7e21e997b6e64dc154ac675b429f5f8226bf929309c"
score = 75
quality = 85
@@ -355647,8 +356059,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Proxytool : FILE
date = "2015-04-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hellsing_kaspersky.yar#L56-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hellsing_kaspersky.yar#L56-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8f2656e7b4e6fb5336fb4e39bcec3e99531db532f757b65e3aa12cd2a4334840"
score = 50
quality = 85
@@ -355676,8 +356088,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Xkat : FILE
date = "2015-04-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hellsing_kaspersky.yar#L76-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hellsing_kaspersky.yar#L76-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ba74ca11c96e59a04f1cb57b4866df7a581ad94ca81230f2ca5068c8808297aa"
score = 75
quality = 85
@@ -355711,8 +356123,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Msgertype2 : FILE
date = "2015-04-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hellsing_kaspersky.yar#L99-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hellsing_kaspersky.yar#L99-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "232e4dfd8d236da223240d9a4ec3f8bfa635d51d7376ff19dfa5579af31fc47f"
score = 75
quality = 85
@@ -355740,8 +356152,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Irene : FILE
date = "2015-04-07"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hellsing_kaspersky.yar#L119-L137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hellsing_kaspersky.yar#L119-L137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e7da04083468dba7045b55181642d7cd57d543fbeda24685ba2ac63799740798"
score = 75
quality = 85
@@ -355769,8 +356181,8 @@ rule SIGNATURE_BASE_Ransom_Lockergoga_Mar19_1 : FILE
date = "2019-03-19"
modified = "2023-12-05"
reference = "https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_lockergoga.yar#L2-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_lockergoga.yar#L2-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "076d799113f5bf6c00aa29895cca83ff86e89706cf15ca6971a991d345d0ad65"
score = 75
quality = 85
@@ -355804,8 +356216,8 @@ rule SIGNATURE_BASE_Emdivi_SFX : FILE
date = "2015-08-20"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bluetermite_emdivi.yar#L9-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bluetermite_emdivi.yar#L9-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3257983c64c52f36b04e3fe7b12180a37531338349137d4df00fc6f704557b2e"
score = 70
quality = 85
@@ -355832,8 +356244,8 @@ rule SIGNATURE_BASE_Emdivi_Gen1 : FILE
date = "2015-08-20"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bluetermite_emdivi.yar#L32-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bluetermite_emdivi.yar#L32-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e1895926f6327bf301b8618f9162cacb30ad96f181f197559d399675e2cd93c6"
score = 80
quality = 85
@@ -355869,8 +356281,8 @@ rule SIGNATURE_BASE_Emdivi_Gen2 : FILE
date = "2015-08-20"
modified = "2023-01-27"
reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bluetermite_emdivi.yar#L62-L85"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bluetermite_emdivi.yar#L62-L85"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c40306d646c5bf8c3aff1bc697b81997b4d635ccf237775e2bea96b89f7fa001"
score = 80
quality = 85
@@ -355901,8 +356313,8 @@ rule SIGNATURE_BASE_MAL_Emdivi_Gen3 : FILE
date = "2015-08-20"
modified = "2023-01-06"
reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bluetermite_emdivi.yar#L87-L114"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bluetermite_emdivi.yar#L87-L114"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ff89a0855481d723f23e0c00f6b6eaf912e6df3a7e9ebe4ff1e6ccf2b02f0888"
score = 80
quality = 85
@@ -355932,8 +356344,8 @@ rule SIGNATURE_BASE_Emdivi_Gen4 : FILE
date = "2015-08-20"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bluetermite_emdivi.yar#L116-L143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bluetermite_emdivi.yar#L116-L143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9c1645023ceefdb849cf4b0e60de8c608bfd5e15d3aac6d16d68a36140a8ebed"
score = 80
quality = 79
@@ -355969,8 +356381,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Nov21_1 : FILE
date = "2021-11-23"
modified = "2023-12-05"
reference = "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_spring4shell.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_spring4shell.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1dac7706421961c71ba6f8d7a223b80e4b77bf206bfb64ee18c7cc894b062a3c"
score = 70
quality = 85
@@ -355994,8 +356406,8 @@ rule SIGNATURE_BASE_EXPL_POC_Springcore_0Day_Indicators_Mar22_1
date = "2022-03-30"
modified = "2023-12-05"
reference = "https://twitter.com/vxunderground/status/1509170582469943303"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_spring4shell.yar#L19-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_spring4shell.yar#L19-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "39fb62ec7953dae0a88e39e73e3ff286fc19cb8f21f8feb869a1875f6ba70cfb"
score = 70
quality = 85
@@ -356019,8 +356431,8 @@ rule SIGNATURE_BASE_EXPL_POC_Springcore_0Day_Webshell_Mar22_1 : FILE
date = "2022-03-30"
modified = "2023-12-05"
reference = "https://twitter.com/vxunderground/status/1509170582469943303"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_spring4shell.yar#L36-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_spring4shell.yar#L36-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "17282b66899356a6051f0b47a7a3f02265737283d760f2256e03a2b934bb63b8"
score = 70
quality = 85
@@ -356043,8 +356455,8 @@ rule SIGNATURE_BASE_Winpayloads_Powershell : FILE
date = "2017-07-11"
modified = "2023-12-05"
reference = "https://github.com/nccgroup/Winpayloads"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winpayloads.yar#L12-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winpayloads.yar#L12-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9e75f7190327f08c5e204977c6714c93951a6db0ddf000c8b37db37131b9def"
score = 75
quality = 85
@@ -356070,8 +356482,8 @@ rule SIGNATURE_BASE_Winpayloads_Payload : FILE
date = "2017-07-11"
modified = "2023-12-05"
reference = "https://github.com/nccgroup/Winpayloads"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_winpayloads.yar#L30-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_winpayloads.yar#L30-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a22eeafa320bcf0d41de402223d3ad51d8625ffaa68fe24be864ffcf72a64a2"
score = 75
quality = 85
@@ -356101,8 +356513,8 @@ rule SIGNATURE_BASE_APT_MAL_DTRACK_Oct19_1 : FILE
date = "2019-10-28"
modified = "2023-12-05"
reference = "https://twitter.com/a_tweeter_user/status/1188811977851887616?s=21"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dtrack.yar#L2-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dtrack.yar#L2-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b99bc8ec4df7185da306365dc2a24a0849ff0d5d92269daaa1efbb20f5e5bf83"
score = 75
quality = 85
@@ -356150,8 +356562,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b874b76ff7b281c8baa80e4a71fc9be514093c70"
logic_hash = "938df757d1f5ee1028d61dbc2ab76a33c788a44f87cb0d84626420e20bfb5fa4"
score = 70
@@ -356179,8 +356591,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_2 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L24-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L24-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "333f956bf3d5fc9b32183e8939d135bc0fcc5770"
logic_hash = "58d62278d776c9f7c3ae0815aa4b248f85c5fc648405b8d1ba2b8eb2847e1e88"
score = 70
@@ -356223,8 +356635,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_3 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L60-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L60-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "df3e1668ac20edecc12f2c1a873667ea1a6c3d6a"
logic_hash = "96f8324dcf85f5baa64178774abf17516a9e023dd6fa38e2bce0fe5159a4f704"
score = 70
@@ -356249,8 +356661,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_4 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L79-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L79-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "558f0f0b728b6da537e2666fbf32f3c9c7bd4c0c"
logic_hash = "7ba10269d31e985dff582ae4103ef1179172ae475e078161864f185380bb5035"
score = 70
@@ -356281,8 +356693,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_5 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L103-L123"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L103-L123"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "545e261b3b00d116a1d69201ece8ca78d9704eb2"
logic_hash = "3f88b673b80b67a110915285a87ead265ad0176ea414426ba55e780e3aa396fe"
score = 70
@@ -356311,8 +356723,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_6 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L126-L164"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L126-L164"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d77fd224b8d2dfd506faf0d3e359bf04172cc2854dc737e05c4bf99d0e1f3f7"
score = 70
quality = 85
@@ -356355,8 +356767,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_7 : FILE
date = "2015-06-03"
modified = "2023-12-05"
reference = "VT Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L166-L185"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L166-L185"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9480cf544beeeb63ffd07442233eb5c5f0cf03b3"
logic_hash = "28db3fb7fa5b5e60ad1d1cc2b6d3d9d30a1948491105439201574ca354eb8bd1"
score = 70
@@ -356384,8 +356796,8 @@ rule SIGNATURE_BASE_Poisonivy_RAT_Ssmuidll : FILE
date = "2016-04-22"
modified = "2023-12-05"
reference = "http://goo.gl/WiwtYT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_poisonivy.yar#L196-L230"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_poisonivy.yar#L196-L230"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d048d88cac40f4fe3affee8d9dad35a7347a5459fbdd56b08a77ece4f6c2ac08"
score = 75
quality = 85
@@ -356414,8 +356826,8 @@ rule SIGNATURE_BASE_Powershell_Isesteroids_Obfuscation
date = "2017-06-23"
modified = "2025-02-12"
reference = "https://twitter.com/danielhbohannon/status/877953970437844993"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_obfuscation.yar#L11-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_obfuscation.yar#L11-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d9476f679614e34a0d13664baffd15b0bdb896f7eeca2c9de66bdc0d65a2eec"
score = 75
quality = 85
@@ -356440,8 +356852,8 @@ rule SIGNATURE_BASE_SUSP_Obfuscted_Powershell_Code
date = "2018-12-13"
modified = "2025-02-12"
reference = "https://twitter.com/silv0123/status/1073072691584880640"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_obfuscation.yar#L28-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_obfuscation.yar#L28-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "afd7e4b88c812b23441549565a18fde18c24fe91ec467455002ef338e092ebf9"
score = 65
quality = 85
@@ -356464,8 +356876,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_Caret_Obfuscation_2
date = "2019-07-20"
modified = "2025-02-12"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_obfuscation.yar#L43-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_obfuscation.yar#L43-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0aa21df64d61cb299b0f77da8b97e8cfc379622a8092e71657c478519d83fd31"
score = 65
quality = 31
@@ -356487,8 +356899,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Powershell_True_Jun20_1 : FILE
date = "2020-06-27"
modified = "2025-02-12"
reference = "https://github.com/corneacristian/mimikatz-bypass/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powershell_obfuscation.yar#L57-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powershell_obfuscation.yar#L57-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8f33762e6e93fcf6b423b34eb1abefae2ae91b51048303947f7c1601823630d7"
score = 75
quality = 85
@@ -356515,8 +356927,8 @@ rule SIGNATURE_BASE_Fareit_Trojan_Oct15 : FILE
date = "2015-10-18"
modified = "2023-12-05"
reference = "http://goo.gl/5VYtlU"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_fareit.yar#L8-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_fareit.yar#L8-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ef47e81483d5edf67d489a9a35ce56667e293350534e780d7d93b1fbc5f7113a"
score = 80
quality = 85
@@ -356547,8 +356959,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkbit_Feb23_1 : FILE
date = "2023-02-13"
modified = "2023-12-05"
reference = "https://twitter.com/idonaor1/status/1624703255770005506?s=12&t=mxHaauzwR6YOj5Px8cIeIw"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_darkbit_feb23.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_darkbit_feb23.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ba1baea7cb7362160c4b00b0355000a789b238c1ec82b840479c04028e6ca3ab"
score = 75
quality = 85
@@ -356573,8 +356985,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkbit_Feb23_2 : FILE
date = "2023-02-13"
modified = "2023-12-05"
reference = "https://www.hybrid-analysis.com/sample/9107be160f7b639d68fe3670de58ed254d81de6aec9a41ad58d91aa814a247ff?environmentId=160"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ransom_darkbit_feb23.yar#L25-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ransom_darkbit_feb23.yar#L25-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "577435536300902811612a3415e82420574c98345b91b21fb2bfd2bfde396bec"
score = 75
quality = 85
@@ -356601,8 +357013,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_1
date = "2022-12-22"
modified = "2023-12-05"
reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxynotshell_owassrf_dec22.yar#L2-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxynotshell_owassrf_dec22.yar#L2-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e8f5a3440f8b4b1850fddbd19f63796ad0f28178c678e9f464b7e4ab5ca944f"
score = 70
quality = 85
@@ -356628,11 +357040,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_2
date = "2022-12-22"
modified = "2023-12-05"
reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxynotshell_owassrf_dec22.yar#L24-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxynotshell_owassrf_dec22.yar#L24-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73ce86b7a673719c916666fa06963b774edad5b2cd804994614afd83ea75ecef"
score = 60
- quality = 60
+ quality = 85
tags = "CVE-2022-41040, CVE-2022-41082"
strings:
@@ -356655,8 +357067,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_3
date = "2022-12-22"
modified = "2023-12-05"
reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxynotshell_owassrf_dec22.yar#L47-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxynotshell_owassrf_dec22.yar#L47-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "607d3743a46e0c5000b9c7847dd89f5d7ccf29f4f1af9bce6870d7738f071f5c"
score = 60
quality = 85
@@ -356682,8 +357094,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_Powershell_Proxy_Log_Dec22_1 : CVE_20
date = "2022-12-22"
modified = "2023-01-26"
reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_proxynotshell_owassrf_dec22.yar#L68-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_proxynotshell_owassrf_dec22.yar#L68-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f2aac61bc17f74901ec8d638d5cfaaa45bbd2a4e40e5d915bf2a946daed411d2"
score = 70
quality = 85
@@ -356707,8 +357119,8 @@ rule SIGNATURE_BASE_PS_AMSI_Bypass : FILE
date = "2017-07-19"
modified = "2023-12-05"
reference = "https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L4-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L4-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87188c6cbb7d89c25faafb297a7c0e52321c661c84cdefd5604785c687190fcd"
score = 65
quality = 85
@@ -356730,8 +357142,8 @@ rule SIGNATURE_BASE_JS_Suspicious_Obfuscation_Dropbox
date = "2017-07-19"
modified = "2023-12-05"
reference = "https://twitter.com/ItsReallyNick/status/887705105239343104"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L19-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L19-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "19d1dd25c4a5e18dca131709a64c3537278754ec9d67b0bb49bde9b1493d3dc7"
score = 70
quality = 85
@@ -356754,8 +357166,8 @@ rule SIGNATURE_BASE_JS_Suspicious_MSHTA_Bypass
date = "2017-07-19"
modified = "2023-12-05"
reference = "https://twitter.com/ItsReallyNick/status/887705105239343104"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L35-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L35-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "df68cac0da19c5705353f26fc3f2a99556b7230f9d4f52e7a2e35cb48997b699"
score = 70
quality = 85
@@ -356779,8 +357191,8 @@ rule SIGNATURE_BASE_Javascript_Run_Suspicious
date = "2017-08-23"
modified = "2023-12-05"
reference = "https://twitter.com/craiu/status/900314063560998912"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L52-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L52-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "39d2292d3749c63780dc7ca7a2414ba02e2b0e1edec7ec6a16b42aba2c44c23a"
score = 60
quality = 85
@@ -356803,8 +357215,8 @@ rule SIGNATURE_BASE_Certutil_Decode_OR_Download : FILE
date = "2017-08-29"
modified = "2023-10-19"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L70-L93"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L70-L93"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5640dcfedc028cc40b0376d328758b504eb1ff860da94648b435eadb760d9724"
score = 40
quality = 85
@@ -356832,8 +357244,8 @@ rule SIGNATURE_BASE_Suspicious_JS_Script_Content : FILE
date = "2017-12-02"
modified = "2023-12-05"
reference = "Research on Leviathan https://goo.gl/MZ7dRg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L95-L112"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L95-L112"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1dbc1a266d710a70a77c81d5b872d0d324423250a9f34455faef53ac4c41b5f2"
score = 70
quality = 85
@@ -356859,8 +357271,8 @@ rule SIGNATURE_BASE_Universal_Exploit_Strings : FILE
date = "2017-12-02"
modified = "2023-12-05"
reference = "not set"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L114-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L114-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6436a1cf6d0acc3162ec99c95ef20b3e6dd110c77d5a0b26ac790551316c0a69"
score = 50
quality = 85
@@ -356886,8 +357298,8 @@ rule SIGNATURE_BASE_VBS_Obfuscated_Mal_Feb18_1 : FILE
date = "2018-02-12"
modified = "2023-12-05"
reference = "https://goo.gl/zPsn83"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_scripts.yar#L133-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_scripts.yar#L133-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bbd388a3103744df2434956c2b7ac12dacd72f9041b4cc014d31eec4115aedd"
score = 75
quality = 85
@@ -356918,8 +357330,8 @@ rule SIGNATURE_BASE_APT_UTA028_Forensicartefacts_Paloalto_CVE_2024_3400_Apr24_1
date = "2024-04-15"
modified = "2024-04-18"
reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L2-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L2-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1261eecca520daa0619859a45d2289d2c23c73be55e1a3849d2032a38e137f4d"
score = 70
quality = 85
@@ -356947,8 +357359,8 @@ rule SIGNATURE_BASE_EXPL_Paloalto_CVE_2024_3400_Apr24_1 : CVE_2024_3400
date = "2024-04-15"
modified = "2025-03-21"
reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L27-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L27-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ebc94a07b189a2d2dd252b5079fa494162739678fd2ca742e6877189a140da9"
score = 70
quality = 85
@@ -356973,8 +357385,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Base64_Download_Exec_Apr24 : SCRIPT
date = "2024-04-18"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L48-L65"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L48-L65"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "90b7781812b4078550b0d66ba020b3bb0a8217f2de03492af98db6c619f31929"
score = 75
quality = 85
@@ -356998,8 +357410,8 @@ rule SIGNATURE_BASE_SUSP_PY_Import_Statement_Apr24_1
date = "2024-04-15"
modified = "2025-03-21"
reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L67-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L67-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d5c199d9c3e449ca282f0ca91c94ac783709299b3489f7cec38177a2f843b504"
score = 65
quality = 85
@@ -357020,8 +357432,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Base64_Exec_Apr24 : SCRIPT CVE_2024_3400 FILE
date = "2024-04-18"
modified = "2025-03-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L81-L105"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L81-L105"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e96fb7c8faac12c1f0210689f2b3a7903b42a543b97ddff11298e5ae13cae80b"
score = 75
quality = 85
@@ -357047,8 +357459,8 @@ rule SIGNATURE_BASE_EXT_EXPL_ZTH_LNK_EXPLOIT_A : FILE
date = "2025-03-18"
modified = "2025-03-29"
reference = "https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_lnk_zdi_can_25373.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_lnk_zdi_can_25373.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2c6a7f0abd62d3eef916352f984d1fcc721cfba4f5de9d159de8fd428c02b31"
score = 75
quality = 85
@@ -357076,8 +357488,8 @@ rule SIGNATURE_BASE_Coinminer_Strings : SCRIPT HIGHVOL FILE
date = "2018-01-04"
modified = "2021-10-26"
reference = "https://minergate.com/faq/what-pool-address"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_cryptocoin_miner.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_cryptocoin_miner.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d63bf90560c83ab6c09e0c82b6a6449bca6e7e7d0945d3782c2fa9a726b2ca1"
score = 60
quality = 85
@@ -357101,8 +357513,8 @@ rule SIGNATURE_BASE_Coinhive_Javascript_Monerominer : HIGHVOL FILE
date = "2018-01-04"
modified = "2023-12-05"
reference = "https://coinhive.com/documentation/miner"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_cryptocoin_miner.yar#L20-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_cryptocoin_miner.yar#L20-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4146b034a9785f1bb7c60db62db0e478d960f2ac9adb7c5b74b365186578ca47"
score = 50
quality = 85
@@ -357124,8 +357536,8 @@ rule SIGNATURE_BASE_PUA_Cryptominer_Jan19_1 : FILE
date = "2019-01-31"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_cryptocoin_miner.yar#L35-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_cryptocoin_miner.yar#L35-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7097d404e0317230a5f60fc66fbcb2a2a5315f8fd348a7e689aaf75c26684f9e"
score = 80
quality = 85
@@ -357151,8 +357563,8 @@ rule SIGNATURE_BASE_PUA_Crypto_Mining_Commandline_Indicators_Oct21 : SCRIPT FILE
date = "2021-10-24"
modified = "2023-12-05"
reference = "https://www.poolwatch.io/coin/monero"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pua_cryptocoin_miner.yar#L54-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pua_cryptocoin_miner.yar#L54-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ae1a77d8ff02ec539ce2b8be668530c3f509f0c408dfa7f2b749b0a4d6f45b7"
score = 65
quality = 85
@@ -357187,8 +357599,8 @@ rule SIGNATURE_BASE_Dexter_Malware
date = "2015-02-10"
modified = "2023-12-05"
reference = "http://goo.gl/oBvy8b"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_dexter_trojan.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_dexter_trojan.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3b05bccce63c1f7e8d6d3f654b611f33da5fc1dbcbd28ff28f817d00bf961e64"
score = 70
quality = 60
@@ -357213,8 +357625,8 @@ rule SIGNATURE_BASE_Furtim_Nativedll : FILE
date = "2016-06-13"
modified = "2023-12-05"
reference = "MISP 3971"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_furtim.yar#L8-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_furtim.yar#L8-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f9673cdd1e8e38f98b9625291a03011d5cfce78c689eab491ff189c4e039e1ef"
score = 75
quality = 85
@@ -357240,8 +357652,8 @@ rule SIGNATURE_BASE_Furtim_Parent_1 : FILE
date = "2016-07-16"
modified = "2023-12-05"
reference = "https://sentinelone.com/blogs/sfg-furtims-parent/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_furtim.yar#L34-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_furtim.yar#L34-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab4c7ca5c887b2a2f2949a5a6fd0d623dad47d9c1f866fb43f7f8ec38dfa6a02"
score = 75
quality = 85
@@ -357269,8 +357681,8 @@ rule SIGNATURE_BASE_MAL_Crime_Win32_Rat_Parallax_Shell_Bin : FILE
date = "2020-05-05"
modified = "2023-12-05"
reference = "https://twitter.com/VK_Intel/status/1257714191902937088"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_rat_parallax.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_rat_parallax.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b8c71cc19ca6f066d27a4e58d9ec347ac51d245308f2c41adf2386242581610"
score = 75
quality = 85
@@ -357294,8 +357706,8 @@ rule SIGNATURE_BASE_Badrabbit_Gen : FILE
date = "2017-10-25"
modified = "2023-12-05"
reference = "https://pastebin.com/Y7pJv3tK"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_badrabbit.yar#L11-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_badrabbit.yar#L11-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21c63a02d0284ce759b087f4869c4ed8e6b50c37ffeb724538567e28aeae16ac"
score = 75
quality = 85
@@ -357333,8 +357745,8 @@ rule SIGNATURE_BASE_Badrabbit_Mimikatz_Comp : FILE
date = "2017-10-25"
modified = "2023-12-05"
reference = "https://pastebin.com/Y7pJv3tK"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_badrabbit.yar#L42-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_badrabbit.yar#L42-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9d12d9331686a54e8d32f94761e4889710bbd2432d4cb2e4e7e3f21ef6aa082a"
score = 75
quality = 85
@@ -357360,8 +357772,8 @@ rule SIGNATURE_BASE_Brooxml_Hunting : HUNTING FILE
date = "2024-11-27"
modified = "2025-06-02"
reference = "https://x.com/threatinsight/status/1861817946508763480"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_brooxml_dec24.yar#L2-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_brooxml_dec24.yar#L2-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a8d934fe9286c9d1c83a2a0676bb8a5f2501116b96cca32dc27136ecfb9325b"
score = 70
quality = 85
@@ -357390,8 +357802,8 @@ rule SIGNATURE_BASE_Brooxml_Phishing : PHISHING FILE
date = "2024-11-27"
modified = "2025-06-02"
reference = "https://x.com/threatinsight/status/1861817946508763480"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_brooxml_dec24.yar#L41-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_brooxml_dec24.yar#L41-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "884e0b65c6c8b916ca9bc28705134ae02d1705c13cf43bff78f0c9ada894b307"
score = 65
quality = 85
@@ -357413,8 +357825,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_LNK_Phishattachment_Pattern_Jun22_1 : FILE
date = "2022-06-23"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_phish_attachments.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_phish_attachments.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ff398379e3d8112991eeacd99bf9d3bafbf3e9266f012d2539d6b2661d5969e"
score = 65
quality = 85
@@ -357440,8 +357852,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_ISO_Phishattachment_Pattern_Jun22_1 : FILE
date = "2022-06-23"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_phish_attachments.yar#L23-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_phish_attachments.yar#L23-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21de56d6209050b429c0cce82fd334d1b38a2a3727db5ead06f36fa9d503e193"
score = 65
quality = 85
@@ -357467,8 +357879,8 @@ rule SIGNATURE_BASE_SUSP_Archive_Phishing_Attachment_Characteristics_Jun22_1 : F
date = "2022-06-29"
modified = "2023-12-05"
reference = "https://twitter.com/0xtoxin/status/1540524891623014400?s=12&t=IQ0OgChk8tAIdTHaPxh0Vg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_phish_attachments.yar#L43-L141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_phish_attachments.yar#L43-L141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "647044fa3b5cf6f0e9e738fa7b7d24f8918b7a7fb359342e1314d97b50debf87"
score = 65
quality = 60
@@ -357574,8 +357986,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Strings : FILE
date = "2019-06-25"
modified = "2023-12-04"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt3_bemstour.yar#L1-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt3_bemstour.yar#L1-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
logic_hash = "8aa7491b1dc3595f67ae1229d33f79261616b0f27485b7a27705db63a6111c07"
score = 75
@@ -357642,8 +358054,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Implant_Byte_Patch
date = "2019-06-25"
modified = "2023-12-04"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt3_bemstour.yar#L69-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt3_bemstour.yar#L69-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
logic_hash = "08de2c885ccb24cb247efdcc06bbcbea144d652744b2d38aaa2aabfd341e4f91"
score = 75
@@ -357674,8 +358086,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Implant_Command_Stack_Variable
date = "2019-06-25"
modified = "2023-12-04"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt3_bemstour.yar#L107-L275"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt3_bemstour.yar#L107-L275"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
logic_hash = "36710db313a52db2a0c0af356e701d3a36e5597203e87fd7f8586d202738be33"
score = 75
@@ -357767,8 +358179,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_1 : FILE
date = "2020-10-14"
modified = "2023-12-05"
reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_reddelta.yar#L2-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_reddelta.yar#L2-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f2406563b863b8ccd0fd8d8d33c576c4b82dabb55a1e4fa8291859323389834"
score = 75
quality = 85
@@ -357801,8 +358213,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_2 : FILE
date = "2020-10-14"
modified = "2023-12-05"
reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_reddelta.yar#L31-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_reddelta.yar#L31-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "179265c0b2175bc3d2d581a69e50e9b8b9cc918a6fdc7bcef42fb163c49b077a"
score = 75
quality = 85
@@ -357834,8 +358246,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_3 : FILE
date = "2020-10-14"
modified = "2022-12-21"
reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_reddelta.yar#L59-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_reddelta.yar#L59-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64402f6265f23abf7d6a711aa888c89386c1a754f12286b0efe5fd5d81f15b01"
score = 75
quality = 85
@@ -357861,8 +358273,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_1 : FILE
date = "2018-05-24"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_vpnfilter.yar#L11-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_vpnfilter.yar#L11-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aff7b1f3d4afaf883c2702287ef7d6e13e01e80222ba336978d13deb21a93614"
score = 75
quality = 85
@@ -357892,8 +358304,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_2 : FILE
date = "2018-05-24"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_vpnfilter.yar#L33-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_vpnfilter.yar#L33-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "238ec4575fd8adbfa592e07b601313c71a08be8c776e78469aef8ad02e411798"
score = 75
quality = 85
@@ -357918,8 +358330,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_3 : FILE
date = "2018-05-24"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_vpnfilter.yar#L50-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_vpnfilter.yar#L50-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71152b57f2d6040608febf32441e1899fdf2479335c26c1143ea58759e6d9094"
score = 75
quality = 85
@@ -357955,8 +358367,8 @@ rule SIGNATURE_BASE_SUSP_ELF_Tor_Client : FILE
date = "2018-05-24"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_vpnfilter.yar#L80-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_vpnfilter.yar#L80-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2b67b32c5b8441c9b38e3bfeefa7f59c2767e29985adcba7d52e858847d37e47"
score = 65
quality = 85
@@ -357981,8 +358393,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_1 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L56-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L56-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad8a7bb5a1d2065e3a573842fb37ee3c63b7695c18840f0c26d32e6ae3d99c6c"
score = 75
quality = 85
@@ -358003,8 +358415,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_2 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L69-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L69-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f5c50b340d628559799897a2ba79add7d126e3ecb2daeb365bc15d64796ccd2"
score = 75
quality = 85
@@ -358028,8 +358440,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_NV_Link_May21_2 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L85-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L85-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5eee9df368da3fc98c00a0f8c65a7f3bd5b812342082be58054b272b5bb03455"
score = 75
quality = 85
@@ -358051,8 +358463,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_Samples_May21_1 : FILE
date = "2021-05-27"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L99-L128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L99-L128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "32d76bb1af76f0fc2afb76d9726bc8ec99c4be34c9d46cebab7356d8c68af11c"
score = 85
quality = 85
@@ -358083,8 +358495,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_1 : FILE
date = "2021-05-27"
modified = "2025-03-20"
reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L130-L161"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L130-L161"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8199f309478e8ed3f03f75e7574a3e9bce09b4423bd7eb08bb5bff03af2b7c27"
logic_hash = "034ea34eb34ea6de0c65b9a7fc9d16f108ef34cd75294b022371ac17789c3830"
score = 85
@@ -358114,8 +358526,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_PDF_Masq_May21_1 : FILE
date = "2021-05-27"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L163-L182"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L163-L182"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8f1514648b2b797adfe3f8f5acb577c26707dfe1da942c9634be3d88a180a407"
score = 70
quality = 35
@@ -358140,8 +358552,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Nativezone_Loader_May21_1 : FILE
date = "2021-05-27"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L184-L204"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L184-L204"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a02fd6fcd7423781bbd2e4458bd61d28e16a5b1a73b1682e63db5c86d53c7da4"
score = 85
quality = 85
@@ -358168,8 +358580,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_2 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L206-L234"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L206-L234"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2a3829e704af2464639d07e8e7952669281e20cf2a7ac487d5d1eee021d08b35"
score = 75
quality = 85
@@ -358202,8 +358614,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_2 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L236-L252"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L236-L252"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18a52f5fd71455b8564d4b485c233dd358a304bfddc5e6fb604b8e5a2a1949a3"
score = 75
quality = 85
@@ -358228,8 +358640,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Stageless_Loader_May21_2 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L254-L276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L254-L276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "850f6a1ad342fd5e4bb29c7bf90a032ddd8ac9d2eac5ffcbedf43e4d04b178f5"
score = 75
quality = 85
@@ -358257,8 +358669,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_3 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L278-L300"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L278-L300"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "472acd1d6daf3480de59ecd3fa038d644e339dcc979cf7e56617eadc6cb32dc5"
score = 75
quality = 85
@@ -358287,8 +358699,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_4 : FILE
date = "2021-05-29"
modified = "2025-03-21"
reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt29_nobelium_may21.yar#L302-L323"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt29_nobelium_may21.yar#L302-L323"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d5858cc6dab094d5dceab75a2002d9145537008241a08ac7bd399c9d6e6c270"
score = 75
quality = 85
@@ -358315,8 +358727,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_SOMBRAT_May21_1 : FILE
date = "2021-05-01"
modified = "2023-01-07"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2447_sombrat.yar#L2-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2447_sombrat.yar#L2-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f2572745cbd68c5f2be5c64b160d2513938daba6da57523012491acc63cfee4"
score = 75
quality = 85
@@ -358352,8 +358764,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_RANSOM_Hellokitty_May21_1 : FILE
date = "2021-05-01"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2447_sombrat.yar#L38-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2447_sombrat.yar#L38-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "acc0ab5502d53c6e22c8650c29c5459a6106f33c398e4efcd963f54971a0c870"
score = 75
quality = 85
@@ -358393,8 +358805,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_RANSOM_Hellokitty_May21_2 : FILE
date = "2021-05-01"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2447_sombrat.yar#L74-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2447_sombrat.yar#L74-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1eee3a00ab3f70425d2b6bf5dc507155bf504b851ddb6515602d83d8b6a254b8"
score = 75
quality = 85
@@ -358425,8 +358837,8 @@ rule SIGNATURE_BASE_APT_UNC2447_PS1_WARPRISM_May21_1 : FILE
date = "2021-05-01"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2447_sombrat.yar#L101-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2447_sombrat.yar#L101-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "09abac2be0f12d31dabfdae9e8a148a28887a2a5df003c7bcb56ba45f1c6a62c"
score = 75
quality = 85
@@ -358453,8 +358865,8 @@ rule SIGNATURE_BASE_APT_UNC2447_BAT_Runner_May21_1 : FILE
date = "2021-05-01"
modified = "2023-01-07"
reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2447_sombrat.yar#L121-L135"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2447_sombrat.yar#L121-L135"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f9872327f648e4421aa40ca3ce55df5d3eb5e8c5bc718ff62a3d4adac79217eb"
score = 75
quality = 85
@@ -358477,8 +358889,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Sindoor_ELF_Obfuscation_Aug25 : FILE
date = "2025-08-29"
modified = "2025-09-02"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt36_operation_sindoor.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt36_operation_sindoor.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6879a2b730e391964afe4dbbc29667844ba0c29239be5503b7c86e59e7052443"
logic_hash = "c1258c1f6d4b49104bedf3fbef932f1775ede7d32191df2e5479ca9b291add9e"
score = 70
@@ -358500,8 +358912,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Sindoor_Desktopfile_Aug25 : FILE
date = "2025-08-29"
modified = "2025-09-02"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt36_operation_sindoor.yar#L18-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt36_operation_sindoor.yar#L18-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9943bdf1b2a37434054b14a1a56a8e67aaa6a8b733ca785017d3ed8c1173ac59"
logic_hash = "1549aac3132c5f3e73d984c3404a5530507e967df4ab6d5ccd408abc874a5306"
score = 70
@@ -358525,8 +358937,8 @@ rule SIGNATURE_BASE_MAL_Sindoor_Decryptor_Aug25 : FILE
date = "2025-08-29"
modified = "2025-09-02"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt36_operation_sindoor.yar#L36-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt36_operation_sindoor.yar#L36-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9a1adb50bb08f5a28160802c8f315749b15c9009f25aa6718c7752471db3bb4b"
logic_hash = "4172fd9aee39a1a0681483f6dada6394debc62149a588ab4807e3016a823bed3"
score = 80
@@ -358552,8 +358964,8 @@ rule SIGNATURE_BASE_MAL_Sindoor_Downloader_Aug25 : FILE
date = "2025-08-29"
modified = "2025-09-02"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt36_operation_sindoor.yar#L62-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt36_operation_sindoor.yar#L62-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "38b6b93a536cbab5c289fe542656d8817d7c1217ad75c7f367b15c65d96a21d4"
logic_hash = "c55be65cd077cb04b625636dffcb02af74efa06bb49da734c8616da233a34d1a"
score = 80
@@ -358579,8 +358991,8 @@ rule SIGNATURE_BASE_LNK_Malicious_Nov1 : FILE
date = "2017-11-06"
modified = "2023-12-05"
reference = "https://www.virustotal.com/en/file/ee069edc46a18698fa99b6d2204895e6a516af1a306ea986a798b178f289ecd6/analysis/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_link.yar#L2-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_link.yar#L2-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a1aa29497a0e4741807e3d74d54be69061aed21524c5f901615bd21e2ef13c67"
score = 60
quality = 81
@@ -358610,8 +359022,8 @@ rule SIGNATURE_BASE_Teledoor_Backdoor : FILE
date = "2017-07-05"
modified = "2023-12-05"
reference = "https://goo.gl/CpfJQQ"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_teledoor.yar#L11-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_teledoor.yar#L11-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "785360fa19a61a547309fc7a8968c94d4887be001c6a66b41c7adb9dcd13cb82"
score = 75
quality = 85
@@ -358638,8 +359050,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_1 : FILE
date = "2023-11-25"
modified = "2025-12-19"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc3886_virtualpita.yar#L1-L13"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc3886_virtualpita.yar#L1-L13"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe34b7c071d96dac498b72a4a07cb246"
logic_hash = "7641f964cc4a7671a9a3438aad1c653ef3fda3887313846cbe838b275a098190"
score = 60
@@ -358661,8 +359073,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_2 : FILE
date = "2022-10-01"
modified = "2025-12-19"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc3886_virtualpita.yar#L15-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc3886_virtualpita.yar#L15-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe34b7c071d96dac498b72a4a07cb246"
logic_hash = "56a3e1b13f0955a780f882e62003f721e409a1fdf61120dd295941605dbf21a4"
score = 75
@@ -358684,8 +359096,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_3 : FILE
date = "2022-10-01"
modified = "2025-12-19"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc3886_virtualpita.yar#L27-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc3886_virtualpita.yar#L27-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe34b7c071d96dac498b72a4a07cb246"
logic_hash = "6f44d516b3cbe54542ae0991aad49274fc4728570e9498b319fc98840ceb7d7d"
score = 75
@@ -358707,8 +359119,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_4 : FILE
date = "2022-10-01"
modified = "2025-12-19"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc3886_virtualpita.yar#L39-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc3886_virtualpita.yar#L39-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe34b7c071d96dac498b72a4a07cb246"
logic_hash = "aaf2ff682c619d2a254fe069d477654a161658db6315239f1b956141b6a72c01"
score = 75
@@ -358730,12 +359142,12 @@ rule SIGNATURE_BASE_M_Hunting_Python_Backdoor_Commandparser_1 : FILE
date = "2022-10-01"
modified = "2025-12-19"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc3886_virtualpita.yar#L52-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc3886_virtualpita.yar#L52-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "61ab3f6401d60ec36cd3ac980a8deb75"
logic_hash = "4c6e65d73543b2ae8e1c0e9a919501a3624fb06d4355a296ae8abb6762d37a1f"
score = 50
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -358758,8 +359170,8 @@ rule SIGNATURE_BASE_LOG_F5_BIGIP_Exploitation_Artefacts_CVE_2021_22986_Mar21_1 :
date = "2021-03-20"
modified = "2023-12-05"
reference = "https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_f5_bigip_cve_2021_22986_log.yar#L2-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_f5_bigip_cve_2021_22986_log.yar#L2-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "748bb429d4a086e2890773558ea502ef06f507aed5f0f70470e2cd97a3fd5007"
score = 80
quality = 85
@@ -358781,8 +359193,8 @@ rule SIGNATURE_BASE_Casper_Backdoor_X86 : FILE
date = "2015-03-05"
modified = "2023-01-27"
reference = "http://goo.gl/VRJNLo"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_casper.yar#L4-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_casper.yar#L4-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f4c39eddef1c7d99283c7303c1835e99d8e498b0"
logic_hash = "027457a3d86c0a7924fd6eb09c4a753cc846ba45f0b04257d9eec396bbc27f75"
score = 80
@@ -358817,8 +359229,8 @@ rule SIGNATURE_BASE_Casper_EXE_Dropper
date = "2015-03-05"
modified = "2023-12-05"
reference = "http://goo.gl/VRJNLo"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_casper.yar#L37-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_casper.yar#L37-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e4cc35792a48123e71a2c7b6aa904006343a157a"
logic_hash = "8ffba5598078fdadf2d9e8ee7fe0fef8b3b89517490a379d46cab33cd0036d6e"
score = 80
@@ -358848,8 +359260,8 @@ rule SIGNATURE_BASE_Casper_Included_Strings : FILE
date = "2015-03-06"
modified = "2023-12-05"
reference = "http://goo.gl/VRJNLo"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_casper.yar#L60-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_casper.yar#L60-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8796f45e459747db6bc08f362db7b152242f9f5bda3b72ddfc739cc9dcdfc55f"
score = 50
quality = 85
@@ -358879,8 +359291,8 @@ rule SIGNATURE_BASE_Casper_Systeminformation_Output
date = "2015-03-06"
modified = "2023-12-05"
reference = "http://goo.gl/VRJNLo"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_casper.yar#L85-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_casper.yar#L85-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "83c6216bc3e7fadfe81b9bbaca7b14e3398e972f8298c99a8eb576a40e4b4e1b"
score = 70
quality = 85
@@ -358908,8 +359320,8 @@ rule SIGNATURE_BASE_APT30_Generic_H : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L10-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L10-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4affe7dc01efc4d6c25aaae4679bc1f8fddd97794e351d30501eaeb8e1d1dea"
score = 75
quality = 85
@@ -358935,8 +359347,8 @@ rule SIGNATURE_BASE_APT30_Sample_2 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L28-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L28-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0359ffbef6a752ee1a54447b26e272f4a5a35167"
logic_hash = "e34dbb90fc868b0619d3d2aa1b6176252836a6ae72e6f52b1eba632054f7c272"
score = 75
@@ -358963,8 +359375,8 @@ rule SIGNATURE_BASE_APT30_Sample_3 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L47-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L47-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d0320144e65c9af0052f8dee0419e8deed91b61b"
logic_hash = "ee61ec1fdf27fa21bcc235fce0ab8dc74968b39a747648ce828fb4826cf1d234"
score = 75
@@ -358991,8 +359403,8 @@ rule SIGNATURE_BASE_APT30_Generic_C : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L66-L88"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L66-L88"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b969565eac3b6f548318aae4edc8d8851f522a6c263bcaf2a466ff0ca9af78a4"
score = 75
quality = 85
@@ -359024,8 +359436,8 @@ rule SIGNATURE_BASE_APT30_Sample_4 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L90-L108"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L90-L108"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "75367d8b506031df5923c2d8d7f1b9f643a123cd"
logic_hash = "ec9542acb583bd5812d561bea70e89e0fcddc1eaef14d3ea5b8ad29711ed17ae"
score = 75
@@ -359053,8 +359465,8 @@ rule SIGNATURE_BASE_APT30_Sample_5 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L110-L127"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L110-L127"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1a2dd2a0555dc746333e7c956c58f7c4cdbabd4b"
logic_hash = "3738076d97bf19404bad20c2419eae83dd2b65400d5bd135ffe73362c008de9b"
score = 75
@@ -359081,8 +359493,8 @@ rule SIGNATURE_BASE_APT30_Sample_6 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L129-L143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L129-L143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "00e69b059ad6b51b76bc476a115325449d10b4c0"
logic_hash = "139719139056f575967629f0153e0a05239bc26f61f6d4324cfb6a816518c3df"
score = 75
@@ -359106,8 +359518,8 @@ rule SIGNATURE_BASE_APT30_Sample_7 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L145-L163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L145-L163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "868d1f4c106a08bd2e5af4f23139f0e0cd798fba"
logic_hash = "f7922d795bc92714a9ef4861bc9c4ac9921a73749e3aa1d5f7dbc3c991fe7145"
score = 75
@@ -359135,8 +359547,8 @@ rule SIGNATURE_BASE_APT30_Generic_E : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L165-L183"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L165-L183"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5ccf1f1334dc300d13aa8dbc080d2d839815d102958fde2b8709c11f522412fd"
score = 75
quality = 85
@@ -359164,8 +359576,8 @@ rule SIGNATURE_BASE_APT30_Sample_8 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L185-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L185-L201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9531e21652143b8b129ab8c023dc05fef2a17cc3"
logic_hash = "bff21d517e97d2b13dff2b5ebc9a5b82b8f7635943c89f992b41d269623cd498"
score = 75
@@ -359191,8 +359603,8 @@ rule SIGNATURE_BASE_APT30_Generic_B : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L203-L222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L203-L222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "527c823607836f138369224b7d8d492d36d9ab7a150e64fd5ebbaf99538d6d53"
score = 75
quality = 85
@@ -359221,8 +359633,8 @@ rule SIGNATURE_BASE_APT30_Generic_I : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L224-L240"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L224-L240"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e6f0edcbf6e0590c8b4a558142053d5938e86d13d65787f02336dc2a173d5963"
score = 75
quality = 85
@@ -359248,8 +359660,8 @@ rule SIGNATURE_BASE_APT30_Sample_9 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L242-L263"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L242-L263"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "442bf8690401a2087a340ce4a48151c39101652f"
logic_hash = "0c5465bdafcbca02f855a0cba1fbb4c19d8d21b714dbe777b942dcd1a7acb257"
score = 75
@@ -359280,8 +359692,8 @@ rule SIGNATURE_BASE_APT30_Sample_10 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L264-L283"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L264-L283"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "eb518cda3c4f4e6938aaaee07f1f7db8ee91c901"
logic_hash = "5a6bd8223fbce133bd11b903edfd7f8ff5a436e26a47c048a5ac606ad4a0b564"
score = 75
@@ -359310,8 +359722,8 @@ rule SIGNATURE_BASE_APT30_Sample_11 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L285-L312"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L285-L312"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "59066d5d1ee3ad918111ed6fcaf8513537ff49a6"
logic_hash = "5e86b53591caa7c783a946205a3d04f91c71294d844e6f6ee88c3bc78e603ea0"
score = 75
@@ -359348,8 +359760,8 @@ rule SIGNATURE_BASE_APT30_Sample_12 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L314-L329"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L314-L329"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b02b5720ff0f73f01eb2ba029a58b645c987c4bc"
logic_hash = "997c91267f956bd7d2a7edca9817ebc80bbf1eed944b3bc01cc8bb01927deb1e"
score = 75
@@ -359374,8 +359786,8 @@ rule SIGNATURE_BASE_APT30_Sample_13 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L331-L349"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L331-L349"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a359f705a833c4a4254443b87645fd579aa94bcf"
logic_hash = "cd5285e8b78493b64704cec21c13d0a017d66936aa8356cfea2aa77c6f87b9e7"
score = 75
@@ -359403,8 +359815,8 @@ rule SIGNATURE_BASE_APT30_Sample_14 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L351-L367"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L351-L367"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b0740175d20eab79a5d62cdbe0ee1a89212a8472"
logic_hash = "e5f352b1aa643b9508c01bbe921197ebd8992ec94036b869c55970f0177164d3"
score = 75
@@ -359430,8 +359842,8 @@ rule SIGNATURE_BASE_APT30_Sample_15 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L369-L387"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L369-L387"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7a8576804a2bbe4e5d05d1718f90b6a4332df027"
logic_hash = "5179f39bdcb064f55479ad147a019dd0b3874783c6bad650e84cfd9d0430bb70"
score = 75
@@ -359459,8 +359871,8 @@ rule SIGNATURE_BASE_APT30_Sample_16 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L389-L407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L389-L407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "066d06ac08b48d3382d46bbeda6ad411b6d6130e"
logic_hash = "59ea90ac0590bd87a48fabf1a3fa7ece31560b980b738a34227937bbf82a1c55"
score = 75
@@ -359488,8 +359900,8 @@ rule SIGNATURE_BASE_APT30_Generic_A : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L409-L429"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L409-L429"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c20660a8a55c6c6cb058fb233e0b29e1e4be2683181dbdfb06e17037d0ed8c31"
score = 75
quality = 85
@@ -359519,8 +359931,8 @@ rule SIGNATURE_BASE_APT30_Sample_17 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L431-L445"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L431-L445"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c3aa52ff1d19e8fc6704777caf7c5bd120056845"
logic_hash = "43913151325fbce993dbfec0acf64ca835b12270c47156ae81b0ce4f32c7bde1"
score = 75
@@ -359544,8 +359956,8 @@ rule SIGNATURE_BASE_APT30_Sample_18 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L446-L466"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L446-L466"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "355436a16d7a2eba8a284b63bb252a8bb1644751"
logic_hash = "d20f1d1b7b43defc36c7b1f99f14ed9e73e770b6f43d0ad92110cf9178b35b15"
score = 75
@@ -359575,8 +359987,8 @@ rule SIGNATURE_BASE_APT30_Generic_G : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L468-L489"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L468-L489"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1612b392d6145bfb0c43f8a48d78c75f"
hash = "53f1358cbc298da96ec56e9a08851b4b"
hash = "c2acc9fc9b0f050ec2103d3ba9cb11c0"
@@ -359607,8 +360019,8 @@ rule SIGNATURE_BASE_APT30_Sample_19 : FILE
date = "2015-04-03"
modified = "2023-01-06"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L491-L517"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L491-L517"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cfa438449715b61bffa20130df8af778ef011e15"
logic_hash = "9127ae31c5b818a2759f9d33c74c8631079539e7fa8e49e5514b016df2624065"
score = 75
@@ -359642,8 +360054,8 @@ rule SIGNATURE_BASE_APT30_Generic_E_V2 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L519-L535"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L519-L535"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "eca53a9f6251ddf438508b28d8a483f91b99a3fd"
logic_hash = "25a7e5780f56b4f9cfb76494926c446a39a88bef2cda82b31e6de2b85c5edbda"
score = 75
@@ -359669,8 +360081,8 @@ rule SIGNATURE_BASE_APT30_Sample_20 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L537-L557"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L537-L557"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b1c37632e604a5d1f430c9351f87eb9e8ea911c0"
logic_hash = "f94cbd4b8e7ba302db9ac4ef3617bd68aa0aa1ee3cfc6dfee4621223bbdae3c5"
score = 75
@@ -359700,8 +360112,8 @@ rule SIGNATURE_BASE_APT30_Sample_21 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L559-L575"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L559-L575"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d315daa61126616a79a8582145777d8a1565c615"
logic_hash = "e3e431bb6915d99b8aa1915419b60ba47372005b9b4994a924746a91bad80310"
score = 75
@@ -359727,8 +360139,8 @@ rule SIGNATURE_BASE_APT30_Sample_22 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L577-L595"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L577-L595"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0d17a58c24753e5f8fd5276f62c8c7394d8e1481"
logic_hash = "88a45d248eba7b9776e2e7d345d2948e00a94a7e359acb89d1943be55ab342ad"
score = 75
@@ -359756,8 +360168,8 @@ rule SIGNATURE_BASE_APT30_Generic_F : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L597-L615"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L597-L615"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4997b52e0cc12a1a0c84cec3565dd9e6b486ccef4eb8791c566c7a534d36e3ff"
score = 75
quality = 85
@@ -359785,8 +360197,8 @@ rule SIGNATURE_BASE_APT30_Sample_23 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L617-L637"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L617-L637"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9865e24aadb4480bd3c182e50e0e53316546fc01"
logic_hash = "64ff048b061431e0834ac40bfccb0d9e8ca60ffb022578ef910e6ffc511be6ed"
score = 75
@@ -359816,8 +360228,8 @@ rule SIGNATURE_BASE_APT30_Sample_24 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L639-L658"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L639-L658"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "572caa09f2b600daa941c60db1fc410bef8d1771"
logic_hash = "9d550fd0225f1c4e3b16ae53648644d7bb5c80e99e2a1a3d199e51c7219c2e94"
score = 75
@@ -359846,8 +360258,8 @@ rule SIGNATURE_BASE_APT30_Sample_25 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L660-L679"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L660-L679"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "44a21c8b3147fabc668fee968b62783aa9d90351"
logic_hash = "86945188f888762ae585463df7cfb6e5fed30d0fcfcca4e642aedf07a0193ae7"
score = 75
@@ -359876,8 +360288,8 @@ rule SIGNATURE_BASE_APT30_Sample_26 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L681-L700"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L681-L700"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e26588113417bf68cb0c479638c9cd99a48e846d"
logic_hash = "b585687c071dc2dddb888906f47b7af6bc7683e902d3afb42364896e800fac5c"
score = 75
@@ -359906,8 +360318,8 @@ rule SIGNATURE_BASE_APT30_Generic_D : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L702-L725"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L702-L725"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ff39fc7643441652ec0cdf2f84c7827d326ddb5f01451b3857cfc4015eb01467"
score = 75
quality = 85
@@ -359940,8 +360352,8 @@ rule SIGNATURE_BASE_APT30_Sample_27 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L727-L746"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L727-L746"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "959573261ca1d7e5ddcd19447475b2139ca24fe1"
logic_hash = "5ef0661c5c04f0f0923548509363971011194a16e4308fcfdea5db90e85518a4"
score = 75
@@ -359970,8 +360382,8 @@ rule SIGNATURE_BASE_APT30_Sample_28 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L748-L776"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L748-L776"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d246a188ad9ec69948bef6018bab1e7a244c76dcf511c3f9d16024ef7e369ae2"
score = 75
quality = 85
@@ -360009,8 +360421,8 @@ rule SIGNATURE_BASE_APT30_Sample_29 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L778-L798"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L778-L798"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "44492c53715d7c79895904543843a321491cb23a"
logic_hash = "7a59118ba00413961e6fc4d54680373d033a38d698613f853f67137b85c123a7"
score = 75
@@ -360040,8 +360452,8 @@ rule SIGNATURE_BASE_APT30_Sample_30 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L800-L817"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L800-L817"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3b684fa40b4f096e99fbf535962c7da5cf0b4528"
logic_hash = "5ecfc8d53b768f624c8765f70708bfaae5396d7aa6b0335f7c656f4350649c5d"
score = 75
@@ -360068,8 +360480,8 @@ rule SIGNATURE_BASE_APT30_Sample_31 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L819-L836"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L819-L836"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8b4271167655787be1988574446125eae5043aca"
logic_hash = "003bfa9774d3e85829cc266d06417b86287986994995adfa7a2bd26c3648c07e"
score = 75
@@ -360096,8 +360508,8 @@ rule SIGNATURE_BASE_APT30_Generic_J : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L838-L869"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L838-L869"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7c404689b60fe493ca9b503902173ac04d7bb00488edec9e69006e6d51e20c51"
score = 75
quality = 85
@@ -360138,8 +360550,8 @@ rule SIGNATURE_BASE_APT30_Microfost : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L871-L885"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L871-L885"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "57169cb4b8ef7a0d7ebd7aa039d1a1efd6eb639e"
logic_hash = "1fe5be3a88859fd3d485adfba92cf117afedc739bd0a46c039124919c3b81361"
score = 75
@@ -360163,8 +360575,8 @@ rule SIGNATURE_BASE_APT30_Generic_K : FILE
date = "2015-04-03"
modified = "2023-01-06"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L887-L917"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L887-L917"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "142bc01ad412799a7f9ffed994069fecbd5a2f93"
logic_hash = "eed03bb4290eef0ad1cf362a157923aa1fb8faa9305b5aaba3563d0a4e65e1a5"
score = 75
@@ -360201,8 +360613,8 @@ rule SIGNATURE_BASE_APT30_Sample_33 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L919-L939"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L919-L939"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "72c568ee2dd75406858c0294ccfcf86ad0e390e4"
logic_hash = "295c2d9fcf1c3bab54650fd1d203dfb8c12269945aad8927066ef6f815abea69"
score = 75
@@ -360232,8 +360644,8 @@ rule SIGNATURE_BASE_APT30_Sample_34 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L941-L960"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L941-L960"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "216868edbcdd067bd2a9cce4f132d33ba9c0d818"
logic_hash = "2406f9613585669f88c389ea9729a089f6aef13fba46d60b713f51cd3a946b5d"
score = 75
@@ -360262,8 +360674,8 @@ rule SIGNATURE_BASE_APT30_Sample_35 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L962-L977"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L962-L977"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "df48a7cd6c4a8f78f5847bad3776abc0458499a6"
logic_hash = "a70d9471215ddcfe84a39b33f53c4114b205aa2cc95cd93081afe442ee2b8b42"
score = 75
@@ -360288,8 +360700,8 @@ rule SIGNATURE_BASE_APT30_Sample_1 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L979-L996"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L979-L996"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8cea83299af8f5ec6c278247e649c9d91d4cf3bc"
logic_hash = "5f20b60b8721d62731708630a3443741c956304c553f651572282336995f6d4f"
score = 75
@@ -360316,8 +360728,8 @@ rule SIGNATURE_BASE_APT30_Generic_1 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L998-L1031"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L998-L1031"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a2d4e8583286a3f44b49dc902143ee1ea321d26275c6cbcd54876e94b8cd2a3"
score = 75
quality = 85
@@ -360360,8 +360772,8 @@ rule SIGNATURE_BASE_APT30_Generic_2 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1032-L1087"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1032-L1087"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "56c9e58298c318b6dff2cce0ab896bb7bdd22429e6015b8fe72b8ad2f1f69d30"
score = 75
quality = 85
@@ -360426,8 +360838,8 @@ rule SIGNATURE_BASE_APT30_Generic_4 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1110-L1140"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1110-L1140"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d6a45baee2741c5ebb05fc3f17974a041cd37f665df1e67934b0928fc75f37c3"
score = 75
quality = 85
@@ -360467,8 +360879,8 @@ rule SIGNATURE_BASE_APT30_Generic_5 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1142-L1163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1142-L1163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a9d93d7dbf8c5e97ce77cf3fef4941a01c5b1c6bcee40c6f4ca7117d8aee289e"
score = 75
quality = 85
@@ -360499,8 +360911,8 @@ rule SIGNATURE_BASE_APT30_Generic_6 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1165-L1186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1165-L1186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ff7473e43e11e31fe6ad997009834f661a0120317e479184410456c99f72b613"
score = 75
quality = 85
@@ -360531,8 +360943,8 @@ rule SIGNATURE_BASE_APT30_Generic_7 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1188-L1206"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1188-L1206"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5a272cbeb46be9b120acdbe12d795eddc05765777e4157d818c2b91ea7b782b"
score = 75
quality = 85
@@ -360560,8 +360972,8 @@ rule SIGNATURE_BASE_APT30_Generic_8 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1207-L1232"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1207-L1232"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c240d2a35ce3d621d108d03d4e720ddf86e248047fb4dd7f9724e64020caa7f"
score = 75
quality = 85
@@ -360596,8 +361008,8 @@ rule SIGNATURE_BASE_APT30_Generic_9 : FILE
date = "2015-04-13"
modified = "2023-12-05"
reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt30_backspace.yar#L1234-L1255"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt30_backspace.yar#L1234-L1255"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b30c2f0bd654371bf3ac4f9d4e700e1544b62a6c0a072d506160c443fc5fe9d"
score = 75
quality = 85
@@ -360628,11 +361040,11 @@ rule SIGNATURE_BASE_SUSP_Obfuscated_JS_Obfuscatorio : HIGHVOL FILE
date = "2021-08-25"
modified = "2023-12-05"
reference = "https://obfuscator.io"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_js_obfuscatorio.yar#L1-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_js_obfuscatorio.yar#L1-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "813df8459e4a53a084dc1f902713af74747a0c2f4ef535e682de38acba9b0e5e"
score = 50
- quality = 60
+ quality = 85
tags = "HIGHVOL, FILE"
strings:
@@ -360660,8 +361072,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen1 : FILE
date = "2016-10-12"
modified = "2023-12-05"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L12-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L12-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "17dbf53ba6e27b230e3357963162a1805c6460cdadce8bba68953a97f699e1b7"
score = 75
quality = 85
@@ -360717,8 +361129,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal1 : FILE
date = "2016-10-12"
modified = "2023-12-05"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L69-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L69-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5fc4329bb639765890c49907860883b96d278381b83307c906f624e6645dedd"
score = 75
quality = 85
@@ -360745,8 +361157,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen2 : FILE
date = "2016-10-12"
modified = "2023-01-07"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L88-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L88-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "861ae1696aaa89c81d04214e67d77d98ae85bd7f64ae2979fbe932dc696fd32c"
score = 75
quality = 85
@@ -360777,8 +361189,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen3 : FILE
date = "2016-10-12"
modified = "2023-01-07"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L112-L129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L112-L129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ccc110b04ea3ee9a19ff23babbc759b4ec6114f8b5eb4f42bc5f70f8abde8a53"
score = 75
quality = 85
@@ -360804,8 +361216,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal2 : FILE
date = "2016-10-12"
modified = "2023-12-05"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L131-L149"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L131-L149"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b1de7dc3c205c78825f52ea30608b10bafa2c486db53693aa90aa07138fb1a87"
score = 75
quality = 85
@@ -360833,8 +361245,8 @@ rule SIGNATURE_BASE_Oilrig_Campaign_Reconnaissance : FILE
date = "2016-10-12"
modified = "2023-12-05"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L151-L166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L151-L166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "04c9f482c0c4abc1bf316459dc3085154defadb0fd5fe74ff274d8b3ee807b7f"
score = 75
quality = 85
@@ -360859,8 +361271,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal3 : FILE
date = "2016-10-12"
modified = "2023-12-05"
reference = "https://goo.gl/QMRZ8K"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L168-L183"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L168-L183"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "62a6f6c4e574a3c577f0b1fdd85eaa3e775a7ae0e457c59a6b6f741ad895e510"
score = 75
quality = 85
@@ -360886,8 +361298,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Nov17_13 : FILE
date = "2017-11-22"
modified = "2023-12-05"
reference = "https://twitter.com/ClearskySec/status/933280188733018113"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L185-L206"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L185-L206"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eab15229f084681b27cec7ed959ef4cd1193a0b38aaed4341dcd6761e2505804"
score = 75
quality = 85
@@ -360913,8 +361325,8 @@ rule SIGNATURE_BASE_Oilrig_Intelsecuritymanager_Macro : FILE
date = "2018-01-19"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L208-L233"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L208-L233"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "35e540b87bb7425b601fad76f0ff33c60a4d91579fc50f5902d708d06fa755f6"
score = 75
quality = 85
@@ -360948,8 +361360,8 @@ rule SIGNATURE_BASE_Oilrig_Intelsecuritymanager : FILE
date = "2018-01-19"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L235-L255"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L235-L255"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "97debd5e74730e22133f29c89a0cf049862459c24d1b46634a973908040db3a7"
score = 75
quality = 85
@@ -360979,8 +361391,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_1
date = "2019-04-17"
modified = "2023-12-05"
reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L267-L283"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L267-L283"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "afe203fdfcc9dcafb170bee972d45e66e5483a777112a00fa30516dfe81bbf88"
score = 75
quality = 85
@@ -361005,8 +361417,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_2
date = "2019-04-17"
modified = "2023-12-05"
reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L285-L304"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L285-L304"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57c8f02ebfb05f739fc4791a88be4a981ce7b89e2bd283669f85aae1a5c14d02"
score = 75
quality = 85
@@ -361034,8 +361446,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_3
date = "2019-04-17"
modified = "2023-01-06"
reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_oilrig.yar#L306-L326"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_oilrig.yar#L306-L326"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77ba71a59d6026c4b393bc66af586066e11b0c496367a38d847396a23b3dffbe"
score = 75
quality = 85
@@ -361064,8 +361476,8 @@ rule SIGNATURE_BASE_Windivert_Driver : FILE
date = "2017-10-02"
modified = "2023-12-05"
reference = "https://www.reqrypt.org/windivert.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_pua.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_pua.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db2933396e015e906114bd04f75a5b5caf0564494224f533a6e00c1fa5421568"
score = 40
quality = 85
@@ -361093,8 +361505,8 @@ rule SIGNATURE_BASE_SUSP_VEST_Encryption_Core_Accumulator_Jan21 : FILE
date = "2021-01-28"
modified = "2023-12-05"
reference = "https://twitter.com/ochsenmeier/status/1354737155495649280"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_jan21.yar#L2-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_jan21.yar#L2-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "41fe42b2f2b5fb54b7ff19b74a35aadd928be9a3c7280ee9feffc4a142924b07"
score = 70
quality = 85
@@ -361125,11 +361537,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Ivanti_EPMM_Mobileiron_Core_CVE_2023_35078_Jul23_1
date = "2023-07-25"
modified = "2023-12-05"
reference = "Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078 - Analysis Guidance"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ebc59032b7450aa438ca30170560c95550cda6ff7774b8ce1486309716da9e6c"
score = 75
- quality = 60
+ quality = 85
tags = "CVE-2023-35078"
strings:
@@ -361147,8 +361559,8 @@ rule SIGNATURE_BASE_MAL_WAR_Ivanti_EPMM_Mobileiron_Mi_War_Aug23 : CVE_2023_35078
date = "2023-08-01"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L16-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L16-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0083727e34118d628c8507459bfb7f949f11af8197e201066e29e263e2c3f944"
score = 85
quality = 85
@@ -361171,8 +361583,8 @@ rule SIGNATURE_BASE_MAL_WAR_Ivanti_EPMM_Mobileiron_Logclear_JAVA_Aug23 : CVE_202
date = "2023-08-01"
modified = "2023-12-05"
reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L34-L53"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L34-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c42c2eca784d7089aab56addca11bad658a4a6c34a81ae823bd0c3dad41a1c99"
score = 80
quality = 85
@@ -361198,8 +361610,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Xsltransform_Aug21 : FILE
date = "2020-02-23"
modified = "2023-12-05"
reference = "https://gist.github.com/JohnHammond/cdae03ca5bc2a14a735ad0334dcb93d6"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/webshell_xsl_transform.yar#L1-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/webshell_xsl_transform.yar#L1-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3ac0b50adc4c56769d0248e213e9426a22e0f5086bf081da57f835ff1c77b716"
score = 75
quality = 85
@@ -361225,8 +361637,8 @@ rule SIGNATURE_BASE_APT34_Malware_HTA : FILE
date = "2017-12-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt34.yar#L12-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt34.yar#L12-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bf9b988b3ef46df29e0f91c3ea186aaab8a1ccb79563e97521311bf2e1215d7"
score = 75
quality = 85
@@ -361255,8 +361667,8 @@ rule SIGNATURE_BASE_APT34_Malware_Exeruner : FILE
date = "2017-12-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt34.yar#L34-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt34.yar#L34-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "71840d9a0f8a5dc39656e6bf1ad94fa275bcd18baf6b374dfe040c161d62a960"
score = 75
quality = 85
@@ -361291,8 +361703,8 @@ rule SIGNATURE_BASE_APT_LNX_Academic_Camp_May20_Eraser_1 : FILE
date = "2020-05-16"
modified = "2023-12-05"
reference = "https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_academic_data_centers_camp_may20.yar#L1-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_academic_data_centers_camp_may20.yar#L1-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a0410e86fa8fb8b599e5b8a6508d6889eb6e26600f0ecf222561ac4a169676d"
score = 75
quality = 85
@@ -361317,8 +361729,8 @@ rule SIGNATURE_BASE_APT_LNX_Academic_Camp_May20_Loader_1 : FILE
date = "2020-05-16"
modified = "2023-12-05"
reference = "https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_academic_data_centers_camp_may20.yar#L20-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_academic_data_centers_camp_may20.yar#L20-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a73883f9fdf3d53694d9f9efec5f8f15994c5fd80c5f2a87b1741db6b954a023"
score = 75
quality = 85
@@ -361342,8 +361754,8 @@ rule SIGNATURE_BASE_B374K_Back_Connect : FILE
date = "2016-08-18"
modified = "2023-12-05"
reference = "Internal Analysis"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_b374k_extra.yar#L8-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_b374k_extra.yar#L8-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd89aefb6c1add44bfe2a706cd161a16f36a649f910ace16b641a7836525aa73"
score = 80
quality = 85
@@ -361368,11 +361780,11 @@ rule SIGNATURE_BASE_Chinachopper_Generic : FILE
date = "2015-03-10"
modified = "2022-10-27"
reference = "https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_webshell_chinachopper.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_webshell_chinachopper.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "34cb81b077d6dae5b4565001b2ab28897c6c554f00aa102601fb9c416c6c0f09"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
@@ -361394,8 +361806,8 @@ rule SIGNATURE_BASE_Projectm_Darkcomet_1 : FILE
date = "2016-03-26"
modified = "2023-01-27"
reference = "http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_m.yar#L10-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_m.yar#L10-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cc488690ce442e9f98bac651218f4075ca36c355d8cd83f7a9f5230970d24157"
logic_hash = "81ffaa382bb6f817fe2917a096a3eee49d2e8c281271da551ccd65679692712f"
score = 75
@@ -361423,8 +361835,8 @@ rule SIGNATURE_BASE_Projectm_Crimsondownloader : FILE
date = "2016-03-26"
modified = "2023-12-05"
reference = "http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_m.yar#L32-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_m.yar#L32-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "dc8bd60695070152c94cbeb5f61eca6e4309b8966f1aa9fdc2dd0ab754ad3e4c"
logic_hash = "3c9a4f5aca4c9fc26d371027a32e349a456ef25d6b403a66b9afb1ee19dd4d00"
score = 75
@@ -361452,8 +361864,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Royalcli : FILE
date = "2018-03-10"
modified = "2023-12-05"
reference = "https://goo.gl/HZ5XMN"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L13-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L13-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27fb5e8ff299201d1d13f4a45c401570f76ddfa4c3c1153eff50187170ada06e"
score = 75
quality = 85
@@ -361483,8 +361895,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Royaldns : FILE
date = "2018-03-10"
modified = "2023-12-05"
reference = "https://goo.gl/HZ5XMN"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L34-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L34-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d42f48d7d816c0b0ea05145e9dd43b1b2589f3131bf286e1b39c0efaf1c6fac"
score = 75
quality = 85
@@ -361514,8 +361926,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_BS2005 : FILE
date = "2018-03-10"
modified = "2023-12-05"
reference = "https://goo.gl/HZ5XMN"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L61-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L61-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "306903da4ecc9f5bf670d8c49039dee0ce5500c185acaef74786a2c109a4734b"
score = 75
quality = 85
@@ -361546,8 +361958,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Msexchangetool : FILE
date = "2018-03-10"
modified = "2023-12-05"
reference = "https://goo.gl/HZ5XMN"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L89-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L89-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4e9e29bc69383ab6248241622394afddde6e18032ed6e2b64575362773f25a94"
score = 75
quality = 85
@@ -361574,8 +361986,8 @@ rule SIGNATURE_BASE_Clean_Apt15_Patchedcmd : FILE
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L118-L131"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L118-L131"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "90d1f65cfa51da07e040e066d4409dc8a48c1ab451542c894a623bc75c14bf8f"
logic_hash = "08a68e14793d2f44ee75e49a43521c7d8bc1fc5ddd005e1fb71cc844966e16ba"
score = 75
@@ -361600,8 +362012,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royalcli_1 : FILE
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L133-L152"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L133-L152"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6df9b712ff56009810c4000a0ad47e41b7a6183b69416251e060b5c80cd05785"
logic_hash = "3cc0cd81db58e20fbf31fbd9fe65d113b7160e7d2b6739c01987d9e317099b9b"
score = 75
@@ -361632,8 +362044,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royalcli_2 : FILE
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L154-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L154-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c57ae92ba84355652cd56c8eaad3f277a8f514f8d078f053f3e8208b8bec535f"
score = 75
quality = 85
@@ -361658,8 +362070,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royaldll
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L196-L243"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L196-L243"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d"
logic_hash = "2ed0d38993a072da189f02233bd7cc0bf1be02e926f687db224f52de9b3a44fc"
score = 75
@@ -361689,8 +362101,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royaldll_2 : FILE
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L245-L261"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L245-L261"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d"
logic_hash = "94e2b61ff19b1377f461203cb22c607e718683691e54a3de3ed32bf6ed2897fa"
score = 75
@@ -361716,8 +362128,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Exchange_Tool : FILE
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L263-L283"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L263-L283"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d21a7e349e796064ce10f2f6ede31c71"
logic_hash = "e7b5ac97f3dcf125e64001be53aca73ee19c1be8b192a762f231106c47f76867"
score = 75
@@ -361749,8 +362161,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Generic
date = "2018-03-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt15.yar#L285-L307"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt15.yar#L285-L307"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e939a5ab4a4b2b289d5809e18dd57dd85e3da19a176719adba4707dfd605fc81"
score = 75
quality = 85
@@ -361773,8 +362185,8 @@ rule SIGNATURE_BASE_APT_UNC1151_Windowsinstaller_Silent_Installproduct_Macrometh
date = "2021-07-28"
modified = "2023-12-05"
reference = "Thttps://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc1151_ua.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc1151_ua.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aec1bb992061fdf1abf5c1a61cf9ec9e54c1f13be36ceb84890b058ade273b70"
score = 75
quality = 85
@@ -361800,8 +362212,8 @@ rule SIGNATURE_BASE_Enigmapacker_Rare : FILE
date = "2017-04-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_enigma_protector.yar#L8-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_enigma_protector.yar#L8-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a001b563db1b75581432d42a435683f24e244b6b354f83409b5b9d6d0314d63a"
score = 60
quality = 85
@@ -361825,8 +362237,8 @@ rule SIGNATURE_BASE_Enigma_Protected_Malware_May17_Rhxfiles : FILE
date = "2017-05-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_enigma_protector.yar#L25-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_enigma_protector.yar#L25-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "838ab7dddda798d2f5c79fc5417693f8489195b3024c43d9ad1aab05fcfd71eb"
score = 75
quality = 85
@@ -361850,8 +362262,8 @@ rule SIGNATURE_BASE_Enigma_Protected_Malware : FILE
date = "2017-02-03"
modified = "2023-12-05"
reference = "https://goo.gl/OEVQ9w"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_enigma_protector.yar#L41-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_enigma_protector.yar#L41-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a254d4d593b73d16d1cfbd73d7d4b2732a080cb98d70972de0826433b004152"
score = 75
quality = 85
@@ -361875,8 +362287,8 @@ rule SIGNATURE_BASE_Fidelis_Advisory_Purchase_Order_Pps
date = "2015-06-09"
modified = "2023-12-05"
reference = "http://goo.gl/ZjJyti"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fidelis_phishing_plain_sight.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fidelis_phishing_plain_sight.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "45cfee6413accff36a39ced861a29c611d6efe24e1ca87f17467106f8565642b"
score = 75
quality = 85
@@ -361898,8 +362310,8 @@ rule SIGNATURE_BASE_Fidelis_Advisory_Cedt370
date = "2015-06-09"
modified = "2023-12-05"
reference = "http://goo.gl/ZjJyti"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fidelis_phishing_plain_sight.yar#L16-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fidelis_phishing_plain_sight.yar#L16-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1070d3c63a7091c0982e67134f9dc3cd790bb0b5c2ac08f3a00e3b97ef53d64b"
score = 75
quality = 85
@@ -361923,8 +362335,8 @@ rule SIGNATURE_BASE_EXPL_HKTL_Macos_Switcharoo_CVE_2022_46689_Dec22 : CVE_2022_4
date = "2022-12-19"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_macos_switcharoo_dec22.yar#L2-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_macos_switcharoo_dec22.yar#L2-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c2cbe12a01a38db522c49143c5168d3519ef974b4e6157cb251aa66707c69d78"
score = 80
quality = 85
@@ -361963,8 +362375,8 @@ rule SIGNATURE_BASE_EXPL_Macos_Switcharoo_Indicator_Dec22 : CVE_2022_46689 FILE
date = "2022-12-19"
modified = "2023-12-05"
reference = "https://github.com/zhuowei/MacDirtyCowDemo"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_macos_switcharoo_dec22.yar#L42-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_macos_switcharoo_dec22.yar#L42-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b9ea134fc4b3a7b15ae585ced2e12cbe1defc54bc6175282d6b7a2a0b65abd1"
score = 65
quality = 85
@@ -361985,8 +362397,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_1
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L10-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L10-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8caa6bddef3c05e572ef342513190832900dcb1a7a56589ed7df48b3c6992ed1"
score = 75
quality = 85
@@ -362011,8 +362423,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_2 : FILE
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L43-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L43-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ecf992f8fd38b1ab3e05bfe05f260bcaf617f168484477aa81acb9b517b9f3e7"
score = 75
quality = 85
@@ -362036,8 +362448,8 @@ rule SIGNATURE_BASE_Stuxnet_Dll : FILE
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L59-L72"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L59-L72"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c192153c268fdd330d3b9e2eb0d8383bd50ce6d036409f0cc0c9273ba8201b3"
score = 75
quality = 85
@@ -362060,8 +362472,8 @@ rule SIGNATURE_BASE_Stuxnet_Shortcut_To : FILE
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L74-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L74-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8119500d38bcfc60620265386f31899e586f62e1ceeeff365fd0018ab39c30e"
score = 75
quality = 85
@@ -362084,8 +362496,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_3 : FILE
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L89-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L89-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8c546fb74b419d46bab855fa07a55833ab0a23eb4081ce24a5d4ab0e4bf09dc"
score = 75
quality = 85
@@ -362115,8 +362527,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_4 : FILE
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L112-L128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L112-L128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a4ad77490d17cf897c4639f0b9f9473267886e99a94b4f506670207497117764"
score = 75
quality = 85
@@ -362142,8 +362554,8 @@ rule SIGNATURE_BASE_Stuxnet_Maindll_Decrypted_Unpacked
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L130-L150"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L130-L150"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bec740cdb4c1748d0fb546691cf8feb38c0e61adad60c069c5866f5034cb7ed9"
score = 75
quality = 85
@@ -362173,8 +362585,8 @@ rule SIGNATURE_BASE_Stuxnet_S7Hkimdb : FILE
date = "2016-07-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stuxnet.yar#L152-L188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stuxnet.yar#L152-L188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a44063b6a542eca17f46802e9f644540f1d6b6cb9777c20ef9ea14e44c341a1c"
score = 75
quality = 85
@@ -362200,8 +362612,8 @@ rule SIGNATURE_BASE_MAL_Wshrat_Dotnet_Packer_Feb21 : FILE
date = "2021-03-09"
modified = "2023-12-05"
reference = "https://yoroi.company/research/threatening-within-budget-how-wsh-rat-is-abused-by-cyber-crooks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wsh_rat.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wsh_rat.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18159b140c314a00111fb9453e60d19c11633628a4fe2ad8299b839165b39424"
score = 75
quality = 85
@@ -362227,8 +362639,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Byteencoder_Jan25 : FILE
date = "2025-01-23"
modified = "2025-03-20"
reference = "https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/seaspy_backdoor_jan25.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/seaspy_backdoor_jan25.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3e0312ce8d0c1e5c192dbb93cac4770a1205c56dc9d02a0510c7e10a15251de5"
hash = "301d58a6a1819466e77209dbf8ca635cbee3b45516e5ee228fea50ae4a27b7d5"
hash = "957c0c135b50d1c209840ec7ead60912a5ccefd2873bf5722cb85354cea4eb37"
@@ -362256,8 +362668,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Stackstring_Technique_Jan25 : FILE
date = "2025-01-23"
modified = "2025-03-20"
reference = "https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/seaspy_backdoor_jan25.yar#L24-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/seaspy_backdoor_jan25.yar#L24-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0e65a80c6331a0e8d7df05ac217a8a7fe03b88f1d304f2ff0a26b92ed89153f3"
hash = "3e0312ce8d0c1e5c192dbb93cac4770a1205c56dc9d02a0510c7e10a15251de5"
hash = "301d58a6a1819466e77209dbf8ca635cbee3b45516e5ee228fea50ae4a27b7d5"
@@ -362285,8 +362697,8 @@ rule SIGNATURE_BASE_Mswin_Check_Lm_Group : FILE
date = "2015-06-13"
modified = "2021-03-15"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L9-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L9-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "115d87d7e7a3d08802a9e5fd6cd08e2ec633c367"
logic_hash = "74be6bd9c6e01cc4ec7785b6950c8cf6acf549c06990a9d1734f4a3487a04ba7"
score = 70
@@ -362311,8 +362723,8 @@ rule SIGNATURE_BASE_WAF_Bypass : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L30-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L30-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "860a9d7aac2ce3a40ac54a4a0bd442c6b945fa4e"
logic_hash = "e66d51b465e5d919555084d299a22f07a949a0a9adf4a3f246f6b5222d39b91a"
score = 75
@@ -362340,8 +362752,8 @@ rule SIGNATURE_BASE_Guilin_Veterans_Cookie_Spoofing_Tool : FILE
date = "2015-06-13"
modified = "2023-01-27"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L50-L67"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L50-L67"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "06b1969bc35b2ee8d66f7ce8a2120d3016a00bb1"
logic_hash = "5fd136f44ebce28db4f77f2f8730eb67fc4c2d58921b73378b8d87e1444a4b67"
score = 75
@@ -362367,8 +362779,8 @@ rule SIGNATURE_BASE_Marathontool : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L69-L84"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L69-L84"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "084a27cd3404554cc799d0e689f65880e10b59e3"
logic_hash = "2d52d640ef44d933791d1da0d1263dba15702180c730500e04d364dd6b4d6081"
score = 75
@@ -362393,8 +362805,8 @@ rule SIGNATURE_BASE_PLUGIN_Trackid : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L86-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L86-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a114181b334e850d4b33e9be2794f5bb0eb59a09"
logic_hash = "a62112dbf2ef696e4eb7f6787a0e0930c29d9834f46c87493954498fa4b375f6"
score = 75
@@ -362422,8 +362834,8 @@ rule SIGNATURE_BASE_Pc_Pc2015 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L106-L121"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L106-L121"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "de4f098611ac9eece91b079050b2d0b23afe0bcb"
logic_hash = "34d66d8b9e637c067ec2d9387b7b57458312d75892e33b95eb1095200799cf3b"
score = 75
@@ -362448,8 +362860,8 @@ rule SIGNATURE_BASE_Sekurlsa : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L123-L139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L123-L139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6acecd18fc7da1c5eb0d04e848aae9ce59d2b1b5"
logic_hash = "dea05c7f19a834cc936c452ca2f6f4286e6c3dae002747c27913960199451c3f"
score = 75
@@ -362475,8 +362887,8 @@ rule SIGNATURE_BASE_Mysqlfast : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L141-L159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L141-L159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "32b60350390fe7024af7b4b8fbf50f13306c546f"
logic_hash = "3ea75954831e705d0d25efa115288e66868d9b814f0990fd048bbe1209a8d933"
score = 75
@@ -362504,8 +362916,8 @@ rule SIGNATURE_BASE_Dtools2_02_Dtools : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L161-L179"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L161-L179"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9f99771427120d09ec7afa3b21a1cb9ed720af12"
logic_hash = "51e30d39f388546ac233b4b97a38f225c90d2f006bc509dd7eecfb408aef9be5"
score = 75
@@ -362533,8 +362945,8 @@ rule SIGNATURE_BASE_Dll_Packetx : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L181-L196"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L181-L196"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3f0908e0a38512d2a4fb05a824aa0f6cf3ba3b71"
logic_hash = "161d174376c599b1b794fa1174349ae12b198842d89769baec4b9664729a3983"
score = 50
@@ -362558,8 +362970,8 @@ rule SIGNATURE_BASE_Sqldbx_Zhs : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L198-L217"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L198-L217"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e34228345498a48d7f529dbdffcd919da2dea414"
logic_hash = "b0215d29c58c252c1717f08135eab65794a99ed669c2225bcba690ae7d7a034c"
score = 75
@@ -362588,8 +363000,8 @@ rule SIGNATURE_BASE_Ms10048_X86 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L219-L237"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L219-L237"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e57b453966e4827e2effa4e153f2923e7d058702"
logic_hash = "50e45cae87f5d1cc4903a16f9283dd751d90cde0c71f3124467b4ff15bd34f1b"
score = 75
@@ -362617,8 +363029,8 @@ rule SIGNATURE_BASE_Dos_Ch : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L239-L257"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L239-L257"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "60bbb87b08af840f21536b313a76646e7c1f0ea7"
logic_hash = "49ab2c75267c2ed5c15c8fbdc6fa0f8826f6e7a45a2861d6ba4b293ffca6bcd6"
score = 75
@@ -362646,8 +363058,8 @@ rule SIGNATURE_BASE_Dubrute_Dubrute : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L259-L275"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L259-L275"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8aaae91791bf782c92b97c6e1b0f78fb2a9f3e65"
logic_hash = "1e6d8bd24a37e3f4b7de88989251ae904128ff1bf766d4a4408ff8990c6dfd2f"
score = 75
@@ -362673,8 +363085,8 @@ rule SIGNATURE_BASE_Cookietools : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L277-L294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L277-L294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b6a3727fe3d214f4fb03aa43fb2bc6fadc42c8be"
logic_hash = "7f8c59ef58a92db15d8965e54ed6e26834e268581581af2a0ff98a6f46564e7e"
score = 75
@@ -362701,8 +363113,8 @@ rule SIGNATURE_BASE_Update_Pcinit : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L296-L314"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L296-L314"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a6facc4453f8cd81b8c18b3b3004fa4d8e2f5344"
logic_hash = "ee4b17dfb0d70464669edab1b7610efa607adb2918306ae6c50130024008a169"
score = 75
@@ -362730,8 +363142,8 @@ rule SIGNATURE_BASE_Dat_Nasllib : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L316-L331"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L316-L331"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fb0d4263118faaeed2d68e12fab24c59953e862d"
logic_hash = "7d2f3c67fe78028a51ba01c88d7eb62c38fe3c918bb03eee41b6583bc464ad78"
score = 75
@@ -362756,8 +363168,8 @@ rule SIGNATURE_BASE_Dos_1 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L333-L347"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L333-L347"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b554f0687a12ec3a137f321cc15e052ff219f28c"
logic_hash = "d4cf3e738743e5402602e045cf590b969dca2d6f7f1bdd57cc398df3392560d9"
score = 75
@@ -362781,8 +363193,8 @@ rule SIGNATURE_BASE_Othertools_Servu : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L349-L365"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L349-L365"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5c64e6879a9746a0d65226706e0edc7a"
logic_hash = "fda476bdcc0bb496331ca9f506a1221d401d8671d23f61f1b88219c688163169"
score = 75
@@ -362808,8 +363220,8 @@ rule SIGNATURE_BASE_Ustrrefadd : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L367-L384"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L367-L384"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b371b122460951e74094f3db3016264c9c8a0cfa"
logic_hash = "e44f180e081494e28b35b4129eb2c1817ed3e83f23d86f0d3dd4dcf27941cdf1"
score = 75
@@ -362836,8 +363248,8 @@ rule SIGNATURE_BASE_Xscanlib : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L386-L402"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L386-L402"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c5cb4f75cf241f5a9aea324783193433a42a13b0"
logic_hash = "ff18c527df9ff2a4d72bcc5e4905d6f42877d42536edcb13608c6e0e6773aa63"
score = 75
@@ -362863,8 +363275,8 @@ rule SIGNATURE_BASE_Idtools_For_Winxp_Idttool : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L404-L419"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L404-L419"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ebab6e4cb7ea82c8dc1fe4154e040e241f4672c6"
logic_hash = "9e14db3721afaba3ea5e9767afff593bf2b137306fe673acd7926bf6efc78391"
score = 75
@@ -362889,8 +363301,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11046 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L421-L438"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L421-L438"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f8414a374011fd239a6c6d9c6ca5851cd8936409"
logic_hash = "2fb36a589613f97d0c3a4da58c65352689062a8ba6d432b5f3cf3b51a7e77f8c"
score = 75
@@ -362917,8 +363329,8 @@ rule SIGNATURE_BASE_Cmdshell32 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L440-L455"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L440-L455"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3c41116d20e06dcb179e7346901c1c11cd81c596"
logic_hash = "cfe3d72d33d7a3c2b70d4fa0767a921c1cfcd360b2094af40b067789cace95af"
score = 75
@@ -362943,8 +363355,8 @@ rule SIGNATURE_BASE_Sniffer_Analyzer_Ssclone_1210_Full_Version : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L457-L473"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L457-L473"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6882125babb60bd0a7b2f1943a40b965b7a03d4e"
logic_hash = "982a213a106794e2cddb6148b3d3a119ae17fc318ad03237da1018e1859523d7"
score = 75
@@ -362970,8 +363382,8 @@ rule SIGNATURE_BASE_X64_Klock : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L475-L491"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L475-L491"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "44825e848bc3abdb6f31d0a49725bb6f498e9ccc"
logic_hash = "3fe00c08607d20daa055db2f551009ff1c447f1a651d4a78aba91621d53424f5"
score = 75
@@ -362997,8 +363409,8 @@ rule SIGNATURE_BASE_Dos_Down32 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L493-L508"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L493-L508"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0365738acd728021b0ea2967c867f1014fd7dd75"
logic_hash = "c1aaaaaaae2ea720d3fc1516d88d678895bcda81344e8c1f4f57e5a20e770123"
score = 75
@@ -363023,8 +363435,8 @@ rule SIGNATURE_BASE_Marathontool_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L510-L525"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L510-L525"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "75b5d25cdaa6a035981e5a33198fef0117c27c9c"
logic_hash = "7581b63a7bddeac93c65b2943b9f5f568464d8f300bc7385ca73880996bd390b"
score = 75
@@ -363049,8 +363461,8 @@ rule SIGNATURE_BASE_Scanms_Scanms : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L527-L544"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L527-L544"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "47787dee6ddea2cb44ff27b6a5fd729273cea51a"
logic_hash = "d6b33e603953194dab67104cbb9649710515050cf73afb18b2c9083a9e228e6d"
score = 75
@@ -363077,8 +363489,8 @@ rule SIGNATURE_BASE_CN_Tools_Pcshare : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L546-L565"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L546-L565"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ee7ba9784fae413d644cdf5a093bd93b73537652"
logic_hash = "57bd1629abe0af1345f505514b99deb4e63ebce7363f3b0abcb76e7201d9b7b7"
score = 75
@@ -363107,8 +363519,8 @@ rule SIGNATURE_BASE_Pw_Inspector : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L567-L582"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L567-L582"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4f8e3e101098fc3da65ed06117b3cb73c0a66215"
logic_hash = "3b54466d80692923b93689a9e43e30dfbc63e5982cb633120795817098d68e05"
score = 75
@@ -363133,8 +363545,8 @@ rule SIGNATURE_BASE_Dll_Loadex : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L584-L603"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L584-L603"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "213d9d0afb22fe723ff570cf69ff8cdb33ada150"
logic_hash = "588f4f4d0a2f8f8e76de0a5b1217191c1cace69f934582d4fc3c974fb94b8c3e"
score = 75
@@ -363163,8 +363575,8 @@ rule SIGNATURE_BASE_Dat_Report : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L605-L619"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L605-L619"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4582a7c1d499bb96dad8e9b227e9d5de9becdfc2"
logic_hash = "e3b21f37fae388958758af535727844d6e9696862fd9968340e1a619592c53b6"
score = 75
@@ -363188,8 +363600,8 @@ rule SIGNATURE_BASE_Dos_Iis7 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L621-L638"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L621-L638"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0a173c5ece2fd4ac8ecf9510e48e95f43ab68978"
logic_hash = "e0cbcb63cd2a542e6394792070392d393b2a3485f5a5ef3c6ba0f113ae9270ec"
score = 75
@@ -363216,8 +363628,8 @@ rule SIGNATURE_BASE_Switchsniffer : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L640-L654"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L640-L654"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1e7507162154f67dff4417f1f5d18b4ade5cf0cd"
logic_hash = "4c75473399a7d47b63c6247248fd2792c675740ac671028b1c0a8ba1a02f35aa"
score = 75
@@ -363241,8 +363653,8 @@ rule SIGNATURE_BASE_Dbexpora : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L656-L671"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L656-L671"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b55b007ef091b2f33f7042814614564625a8c79f"
logic_hash = "2dad6cedae6a3a446c2c4829516bffa5608ea4d1c13c907796cf4d13ec37965e"
score = 75
@@ -363267,8 +363679,8 @@ rule SIGNATURE_BASE_Sqlcracker : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L673-L690"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L673-L690"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1aa5755da1a9b050c4c49fc5c58fa133b8380410"
logic_hash = "3724f4b746da413f99880564ae72bc0de867120f1f7eacaf856d42492ebe359e"
score = 75
@@ -363295,8 +363707,8 @@ rule SIGNATURE_BASE_Freeversion_Debug : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L692-L711"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L692-L711"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d11e6c6f675b3be86e37e50184dadf0081506a89"
logic_hash = "f7f8302c70c5aed1885724a1bca4efdf0547cc5be62e7dd6bcd8cc2079f71f96"
score = 75
@@ -363325,8 +363737,8 @@ rule SIGNATURE_BASE_Dos_Look : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L713-L728"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L713-L728"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e1a37f31170e812185cf00a838835ee59b8f64ba"
logic_hash = "341c72eaa5db1953e008423374c3f322de0f8dc33fd8181362172982b52e2b8a"
score = 75
@@ -363351,8 +363763,8 @@ rule SIGNATURE_BASE_Ntgodmode : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L730-L747"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L730-L747"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8baac735e37523d28fdb6e736d03c67274f7db77"
logic_hash = "55efa908ebfcede207d3fe0b1072cce262af0e627e91ba8746e7a8924b8e75bd"
score = 75
@@ -363379,8 +363791,8 @@ rule SIGNATURE_BASE_Webcrack4_Routerpasswordcracking : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L749-L766"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L749-L766"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "00c68d1b1aa655dfd5bb693c13cdda9dbd34c638"
logic_hash = "48456f82163806852ecef3d71c2c8247f6c74c31ce28472c80a914a98247bdb3"
score = 75
@@ -363407,8 +363819,8 @@ rule SIGNATURE_BASE_Hscan_Gui : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L768-L783"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L768-L783"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1885f0b7be87f51c304b39bc04b9423539825c69"
logic_hash = "c87cfe78324638ac9d35c7fd1e47f24014c470b0892ceceaf394278d9706157b"
score = 75
@@ -363433,8 +363845,8 @@ rule SIGNATURE_BASE_S_Multifunction_Scanners_S : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L785-L809"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L785-L809"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "79b60ffa1c0f73b3c47e72118e0f600fcd86b355"
logic_hash = "96f0692c54d74388f8602a03475d95a2fcd89692dd189f9363592745a70c234b"
score = 75
@@ -363469,8 +363881,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dos_Getpass : FILE
modified = "2023-01-06"
old_rule_name = "Dos_GetPass"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L811-L830"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L811-L830"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d18d952b24110b83abd17e042f9deee679de6a1a"
logic_hash = "ea1410984fb1f66422faa943f1f16873f4e0d5ff1afa68c2d28f36889e214a52"
score = 75
@@ -363498,8 +363910,8 @@ rule SIGNATURE_BASE_HKTL_CN_Update_Pcmain : FILE
modified = "2023-01-06"
old_rule_name = "update_PcMain"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L832-L858"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L832-L858"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "aa68323aaec0269b0f7e697e69cce4d00a949caa"
logic_hash = "aa905379f65a8d964b921f2b74b61d94f97536466a7fc48f05c437d617cf35f6"
score = 90
@@ -363533,8 +363945,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dos_Sys : FILE
modified = "2023-01-06"
old_rule_name = "Dos_sys"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L860-L878"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L860-L878"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b5837047443f8bc62284a0045982aaae8bab6f18"
logic_hash = "3b3f55c45ebfe4ab6d8e6b06a3c452c84d4f755f984d913c683a49a8fd570d9d"
score = 75
@@ -363561,8 +363973,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dat_Xpf : FILE
modified = "2023-01-06"
old_rule_name = "dat_xpf"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L880-L897"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L880-L897"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "761125ab594f8dc996da4ce8ce50deba49c81846"
logic_hash = "c46b10ef17a9fee2be15fc9cc8b8aeec94d656b86e7208e1ad1f5efcd95fddf5"
score = 75
@@ -363588,8 +364000,8 @@ rule SIGNATURE_BASE_HKTL_CN_Project1 : FILE
modified = "2023-01-06"
old_rule_name = "Project1"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L899-L916"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L899-L916"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d1a5e3b646a16a7fcccf03759bd0f96480111c96"
logic_hash = "c26590f13a185eb42a27d27e6b5996f7fdf4d5c146fb74062686f356ec4db47d"
score = 75
@@ -363614,8 +364026,8 @@ rule SIGNATURE_BASE_Arp_EMP_V1_0 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L918-L931"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L918-L931"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ae4954c142ad1552a2abaef5636c7ef68fdd99ee"
logic_hash = "e46b0f730945dad3c75b6865f30005f4d5fa09c53e3a27c275ca22da9cc89e8d"
score = 75
@@ -363638,8 +364050,8 @@ rule SIGNATURE_BASE_CN_Tools_Myupnp : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L933-L948"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L933-L948"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "15b6fca7e42cd2800ba82c739552e7ffee967000"
logic_hash = "0bdd0d98dc5218bbe799e5e510c5f27d74a1ef398b09962f4267f846088f726e"
score = 75
@@ -363664,8 +364076,8 @@ rule SIGNATURE_BASE_CN_Tools_Shiell : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L950-L966"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L950-L966"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b432d80c37abe354d344b949c8730929d8f9817a"
logic_hash = "44c494c24c090b21c3c201d57f910e8f4d5132a863715a090fa1e18c9d349d48"
score = 75
@@ -363691,8 +364103,8 @@ rule SIGNATURE_BASE_Cndcom_Cndcom : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L968-L988"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L968-L988"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "08bbe6312342b28b43201125bd8c518531de8082"
logic_hash = "226be7ea7b09b2b87eeec006c8054b9fb59eb8324def14a4a0db97f94fb39d62"
score = 75
@@ -363722,8 +364134,8 @@ rule SIGNATURE_BASE_Isdebug_V1_4 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L990-L1010"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L990-L1010"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ca32474c358b4402421ece1cb31714fbb088b69a"
logic_hash = "d656327c33533b5ef7dc70ec00250ee35d878794fae189829a0ecad958f96616"
score = 75
@@ -363753,8 +364165,8 @@ rule SIGNATURE_BASE_HTTPSCANNER : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1012-L1026"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1012-L1026"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ae2929346944c1ea3411a4562e9d5e2f765d088a"
logic_hash = "0f1460101198d8b139b7cc0674bef2fc7b3d2a24249f521396b7bbe4318a83d5"
score = 75
@@ -363778,8 +364190,8 @@ rule SIGNATURE_BASE_Hscan_V1_20_Pipecmd : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1028-L1049"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1028-L1049"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "64403ce63b28b544646a30da3be2f395788542d6"
logic_hash = "91ed275896c2520893ba1af26b2563c0bd3564a9c5f9d812f35464469e27307b"
score = 75
@@ -363810,8 +364222,8 @@ rule SIGNATURE_BASE_Dos_Fp : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1051-L1067"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1051-L1067"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "41d57d356098ff55fe0e1f0bcaa9317df5a2a45c"
logic_hash = "cc09743269ee36862c95c9323ad271ca9b6c350cf25163d126fef0f86bc6f671"
score = 75
@@ -363837,8 +364249,8 @@ rule SIGNATURE_BASE_Dos_Netstat : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1069-L1085"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1069-L1085"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d0444b7bd936b5fc490b865a604e97c22d97e598"
logic_hash = "e2b908308616c3f2c94849b4f22f0e9bb130b5759d89161604505ff25681be55"
score = 75
@@ -363864,8 +364276,8 @@ rule SIGNATURE_BASE_CN_Tools_Xsniff : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1087-L1104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1087-L1104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d61d7329ac74f66245a92c4505a327c85875c577"
logic_hash = "a32d07ecd635ad71edaa37d9b1e5f66d8ce5a7f84f1bba6eb06deb1f49a879c8"
score = 75
@@ -363892,8 +364304,8 @@ rule SIGNATURE_BASE_Mssqlpass : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1106-L1121"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1106-L1121"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "172b4e31ed15d1275ac07f3acbf499daf9a055d7"
logic_hash = "8037316eb157f8693bd342911af5fe5292f3ef8a3c169c80bc70edbabd7a92e6"
score = 75
@@ -363918,8 +364330,8 @@ rule SIGNATURE_BASE_Wsockexpert : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1123-L1141"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1123-L1141"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2962bf7b0883ceda5e14b8dad86742f95b50f7bf"
logic_hash = "34ac3c5f0651ccab851d67da8863e0e305f981cf53a06d46c23f19736cc1c400"
score = 75
@@ -363947,8 +364359,8 @@ rule SIGNATURE_BASE_Ms_Viru_Racle : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1143-L1159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1143-L1159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "13116078fff5c87b56179c5438f008caf6c98ecb"
logic_hash = "d36db04c6a62a72e9f3079d09aedc9056c0a5032b4594af4d02ba55373f8b6a4"
score = 75
@@ -363974,8 +364386,8 @@ rule SIGNATURE_BASE_Lamescan3 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1161-L1177"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1161-L1177"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3130eefb79650dab2e323328b905e4d5d3a1d2f0"
logic_hash = "8246128fa4378b0479a0c051965188c7c3fa0f52c8acc8934ef8af3155a85590"
score = 75
@@ -364001,8 +364413,8 @@ rule SIGNATURE_BASE_CN_Tools_Pc : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1179-L1195"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1179-L1195"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5cf8caba170ec461c44394f4058669d225a94285"
logic_hash = "1da263362e4c2ec8194bb80bfc3f25ff8c4b708919ba02ea02687d5404b99720"
score = 75
@@ -364028,8 +364440,8 @@ rule SIGNATURE_BASE_Dos_Down64 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1197-L1215"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1197-L1215"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "43e455e43b49b953e17a5b885ffdcdf8b6b23226"
logic_hash = "d181c2075762fc3bb5b61bcdef57eb6533cb59dde03c4b901b6ce5b8323f3c8a"
score = 75
@@ -364057,8 +364469,8 @@ rule SIGNATURE_BASE_Epathobj_Exp32 : FILE
date = "2015-06-13"
modified = "2022-12-21"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1217-L1235"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1217-L1235"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ed86ff44bddcfdd630ade8ced39b4559316195ba"
logic_hash = "8959837257848a08240d0423971b9d3a850a7e9cc796de2c9b2d34814923f8ec"
score = 75
@@ -364085,8 +364497,8 @@ rule SIGNATURE_BASE_Tools_Unknown : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1237-L1254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1237-L1254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4be8270c4faa1827177e2310a00af2d5bcd2a59f"
logic_hash = "493bb63d4dd519efbf53a29fa44ef74f0a85943b2d9f49f11e3daa57c6b03d8e"
score = 75
@@ -364113,8 +364525,8 @@ rule SIGNATURE_BASE_PLUGIN_Ajunk : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1256-L1271"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1256-L1271"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "eb430fcfe6d13b14ff6baa4b3f59817c0facec00"
logic_hash = "e37504aab506138493ddc0979697502819824ef00c7931599130fafb5d84a7a9"
score = 75
@@ -364139,8 +364551,8 @@ rule SIGNATURE_BASE_Iisputscanner : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1273-L1316"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1273-L1316"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9869c70d6a9ec2312c749aa17d4da362fa6e2592"
logic_hash = "b2af9003cef528610280866bf00a9716b4421a5f7c65e7c8ec3202af9a592de1"
score = 75
@@ -364193,8 +364605,8 @@ rule SIGNATURE_BASE_Idtools_For_Winxp_Idttool_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1318-L1335"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1318-L1335"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "07feb31dd21d6f97614118b8a0adf231f8541a67"
logic_hash = "831f42abd7374b2ca2b4115a73aae2123e2212b0854d4cc0950b8e66a28e38a3"
score = 75
@@ -364221,8 +364633,8 @@ rule SIGNATURE_BASE_Hkmjjiis6 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1337-L1358"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1337-L1358"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4cbc6344c6712fa819683a4bd7b53f78ea4047d7"
logic_hash = "4ea95b7a5bd24e0dfdcef045d101b7f15e18b20f1328901bb340d9aaad336981"
score = 75
@@ -364253,8 +364665,8 @@ rule SIGNATURE_BASE_Dos_Lcx : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1360-L1384"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1360-L1384"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b6ad5dd13592160d9f052bb47b0d6a87b80a406d"
logic_hash = "bbe215fb27825b4f4bbfa71808ac945f341efbc70a21f79689065982a843d7f1"
score = 75
@@ -364288,8 +364700,8 @@ rule SIGNATURE_BASE_X_Way2_5_X_Way : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1386-L1407"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1386-L1407"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8ba8530fbda3e8342e8d4feabbf98c66a322dac6"
logic_hash = "6261de5db1e7527f7726effe26ed5f88638e6cb378db4c99183dddcd42ae231f"
score = 75
@@ -364320,8 +364732,8 @@ rule SIGNATURE_BASE_Tools_Sqlcmd : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1409-L1428"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1409-L1428"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "99d56476e539750c599f76391d717c51c4955a33"
logic_hash = "aa600f7c56d72d767e9ca51d8b1ee2b2c62302ea1afbed39e4670debd30c5247"
score = 75
@@ -364350,8 +364762,8 @@ rule SIGNATURE_BASE_Sword1_5 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1430-L1449"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1430-L1449"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "96ee5c98e982aa8ed92cb4cedb85c7fda873740f"
logic_hash = "09e09f7ea16dc917388cbccb22a7abfed9b693a33d61698f0e838f029402c256"
score = 75
@@ -364380,8 +364792,8 @@ rule SIGNATURE_BASE_Tools_Scan : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1451-L1466"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1451-L1466"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c580a0cc41997e840d2c0f83962e7f8b636a5a13"
logic_hash = "d8bf2e4a4634f74ce548a5824090502f2ccef382bdbcaf795df711e88a325912"
score = 75
@@ -364406,8 +364818,8 @@ rule SIGNATURE_BASE_Dos_C : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1468-L1487"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1468-L1487"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3deb6bd52fdac6d5a3e9a91c585d67820ab4df78"
logic_hash = "2865b50e6a323462fab39bd84571939c618cf6f00e147039f6e699ba4d195a00"
score = 75
@@ -364436,8 +364848,8 @@ rule SIGNATURE_BASE_Arpsniffer : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1489-L1506"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1489-L1506"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7d8753f56fc48413fc68102cff34b6583cb0066c"
logic_hash = "eb0a425be0fff87eb58689a4eee4b6729e8ee985e6224790111322d4b182caf1"
score = 75
@@ -364464,8 +364876,8 @@ rule SIGNATURE_BASE_Pw_Inspector_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1508-L1524"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1508-L1524"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e0a1117ee4a29bb4cf43e3a80fb9eaa63bb377bf"
logic_hash = "7d2021ff471f03deb9e6d8b62fcb218ae3198f21fd7b8fa1fdd9b96228b8c2f8"
score = 75
@@ -364491,8 +364903,8 @@ rule SIGNATURE_BASE_Datpcshare : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1526-L1542"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1526-L1542"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "87acb649ab0d33c62e27ea83241caa43144fc1c4"
logic_hash = "15297a8019192371032fc11b966d1a89d951c176da6d64e80ca5a201f55341c0"
score = 75
@@ -364518,8 +364930,8 @@ rule SIGNATURE_BASE_Tools_Xport : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1544-L1565"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1544-L1565"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9584de562e7f8185f721e94ee3cceac60db26dda"
logic_hash = "9eea73732643f74b4802af0672f5c3ab09cc54cfecd80f8903efc26b7ceaec29"
score = 75
@@ -364550,8 +364962,8 @@ rule SIGNATURE_BASE_Pc_Xai : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1567-L1586"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1567-L1586"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f285a59fd931ce137c08bd1f0dae858cc2486491"
logic_hash = "80659fcf1721b20f459ac0480401bdf643c95b46118d03320bc6d4e4ee4b67f7"
score = 75
@@ -364580,8 +364992,8 @@ rule SIGNATURE_BASE_Radmin_Hash : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1588-L1605"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1588-L1605"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "be407bd5bf5bcd51d38d1308e17a1731cd52f66b"
logic_hash = "d6ee13a2ed30bb44471593386521f67be0d6ccd6f8a0ebf8557012a099f81d3d"
score = 75
@@ -364608,8 +365020,8 @@ rule SIGNATURE_BASE_Oseditor : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1607-L1624"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1607-L1624"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6773c3c6575cf9cfedbb772f3476bb999d09403d"
logic_hash = "6531c0b3c0f6123d9eda34ed028f05054e4805e5c329da4b29e4f37f9b5fc1b2"
score = 75
@@ -364636,8 +365048,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11011 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1626-L1642"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1626-L1642"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5ad7a4962acbb6b0e3b73d77385eb91feb88b386"
logic_hash = "99dd27eba7da44c71098446e17abfe626de91e899e28c2d2e99e7b54b9e0c825"
score = 75
@@ -364663,8 +365075,8 @@ rule SIGNATURE_BASE_Freeversion_Release : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1644-L1662"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1644-L1662"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f42e4b5748e92f7a450eb49fc89d6859f4afcebb"
logic_hash = "38722afb3b955aced2e68e2048a3268722524f61784dcb45c6a695b5684230eb"
score = 75
@@ -364692,8 +365104,8 @@ rule SIGNATURE_BASE_Churrasco : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1664-L1681"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1664-L1681"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a8d4c177948a8e60d63de9d0ed948c50d0151364"
logic_hash = "36ca7c8d1579eeb571c182c033c312b3b231313b8950c1e24eeb3df793b004c4"
score = 75
@@ -364720,8 +365132,8 @@ rule SIGNATURE_BASE_X64_Kiwicmd : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1682-L1697"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1682-L1697"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "569ca4ff1a5ea537aefac4a04a2c588c566c6d86"
logic_hash = "b49a70a49a67fbb57d643b38155482177f594bd1f01f5464c4f36b265aac48d8"
score = 75
@@ -364746,8 +365158,8 @@ rule SIGNATURE_BASE_Sql1433_SQL : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1699-L1715"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1699-L1715"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "025e87deadd1c50b1021c26cb67b76b476fafd64"
logic_hash = "5ceecc4f345cb603a0b03180f3f09f97e5f951b5d75c469aefffe3ec62916a8f"
score = 75
@@ -364771,8 +365183,8 @@ rule SIGNATURE_BASE_Cookietools2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1717-L1733"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1717-L1733"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cb67797f229fdb92360319e01277e1345305eb82"
logic_hash = "8ddb8ea0bc047877d91f25375745ab8fa66af28b6b41de36e0fb16ea8284fce5"
score = 75
@@ -364798,8 +365210,8 @@ rule SIGNATURE_BASE_Cyclotron : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1735-L1752"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1735-L1752"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b63473b6dc1e5942bf07c52c31ba28f2702b246"
logic_hash = "f3a0edf54039479c9f4e46b20249465bbe1bca57f47afeba37965e6e3fc0127f"
score = 75
@@ -364826,8 +365238,8 @@ rule SIGNATURE_BASE_Xscan_Gui : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1754-L1770"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1754-L1770"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a9e900510396192eb2ba4fb7b0ef786513f9b5ab"
logic_hash = "366db7eb19725a0a42ce371d7bfb50a22a259f0bc0252927af626e8c1c0b9b59"
score = 75
@@ -364853,8 +365265,8 @@ rule SIGNATURE_BASE_CN_Tools_Hscan : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1772-L1792"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1772-L1792"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "17a743e40790985ececf5c66eaad2a1f8c4cffe8"
logic_hash = "9bc4800249bffcc4b8fc1191d600f0b9b2a7b0c1f067039c83c03671a0b4b5c5"
score = 75
@@ -364884,8 +365296,8 @@ rule SIGNATURE_BASE_Goodtoolset_Pr : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1794-L1812"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1794-L1812"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f6676daf3292cff59ef15ed109c2d408369e8ac8"
logic_hash = "0673bc445422f4339c9e81ff8ae8a9b2bb9bc1f107b85fe34906444a1754c43b"
score = 75
@@ -364913,8 +365325,8 @@ rule SIGNATURE_BASE_Hydra_7_4_1_Hydra : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1814-L1832"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1814-L1832"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3411d0380a1c1ebf58a454765f94d4f1dd714b5b"
logic_hash = "f52696cbf7355c982d1a1e0c73dce65324845c5ffc13c541e326720332b4788d"
score = 75
@@ -364942,8 +365354,8 @@ rule SIGNATURE_BASE_CN_Tools_Srss_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1834-L1856"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1834-L1856"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c418b30d004051bbf1b2d3be426936b95b5fea6f"
logic_hash = "e674ac7a99a67e2ebe8b4c4232e3435dd041b794f6c08a87ef7b8179127d6fc7"
score = 75
@@ -364974,8 +365386,8 @@ rule SIGNATURE_BASE_Dos_Ntgod : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1858-L1874"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1858-L1874"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "adefd901d6bbd8437116f0170b9c28a76d4a87bf"
logic_hash = "77b9204add5d25dcc36eabc07cabea2bdc67a23873c2faf7706e7fba5ed53f8b"
score = 75
@@ -365001,8 +365413,8 @@ rule SIGNATURE_BASE_CN_Tools_Vnclink : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1876-L1891"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1876-L1891"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "cafb531822cbc0cfebbea864489eebba48081aa1"
logic_hash = "21328e2a871dfcfda47991a1f1e897efd27471420d644c09a94004cf5b0f9869"
score = 75
@@ -365027,8 +365439,8 @@ rule SIGNATURE_BASE_Tools_Ntcmd : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1893-L1911"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1893-L1911"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a3ae8659b9a673aa346a60844208b371f7c05e3c"
logic_hash = "c2487306a0d82ab76a048c001361c25bcd61d0f7a57a3b22df1c70299f0a72ba"
score = 75
@@ -365056,8 +365468,8 @@ rule SIGNATURE_BASE_Mysql_Pwd_Crack : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1913-L1930"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1913-L1930"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "57d1cb4d404688804a8c3755b464a6e6248d1c73"
logic_hash = "d272b98a6cf2749482ee501734d0043564ba528770161cb0ed4f032409305f22"
score = 75
@@ -365084,8 +365496,8 @@ rule SIGNATURE_BASE_Cmdshell64 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1932-L1951"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1932-L1951"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5b92510475d95ae5e7cd6ec4c89852e8af34acf1"
logic_hash = "fd8010ab2ab51feed62475f840ffaeef92cf1266c139b8f669b7fa5ff646fdab"
score = 75
@@ -365114,8 +365526,8 @@ rule SIGNATURE_BASE_Ms_Viru_V : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1953-L1971"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1953-L1971"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ecf4ba6d1344f2f3114d52859addee8b0770ed0d"
logic_hash = "028b589c11eeacb2edfeeaeaebf2da370e540cba964c9ebbb19e4c734afe190f"
score = 75
@@ -365143,8 +365555,8 @@ rule SIGNATURE_BASE_CN_Tools_Vscan : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1973-L1990"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1973-L1990"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0365fe05e2de0f327dfaa8cd0d988dbb7b379612"
logic_hash = "2bbf0a3fb2b3fc9b646c6f8fc021f65a38e1b64edd74301481051541f8938902"
score = 75
@@ -365171,8 +365583,8 @@ rule SIGNATURE_BASE_Dos_Iis : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L1992-L2011"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L1992-L2011"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "61ffd2cbec5462766c6f1c44bd44eeaed4f3d2c7"
logic_hash = "d6852af79eac659f4dfa3019793290e0498739f02a06c5540cd7d2c65b46b960"
score = 75
@@ -365201,8 +365613,8 @@ rule SIGNATURE_BASE_Iisputscannesr : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2013-L2027"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2013-L2027"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2dd8fee20df47fd4eed5a354817ce837752f6ae9"
logic_hash = "27c190050aabcdff3713b388adb0113ad2334c107a2a7b3d682c209b102cf642"
score = 75
@@ -365226,8 +365638,8 @@ rule SIGNATURE_BASE_HKTL_Unknown_CN_Generate : FILE
date = "2015-06-13"
modified = "2022-01-20"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2029-L2047"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2029-L2047"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2cb4c3916271868c30c7b4598da697f59e9c7a12"
logic_hash = "a83000880bd71f4ee6507cb448b611cb670a47a4dc47c400930d3a41ca594a5d"
score = 75
@@ -365254,8 +365666,8 @@ rule SIGNATURE_BASE_Pc_Rejoice : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2049-L2067"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2049-L2067"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fe634a9f5d48d5c64c8f8bfd59ac7d8965d8f372"
logic_hash = "9e22a98b5065a95a7f169fda8d6d4112101bffa11a1407e03ec152db41857206"
score = 75
@@ -365283,8 +365695,8 @@ rule SIGNATURE_BASE_Ms11080_Withcmd : FILE
date = "2015-06-13"
modified = "2022-12-21"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2069-L2087"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2069-L2087"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "745e5058acff27b09cfd6169caf6e45097881a49"
logic_hash = "cd7167269538a5dd197260682ad777f87e43cc2155acf3ce731d1a065395cf4a"
score = 75
@@ -365311,8 +365723,8 @@ rule SIGNATURE_BASE_Othertools_Xiaoa : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2089-L2107"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2089-L2107"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6988acb738e78d582e3614f83993628cf92ae26d"
logic_hash = "451ed602bd1e9dd7e4020108ea133b60c546965bd77be349d07be42150f80fee"
score = 75
@@ -365340,8 +365752,8 @@ rule SIGNATURE_BASE_Unknown2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2109-L2128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2109-L2128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "32508d75c3d95e045ddc82cb829281a288bd5aa3"
logic_hash = "dea499eaa87cc454a31672fb842539779926d50785ef827162fde84bfcdcc54a"
score = 75
@@ -365370,8 +365782,8 @@ rule SIGNATURE_BASE_Hydra_7_3_Hydra : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2130-L2147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2130-L2147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2f82b8bf1159e43427880d70bcd116dc9e8026ad"
logic_hash = "23194c2df0b8bdedc4fc66c423b0aebb10217de328a194b26560d4cc9a5531e3"
score = 75
@@ -365398,8 +365810,8 @@ rule SIGNATURE_BASE_Oraclescan : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2149-L2165"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2149-L2165"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "10ff7faf72fe6da8f05526367b3522a2408999ec"
logic_hash = "b9454f47123c32d6c6b51722aeadac9acc2a6232c259703c36ea00c83d8977e6"
score = 75
@@ -365425,8 +365837,8 @@ rule SIGNATURE_BASE_Sqltools : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2167-L2186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2167-L2186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "38a9caa2079afa2c8d7327e7762f7ed9a69056f7"
logic_hash = "35b84c3445e92d61ca5e638a2eb19128dca2174327c6325436287d8d3f0bb976"
score = 75
@@ -365456,8 +365868,8 @@ rule SIGNATURE_BASE_HKTL_Portscanner_533_NET_Jun15 : FILE
modified = "2023-12-05"
old_rule_name = "portscanner"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2188-L2205"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2188-L2205"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1de367d503fdaaeee30e8ad7c100dd1e320858a4"
logic_hash = "446cbc1b8046bfd182e0b1c98fe37c8b8ef98f600f5d80d9de83b45aeaf2b386"
score = 75
@@ -365483,8 +365895,8 @@ rule SIGNATURE_BASE_Kappfree : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2207-L2222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2207-L2222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e57e79f190f8a24ca911e6c7e008743480c08553"
logic_hash = "b1b644f9b033ac8372369e81628ee3f6fe094f80d11b8f4f6c192a5e81d2e543"
score = 75
@@ -365509,8 +365921,8 @@ rule SIGNATURE_BASE_Smartniff : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2224-L2239"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2224-L2239"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "67609f21d54a57955d8fe6d48bc471f328748d0a"
logic_hash = "bac770ae3c8e7f619da0b0ff4243716ff8212dce0f36c08c127af892548fe0b6"
score = 75
@@ -365535,8 +365947,8 @@ rule SIGNATURE_BASE_Chinachopper_Caidao : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2241-L2259"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2241-L2259"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "056a60ec1f6a8959bfc43254d97527b003ae5edb"
logic_hash = "7e16a452c98e36a4946bcede5552bef7f6fc82314b28b506307cf010a0890ea6"
score = 75
@@ -365564,8 +365976,8 @@ rule SIGNATURE_BASE_Kiwitaskmgr_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2261-L2276"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2261-L2276"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8bd6c9f2e8be3e74bd83c6a2d929f8a69422fb16"
logic_hash = "6d197e9b7bb9bbd759d6c8c882f7d7412512ba10208cb52a08fcde5e32fd1733"
score = 75
@@ -365590,8 +366002,8 @@ rule SIGNATURE_BASE_Kappfree_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2278-L2294"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2278-L2294"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5d578df9a71670aa832d1cd63379e6162564fb6b"
logic_hash = "1862f1283e8a268f523b3922b3630ebbca9a81cc5aed19e5068315e6346d25c2"
score = 75
@@ -365617,8 +366029,8 @@ rule SIGNATURE_BASE_X_Way2_5_Sqlcmd : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2296-L2324"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2296-L2324"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5152a57e3638418b0d97a42db1c0fc2f893a2794"
logic_hash = "59fd25a786d56885e456fca154800a8313cd04a23fd9374361cc37b86be109a1"
score = 75
@@ -365656,8 +366068,8 @@ rule SIGNATURE_BASE_Win32_Klock : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2326-L2341"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2326-L2341"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7addce4434670927c4efaa560524680ba2871d17"
logic_hash = "e9f1d38de15ce06d55cf276e0f2becd9f9dbf5bd22f9061de03761d7ccdd3e60"
score = 75
@@ -365682,8 +366094,8 @@ rule SIGNATURE_BASE_Ipsearcher : FILE
date = "2015-06-13"
modified = "2022-12-21"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2343-L2360"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2343-L2360"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1e96e9c5c56fcbea94d26ce0b3f1548b224a4791"
logic_hash = "e63349ede826bc7b0e9c94d122e5b294c11a598fcf7096b80be726146e796a80"
score = 75
@@ -365709,8 +366121,8 @@ rule SIGNATURE_BASE_Ms10048_X64 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2362-L2378"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2362-L2378"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "418bec3493c85e3490e400ecaff5a7760c17a0d0"
logic_hash = "f6e353a9e4f751632ca5fda1663f0ba66b16b60df90570ccdaf836eaaa6a78ca"
score = 75
@@ -365736,8 +366148,8 @@ rule SIGNATURE_BASE_Hscangui : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2380-L2396"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2380-L2396"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "af8aced0a78e1181f4c307c78402481a589f8d07"
logic_hash = "9c0eb87dcf8aa107b5289d196650aebcf49c24f57a317de0afdadd61fb5bb5b7"
score = 75
@@ -365763,8 +366175,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11080 : FILE
date = "2015-06-13"
modified = "2022-12-21"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2398-L2417"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2398-L2417"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f0854c49eddf807f3a7381d3b20f9af4a3024e9f"
logic_hash = "a5b03dded6146dae48bca962e7c5419c2ea69f8709ae7f2c9355bd178d5d77fb"
score = 75
@@ -365792,8 +366204,8 @@ rule SIGNATURE_BASE_Epathobj_Exp64 : FILE
date = "2015-06-13"
modified = "2022-12-21"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2419-L2438"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2419-L2438"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "09195ba4e25ccce35c188657957c0f2c6a61d083"
logic_hash = "dc4073a7d319cffbbce7b3c7b7cf02b007839b72fe14ec1fbdcd3343d57cf7bf"
score = 75
@@ -365821,8 +366233,8 @@ rule SIGNATURE_BASE_Kelloworld_2 : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2440-L2455"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2440-L2455"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "55d5dabd96c44d16e41f70f0357cba1dda26c24f"
logic_hash = "a575c30c06bd84196cbf01a9b5ef3a042cf29553610421b019227d30a2c7ad1c"
score = 75
@@ -365847,8 +366259,8 @@ rule SIGNATURE_BASE_Hscan_V1_20_Hscan : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2457-L2474"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2457-L2474"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "568b06696ea0270ee1a744a5ac16418c8dacde1c"
logic_hash = "8e30c366c5d5c34a7b50ba4dec17a46c173196b773fff6965891802bcebeb112"
score = 75
@@ -365875,8 +366287,8 @@ rule SIGNATURE_BASE__Project1_Generate_Rejoice : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2476-L2497"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2476-L2497"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b66bb4d392881468b33a8ee4458f33bfe7a82d34cc3927eedccd54ad94ff6a04"
score = 75
quality = 85
@@ -365907,8 +366319,8 @@ rule SIGNATURE_BASE__Hscan_Hscan_Hscangui : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2499-L2519"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2499-L2519"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5466c3dd8b2b777186bfab9d0948905eb3692ce05cf4748fb5b7b896dc3cb251"
score = 75
quality = 85
@@ -365938,8 +366350,8 @@ rule SIGNATURE_BASE_Kiwi_Tools : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2521-L2554"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2521-L2554"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ce7b3c7d57740257013d9d589444a3b53e81254619bd3f09ece917c70bba03ce"
score = 75
quality = 85
@@ -365982,8 +366394,8 @@ rule SIGNATURE_BASE_Kiwi_Tools_Gentil_Kiwi : FILE
date = "2015-06-13"
modified = "2023-12-05"
reference = "http://tools.zjqhr.com/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cn_hacktools.yar#L2556-L2587"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cn_hacktools.yar#L2556-L2587"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a88bb31e985ae2119b578494ce9130204b41eece5929865c0822cdc82eaba75"
score = 75
quality = 85
@@ -366025,8 +366437,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_1 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L13-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L13-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8ed432fea930eb9b4d695a4a68b833f4324fe0bbea3f0ccac2fe5934bfa1c22"
score = 75
quality = 85
@@ -366050,8 +366462,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_2 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L33-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L33-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c298176e5849b2b202089f27cffb7646243d19a90898bbf079a97d2f624a27e"
score = 75
quality = 85
@@ -366076,8 +366488,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_3 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L53-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L53-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad39864eec58b1c655bd3d510faa314702d118cee845da55d189e7252174eafb"
score = 75
quality = 85
@@ -366101,8 +366513,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_4 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L68-L99"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L68-L99"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1889ce1101ebb352c33279d40641f1f2312c45c6f7e267f4912a9faf320e5971"
score = 75
quality = 85
@@ -366138,8 +366550,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_6 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L101-L115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L101-L115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee671bc09cc0c84c9817ed800f1416a75f18a70fd2cf6a7e9f063fffa01fa003"
score = 75
quality = 85
@@ -366164,8 +366576,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_7 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L117-L130"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L117-L130"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "115774c17003408a04e4b2678f32392b5439b55f3d4688476f6f877520acf75d"
score = 75
quality = 85
@@ -366187,8 +366599,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_8 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L132-L145"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L132-L145"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1a42667463ff006b155c93b8986ab75441ba00d0c3c146c2d4c6929250627d8d"
score = 75
quality = 85
@@ -366211,8 +366623,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_10 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L147-L163"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L147-L163"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14d0ab1114c168d7222a49e68ba12718b6285969e667b95be665d59b1fc98358"
score = 75
quality = 85
@@ -366237,8 +366649,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_11 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L165-L178"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L165-L178"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "847681b3e9d4fc38c483663f5a7e16e7f8f95cfa77728d7316edbe6fbf5fe2c1"
score = 75
quality = 85
@@ -366262,8 +366674,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_12 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L180-L201"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L180-L201"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "31798a39d10bfa4520d91e1f555302e9ac4e38d90f8bc27376a5e7e1ccfcc5e1"
score = 75
quality = 85
@@ -366292,8 +366704,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_13 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L203-L215"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L203-L215"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8cc611685a822e0484146a08f4ebc2fa8dd260dc8627929333060696d8dc35ce"
score = 75
quality = 85
@@ -366314,8 +366726,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_14 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L217-L231"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L217-L231"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "37515683804e9aa076a588048713b420501b2aaf6b8617501ef550484abd1c03"
score = 75
quality = 85
@@ -366339,8 +366751,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_15 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L233-L248"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L233-L248"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8541231fe1e48d7130aed64eee964f8eda6792b5dd3e708b98e9cc6f1f620cd0"
score = 75
quality = 85
@@ -366364,8 +366776,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_16 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L250-L263"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L250-L263"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2d0ee163e7f6f04bfe6941575d0916e18ce2e5c2426e0af326c9567560df3122"
score = 75
quality = 85
@@ -366388,8 +366800,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_17 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L265-L284"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L265-L284"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ca1dc3a03926af15527d2cb95c87457c285891d42a0aa642f49414153bcfc39e"
score = 75
quality = 85
@@ -366419,8 +366831,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_18 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L286-L313"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L286-L313"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8ec1a1262874f636906186b569d231d6e3dd97ed6ef5cbddcbaf9f80cee301a0"
score = 75
quality = 85
@@ -366452,8 +366864,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_19 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L315-L332"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L315-L332"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "218c16d1b67e3e80dc7fdaf67a869e92b39744cb336e70761ac960da36c00372"
score = 75
quality = 85
@@ -366481,8 +366893,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_20 : FILE
date = "2018-05-04"
modified = "2023-01-06"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L334-L355"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L334-L355"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e2739a89451a4eba0bae345203dd4c0e26f715bb079830e36c772861fdd0f4de"
score = 75
quality = 85
@@ -366509,8 +366921,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_21 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L357-L376"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L357-L376"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4fdb162575bd108bb35e5c8ed10f7cac7539a15349218222dbb82d8eae8ad4bb"
score = 75
quality = 85
@@ -366538,8 +366950,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_22 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L378-L395"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L378-L395"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "af2d7917f54ca365465383484b6d19a941d4801898d162a6d3afa7b7c8491a0f"
score = 75
quality = 85
@@ -366566,8 +366978,8 @@ rule SIGNATURE_BASE_MAL_Airdviper_Sample_Apr18_1 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L398-L422"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L398-L422"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbe1f36320eb9640ffbb6495faf7e5a062c5929d022bb56cbf0ebee810ef4e94"
score = 75
quality = 85
@@ -366597,8 +367009,8 @@ rule SIGNATURE_BASE_MAL_Winnti_Sample_May18_1 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L426-L440"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L426-L440"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e235396de278120cbc4700f239c41e7f21e97ba111c07022ae505de540dda2bc"
score = 75
quality = 85
@@ -366623,8 +367035,8 @@ rule SIGNATURE_BASE_MAL_Visel_Sample_May18_1 : FILE
date = "2018-05-04"
modified = "2023-12-05"
reference = "https://401trg.pw/burning-umbrella/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_burning_umbrella.yar#L442-L460"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_burning_umbrella.yar#L442-L460"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3200e3224e037a116451b09ce265c1794a05406876376531ac81eb720fcb6945"
score = 75
quality = 85
@@ -366649,8 +367061,8 @@ rule SIGNATURE_BASE_ONHAT_Proxy_Hacktool : FILE
date = "2016-05-12"
modified = "2023-12-05"
reference = "https://goo.gl/p32Ozf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_onhat_proxy.yar#L8-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_onhat_proxy.yar#L8-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d8c088ecdedbd74ca174244c407c3bb27ccd082ec515c62ee19c93e0d45d3f3b"
score = 100
quality = 85
@@ -366683,8 +367095,8 @@ rule SIGNATURE_BASE_MAL_Exilerat_Feb19_1 : FILE
date = "2019-02-04"
modified = "2023-12-05"
reference = "https://creativecommons.org/licenses/by-nc/4.0/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_exile_rat.yar#L4-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_exile_rat.yar#L4-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0556bc0dbd33502d5bf823cf265a4e133d9af43076abe35a86cf5e20ab314e35"
score = 75
quality = 85
@@ -366711,8 +367123,8 @@ rule SIGNATURE_BASE_MAL_Compromised_Cert_Ducktail_Stealer_Jun23 : FILE
date = "2023-06-16"
modified = "2023-08-12"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ducktail_compromised_certs_jun23.yar#L2-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ducktail_compromised_certs_jun23.yar#L2-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9b7916700359d662e99003727f5293f5a937254ff265c3bc8bb8763e196daa0e"
score = 80
quality = 85
@@ -366753,8 +367165,8 @@ rule SIGNATURE_BASE_SUSP_Certificate_Payload : FILE
date = "2018-08-02"
modified = "2023-12-05"
reference = "https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_cert_payloads.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_cert_payloads.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "909cf4209bbb876a042d86e017f65ce3764d2fde7a602406ed8531ba97c9fb9b"
score = 50
quality = 85
@@ -366776,8 +367188,8 @@ rule SIGNATURE_BASE_Quasar_RAT_Jan18_1 : FILE
date = "2018-01-29"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_quasar_vermin.yar#L11-L33"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_quasar_vermin.yar#L11-L33"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b2c8695a053a714e97f3e108f0f359d9e49151297a21e460b3201d8f4e72a89"
score = 75
quality = 85
@@ -366808,8 +367220,8 @@ rule SIGNATURE_BASE_Vermin_Keylogger_Jan18_1 : FILE
date = "2018-01-29"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_quasar_vermin.yar#L35-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_quasar_vermin.yar#L35-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8afe017f32400e1e498d23746f5cb59c3c67f6abefe9b2e36bec81ca82ecfed"
score = 75
quality = 85
@@ -366851,8 +367263,8 @@ rule SIGNATURE_BASE_Apt_Backspace : FILE
date = "2015-05-14"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_backspace.yar#L6-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_backspace.yar#L6-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6cbfeb7526de65eb2e3c848acac05da1e885636d17c1c45c62ad37e44cd84f99"
logic_hash = "6fa86ada5c965bd9c199c2a1cf9b691499a3d423da7db50c8987b6725c0c0f29"
score = 75
@@ -366876,8 +367288,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkside_May21_1 : FILE
date = "2021-05-10"
modified = "2023-12-05"
reference = "https://app.any.run/tasks/020c1740-717a-4191-8917-5819aa25f385/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_darkside.yar#L2-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_darkside.yar#L2-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "84de92b0b36e373aa61e314a04597bd0578a04af34c501ae9071e5f4fa27c07a"
score = 75
quality = 85
@@ -366905,8 +367317,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Win_DARKSIDE_V1_1 : FILE
date = "2021-03-22"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_darkside.yar#L25-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_darkside.yar#L25-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1a700f845849e573ab3148daef1a3b0b"
logic_hash = "b3612510bd1f2ca7543e217e97037b02d312bcda2b2df16d9be3216749ea4beb"
score = 75
@@ -366928,8 +367340,8 @@ rule SIGNATURE_BASE_MAL_Dropper_Win_Darkside_1 : FILE
date = "2021-05-11"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_darkside.yar#L39-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_darkside.yar#L39-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "131b3666ae444e0de043eafdf7cfd3324b927d18d8ad56d5004ea09b2da5610e"
score = 75
quality = 79
@@ -366956,8 +367368,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_Win_C3_1 : FILE
date = "2021-05-11"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_darkside.yar#L58-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_darkside.yar#L58-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7cdac4b82a7573ae825e5edb48f80be5"
logic_hash = "369c54b9426edb449004466d30e1010ecefe8cfbea106306eb8eb90b27610dbf"
score = 75
@@ -366986,8 +367398,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Crime_Dearcry_Mar2021_1 : FILE
date = "2021-03-12"
modified = "2023-12-05"
reference = "https://twitter.com/phillip_misner/status/1370197696280027136"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_dearcry_ransom.yar#L1-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_dearcry_ransom.yar#L1-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e55507475888087c84f9624f82516e8a40aaf59bf2fbea72129a1dd134b28110"
score = 75
quality = 85
@@ -367019,8 +367431,8 @@ rule SIGNATURE_BASE_MAL_CRIME_RANSOM_Dearcry_Mar21_1 : FILE
date = "2021-03-12"
modified = "2023-12-05"
reference = "https://twitter.com/phillip_misner/status/1370197696280027136"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_dearcry_ransom.yar#L29-L53"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_dearcry_ransom.yar#L29-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c4af7c29e917078f8658aca68ec95f8a03934f42c81fdd421639437e24f304bc"
score = 75
quality = 85
@@ -367051,8 +367463,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L12-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L12-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4df04daf70da482877874c530a3ad76fddebec2946931b60f98aa6c4e31f21ae"
score = 85
quality = 85
@@ -367075,8 +367487,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V2 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L28-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L28-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c9bdf38303fadee3e2cfc99b70942a92ab382817a28401e8c8ab8035384c97c1"
score = 85
quality = 85
@@ -367100,8 +367512,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V3 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L45-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L45-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e418620b45bc11804eae24db3cba8421758c214fc9f660a17761bbf3395ad744"
score = 85
quality = 85
@@ -367122,8 +367534,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V4 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L60-L73"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L60-L73"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb8e4ed38e2e4d3991543c526c7dc458eec78c517d2c5eaa06a3a3cfb48d770f"
score = 85
quality = 85
@@ -367145,8 +367557,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V5 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L75-L91"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L75-L91"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9660dfe76bfe1eb17b434f2ddef4975495e952396212c41550d932dbb8e8205"
score = 85
quality = 85
@@ -367170,8 +367582,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V7 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L112-L124"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L112-L124"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ff8443460e1818fd63e4dcf678bb592940b32978a70ab1633ebaa61c590d3916"
score = 85
quality = 85
@@ -367192,8 +367604,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L126-L138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L126-L138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6708239ea43fd36a7c9431cd2c6c185c0d406d65c4a31374c5e96bdc3e53de43"
score = 85
quality = 85
@@ -367214,8 +367626,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V3 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L140-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L140-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ebfedcec6f22d802a9980ad533f21e90b77fe929a813850be1b25304d3973c3b"
score = 85
quality = 85
@@ -367239,8 +367651,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V5 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L157-L171"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L157-L171"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b0929b808f62e3c59c0afbe959ebf67a3a985e0a0a72bcb112c9693a98351555"
score = 85
quality = 85
@@ -367263,8 +367675,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V6 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L173-L186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L173-L186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "93ce725a8af03d6f08eafe99ff3984e03a434b1f0071c6dbe560bafc3eefb576"
score = 85
quality = 85
@@ -367286,8 +367698,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V7 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L188-L208"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L188-L208"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd65443065f044a2956ae51140423dab202effff5f12dd686f6c4fd54d8a4a0b"
score = 85
quality = 85
@@ -367316,8 +367728,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V9 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L210-L236"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L210-L236"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5947dbb08c9d0851b7993e5ccf177f97dcb330d4b390833843f69932c921ce7a"
score = 85
quality = 85
@@ -367351,8 +367763,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V10 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L238-L251"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L238-L251"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "62d47c1076b05bc9a531ef6e48f17f730932826b4b0f311887e3b14c639b937d"
score = 85
quality = 85
@@ -367374,8 +367786,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V11 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L253-L267"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L253-L267"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "72b9e4de0389df3a14f92660e91749dea4d31905eb7391163c3503bc953d661f"
score = 85
quality = 85
@@ -367398,8 +367810,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V14 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L269-L293"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L269-L293"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4abb1e1c68ced667f04a69c58c89187f9ccc0633c5dc5f396ba8d210bf405f93"
score = 85
quality = 85
@@ -367432,8 +367844,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V15 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L295-L310"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L295-L310"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fac61e80803941193c41ecf8b3fcbee21b5cc41542989ecd93542c32e87da983"
score = 85
quality = 85
@@ -367456,8 +367868,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V16 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L312-L329"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L312-L329"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "638cb66e5ff52ac5a1df0954969e7c54a3b25518228e4f8f344aafe6760985d2"
score = 85
quality = 85
@@ -367482,8 +367894,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V17 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L331-L347"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L331-L347"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ea2793e6ce9e9d97e70a9452a38eb4d5ddbcc275af6ae7f5d094dc77e112d278"
score = 85
quality = 85
@@ -367508,8 +367920,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V18 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L349-L376"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L349-L376"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d982b3b1407e140f586772ce409e47bd29e567af41e466cd94d0983c93aab917"
score = 85
quality = 85
@@ -367544,8 +367956,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V19 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L378-L404"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L378-L404"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "42bee6ddf0b13774efb6712135c3e0b4eae6364120f8973272820f5f669671d1"
score = 85
quality = 85
@@ -367579,8 +367991,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V20 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L406-L423"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L406-L423"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "72c62a764c5c7c19a07957fd6fbfcffd689900cc2759d408d239fe08a3b76b9c"
score = 85
quality = 85
@@ -367605,8 +368017,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V1
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L425-L442"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L425-L442"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4c7b6c76bc10784abf96cc71b34ffc9a9de569fd536505528752221d22b26629"
score = 85
quality = 85
@@ -367632,8 +368044,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V2 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L444-L464"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L444-L464"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a658888dcc7b7f4620f08449c6ec492756750e64f15b048f7cdee7de4fc0479"
score = 85
quality = 85
@@ -367661,8 +368073,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V3 : FILE
date = "2017-02-10"
modified = "2021-03-15"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L466-L485"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L466-L485"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "313f837b90bcf09455427e4411acb5406f4dae9d69373d8d2c0cfc014e27ee96"
score = 65
quality = 85
@@ -367686,8 +368098,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L487-L503"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L487-L503"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "51135d9fe62f5fd1fb7ef6c386dcdd86525dd469064662c2314cfee6e952d6ec"
score = 85
quality = 85
@@ -367712,8 +368124,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V2 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L505-L520"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L505-L520"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd4edd238cdc3d376c1d5bcea6c8df57f4ef03369c0ca22107241812e0a1bb94"
score = 85
quality = 85
@@ -367736,8 +368148,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V3_Alternativerule : HIGHVOL FILE
date = "2017-02-12"
modified = "2025-07-01"
reference = "US CERT Grizzly Steppe Report"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L788-L803"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L788-L803"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "35468f7699b96fcaaaa032eef7dae34ec314e9c652f9f8b2e8ca7343fb5cec50"
score = 75
quality = 85
@@ -367762,8 +368174,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V4 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L807-L822"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L807-L822"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49c912f29f5ffbd90366a510285ef3f06c804af86829808c175c8be519ce01c4"
score = 85
quality = 85
@@ -367787,8 +368199,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V5 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L824-L838"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L824-L838"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9d4233ccf148919d0ad0be726b9dfa9e26a9afcebb7b26fa4db4c3da8c46d13e"
score = 85
quality = 85
@@ -367809,8 +368221,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V7 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L859-L881"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L859-L881"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "27ae70d384488660c1f80040503d3eb6541112fd6332edc5820bc6718d76b847"
score = 85
quality = 85
@@ -367841,8 +368253,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V8
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L883-L911"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L883-L911"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dd072702c59822587d7ede0bc59c5672fbaa9a05595940781554fadb32e109f7"
score = 85
quality = 85
@@ -367879,8 +368291,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V9
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L913-L933"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L913-L933"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c0e48bf0839965f9bda9cc475aba5b4934c27c426a8fa4423fb24aa9d792e2e4"
score = 85
quality = 77
@@ -367909,8 +368321,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V10 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L935-L966"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L935-L966"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f22fd45eb77ff1a8202f4bd0d0c43787c8184300e96aff021e13371ae7bd5553"
score = 85
quality = 81
@@ -367950,8 +368362,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V11 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L968-L985"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L968-L985"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7bdeddc4334ed6557175b5eefc78d69283d6c91f98970bd0cfe6365b3ab477f4"
score = 85
quality = 85
@@ -367976,8 +368388,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V13 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1011-L1032"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1011-L1032"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "576c07c44105d2a38ca715d366f68058b2b3118f25e91d2d3e2d20e932fc9453"
score = 85
quality = 85
@@ -368006,8 +368418,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V1
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1034-L1051"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1034-L1051"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d94192d408036bf02052dc5145b78fea61323810b2abdbba64c65e1f6387ea42"
score = 85
quality = 85
@@ -368033,8 +368445,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V2
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1053-L1192"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1053-L1192"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "43e3df19ecd2068636b92c7a5c0399b22f8fa478e3e1562f392e78c5a268a1e5"
score = 85
quality = 60
@@ -368182,8 +368594,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V3
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1194-L1207"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1194-L1207"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aec1314858732d30b62a033e85eea50b3375e4f5b0e1818a941979d5be672297"
score = 85
quality = 85
@@ -368205,8 +368617,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V4
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1209-L1225"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1209-L1225"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "98a08860453496d9629f62c64fed50a24b8378dcfa39b8b654610c2ac9084fa8"
score = 85
quality = 85
@@ -368231,8 +368643,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1227-L1243"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1227-L1243"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c60402a029034545df302485c14e9485f806f2bc7d5fd759e84d1ecba9854837"
score = 85
quality = 85
@@ -368255,8 +368667,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V2 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1245-L1258"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1245-L1258"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e81e8bcc305b9b7166db85d81278c96edf232bf60040ef15a2376f204ca3046"
score = 85
quality = 85
@@ -368277,8 +368689,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V3 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1260-L1275"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1260-L1275"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "833a6a3a4ff8ca43d4cf8053bfd1da49df96d9833dd3fe0f3ffbf6ce6c114681"
score = 85
quality = 85
@@ -368301,8 +368713,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V4 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1277-L1291"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1277-L1291"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f5388668e148223bc94680ea84e83b0f2896ccf433523d171c8f46d7069f9a4b"
score = 85
quality = 85
@@ -368324,8 +368736,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V5 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1293-L1327"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1293-L1327"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b3ba650818ddbc58ce272ae4851ae3151a8cf1c9cc6f8e234a50b52c95d951fe"
score = 85
quality = 85
@@ -368367,8 +368779,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V6 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1329-L1343"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1329-L1343"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77b5f95cd897c82c200ee6fa3970824adccfd7c56639d92361095f919781d731"
score = 85
quality = 85
@@ -368390,8 +368802,8 @@ rule SIGNATURE_BASE_IMPLANT_7_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1368-L1381"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1368-L1381"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "996f81fe006e0ab15adab46275fdb60251e6c6616da33df600fadfc2684c24af"
score = 85
quality = 85
@@ -368413,8 +368825,8 @@ rule SIGNATURE_BASE_IMPLANT_8_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1383-L1411"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1383-L1411"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "437bda331405f9203747ffbfb107ec26e33973ebfc9f02e153697f7b8c22ad4f"
score = 65
quality = 85
@@ -368445,8 +368857,8 @@ rule SIGNATURE_BASE_IMPLANT_9_V1 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1431-L1448"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1431-L1448"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1166ef923d39952f4131a693c58b8bab5dcbe87f6a6b548a706d1fa10a82e22c"
score = 85
quality = 85
@@ -368471,8 +368883,8 @@ rule SIGNATURE_BASE_IMPLANT_10_V2 : FILE
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1469-L1482"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1469-L1482"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dc201d25b1d6cf8f88ae3bee18057902c4d64316aa9debc9248b0d8aa7f6d170"
score = 85
quality = 85
@@ -368494,8 +368906,8 @@ rule SIGNATURE_BASE_Unidentified_Malware_Two
date = "2017-02-10"
modified = "2025-07-01"
reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_grizzlybear_uscert.yar#L1521-L1543"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_grizzlybear_uscert.yar#L1521-L1543"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd9adfb9e27e4d6b27498cc029e15132343f036cca60210528720a533fe20d9a"
score = 85
quality = 85
@@ -368525,8 +368937,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Unit78020_Sep15 : FILE
modified = "2023-01-31"
old_rule_name = "Unit78020_Malware_Gen1"
reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unit78020_malware.yar#L8-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unit78020_malware.yar#L8-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "85244d4e2b9e03fa4ab8268ffbedffb839bca598b1e863d3d0b3914294d3ddf0"
score = 80
quality = 83
@@ -368573,8 +368985,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_1 : FILE
date = "2015-09-24"
modified = "2023-12-05"
reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unit78020_malware.yar#L60-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unit78020_malware.yar#L60-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a93d01f1cc2d18ced2f3b2b78319aadc112f611ab8911ae9e55e13557c1c791a"
logic_hash = "589dfb39630fd396b1f8c5d9d0ecccfc058edfd8e74e3bd06d1bfb9f91ad1798"
score = 75
@@ -368602,8 +369014,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_Gen2 : FILE
date = "2015-09-24"
modified = "2023-12-05"
reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unit78020_malware.yar#L80-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unit78020_malware.yar#L80-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fd3cb904499a985830543174126761a3cdcff134d61b93b1105a489c00bd042f"
score = 75
quality = 85
@@ -368634,8 +369046,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_Gen3 : FILE
date = "2015-09-24"
modified = "2023-12-05"
reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unit78020_malware.yar#L103-L132"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unit78020_malware.yar#L103-L132"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "304b3f429e144f1f4b0f7794e77f3059ec6b3e5c6fdf4c7b820a77db1cf8cfcb"
score = 75
quality = 85
@@ -368672,8 +369084,8 @@ rule SIGNATURE_BASE_APT_Sidewinder_NET_Loader_Aug_2020_1_1 : FILE
date = "2020-08-24"
modified = "2023-12-05"
reference = "https://twitter.com/ShadowChasing1/status/1297902086747598852"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sidewinder.yar#L4-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sidewinder.yar#L4-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5ee7029143c589f26e6c325e163bfac85507c950f09778bd51ec2bdf4d4263fa"
score = 75
quality = 83
@@ -368700,8 +369112,8 @@ rule SIGNATURE_BASE_APT_MAL_Sidewinder_Implant : FILE
date = "2020-08-25"
modified = "2023-12-05"
reference = "https://cybersecurity.att.com/blogs/labs-research/a-global-perspective-of-the-sidewinder-apt"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sidewinder.yar#L24-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sidewinder.yar#L24-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bfad86dbdc04463e7e4cc126fd05fc9107617a7ea1bd3f283c0e0170862bd59b"
score = 75
quality = 85
@@ -368737,8 +369149,8 @@ rule SIGNATURE_BASE_Susp_Indicators_EXE : FILE
date = "2018-01-05"
modified = "2023-12-05"
reference = "https://pastebin.com/8qaiyPxs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_netwire_rat.yar#L11-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_netwire_rat.yar#L11-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9cb66435b78893daa5583475b14f0df2a5e8612f3aaf5cb02160991ab4d57d1b"
score = 60
quality = 85
@@ -368766,8 +369178,8 @@ rule SIGNATURE_BASE_Suspicious_BAT_Strings : FILE
date = "2018-01-05"
modified = "2023-12-05"
reference = "https://pastebin.com/8qaiyPxs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_netwire_rat.yar#L32-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_netwire_rat.yar#L32-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e643a5ef41d084e1b1a20be2c56328b72fedddbbce3c79d1e93cc8cfaa633e12"
score = 60
quality = 85
@@ -368789,8 +369201,8 @@ rule SIGNATURE_BASE_Malicious_BAT_Strings : FILE
date = "2018-01-05"
modified = "2023-12-05"
reference = "https://pastebin.com/8qaiyPxs"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_netwire_rat.yar#L47-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_netwire_rat.yar#L47-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f39b3fd11e7450eb1eaddeeca60aa4970568efda6053029f85df42e2f9fdd6e"
score = 60
quality = 85
@@ -368813,8 +369225,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_1 : FILE
date = "2017-10-05"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_freemilk.yar#L13-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_freemilk.yar#L13-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d66feceb01ecdd84345def58270a8788b563c99a7efadf9a3049c5fbbbd15da8"
score = 75
quality = 85
@@ -368846,8 +369258,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_2 : FILE
date = "2017-10-05"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_freemilk.yar#L41-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_freemilk.yar#L41-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad2cc04542e93add3e7856574d4de5aa371cc31542f87b1e90d30e12e0149341"
score = 75
quality = 85
@@ -368873,8 +369285,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_3 : FILE
date = "2017-10-05"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_freemilk.yar#L62-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_freemilk.yar#L62-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "be68f624a2a374525857193d27f0645be5d10c198954dd90350448c3127e4bb5"
score = 75
quality = 83
@@ -368901,8 +369313,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_4 : FILE
date = "2017-10-05"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_freemilk.yar#L80-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_freemilk.yar#L80-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "deedb1da7e3421cd300fceea354a690e22005bab16eb0cc20b46f912393b637d"
score = 75
quality = 85
@@ -368931,8 +369343,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_Lazarus_VHD_Ransomware_Oct20_1 : FILE
date = "2020-10-05"
modified = "2023-12-05"
reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_vhd_ransomware.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_vhd_ransomware.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "95c56c5111bb227da8f8a3f8aa4f23e1348bc76ff76a05fc3cae89f9fad1bb52"
score = 75
quality = 85
@@ -368961,8 +369373,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_Lazarus_VHD_Ransomware_Oct20_2 : FILE
date = "2020-10-05"
modified = "2023-12-05"
reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_vhd_ransomware.yar#L26-L43"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_vhd_ransomware.yar#L26-L43"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cf28771a854b3bacc911375c09f6c6bc6ddebff95612a509890c56a5a14e8921"
score = 75
quality = 85
@@ -368987,8 +369399,8 @@ rule SIGNATURE_BASE_APT17_Sample_FXSST_DLL : FILE
date = "2015-05-14"
modified = "2023-12-05"
reference = "https://goo.gl/ZiJyQv"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt17_malware.yar#L10-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt17_malware.yar#L10-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "52f1add5ad28dc30f68afda5d41b354533d8bce3"
logic_hash = "51d6da6c3ec46dc9e991a6a36de6d79626f1859296cda65e9027951c13aa4cd5"
score = 75
@@ -369021,8 +369433,8 @@ rule SIGNATURE_BASE_Wmimplant
date = "2017-03-24"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_wmi_implant.yar#L10-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_wmi_implant.yar#L10-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6422514d25b723e7ab92c1af1301e51d9a93aa41da98791d96c4754a91b5a18e"
score = 75
quality = 85
@@ -369050,8 +369462,8 @@ rule SIGNATURE_BASE_Malrtf_Ole2Link : EXPLOIT FILE
date = "2017-04-12"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_rtf_ole2link.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_rtf_ole2link.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d7ef764a0006b81c2b50699aa1fccb35c7c7da982cb8d56e02097114468e298f"
score = 75
quality = 85
@@ -369077,8 +369489,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Embedded_Worddoc : FILE
date = "2023-01-02"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L3-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L3-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5"
logic_hash = "a53fbfe0ccb5a4ab2320cde10d17f29770d888cf21cda4fdccc3d7ae8d123293"
score = 65
@@ -369103,8 +369515,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Smallscreensize
date = "2023-01-01"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L22-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L22-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "285985c21e34f8412b49dbfe04abad9f93af195801d0a8870ec3795b8a9a3787"
score = 65
quality = 85
@@ -369127,8 +369539,8 @@ rule SIGNATURE_BASE_MAL_Janicab_LNK
date = "2023-01-01"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L46-L68"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L46-L68"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0c7e8427ee61672568983e51bf03e0bcf6f2e9c01d2524d82677b20264b23a3f"
hash = "22ede766fba7551ad0b71ef568d0e5022378eadbdff55c4a02b42e63fcb3b17c"
hash = "4920e6506ca557d486e6785cb5f7e4b0f4505709ffe8c30070909b040d3c3840"
@@ -369160,8 +369572,8 @@ rule SIGNATURE_BASE_SUSP_ELF_Invalid_Version : FILE
date = "2023-01-01"
modified = "2023-12-05"
reference = "https://tmpout.sh/1/1.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L70-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L70-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "05379bbf3f46e05d385bbd853d33a13e7e5d7d50"
logic_hash = "33f096318647867bcd90d7ba77878f43d34477b2b2cbd7410c191e60573d6cd5"
score = 55
@@ -369181,8 +369593,8 @@ rule SIGNATURE_BASE_MAL_ELF_Torchtriton : FILE
date = "2023-01-02"
modified = "2023-12-05"
reference = "https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L88-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L88-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2385b29489cd9e35f92c072780f903ae2e517ed422eae67246ae50a5cc738a0e"
logic_hash = "12de3c3785aaf3623097db58abfe8ee2cbd9a0e712bf752165952de9a5fdb07d"
score = 75
@@ -369213,8 +369625,8 @@ rule SIGNATURE_BASE_MAL_GOLDBACKDOOR_LNK
date = "2023-01-02"
modified = "2023-12-05"
reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L119-L142"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L119-L142"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5"
logic_hash = "043d01758c722964e848e51cf2747c5879f03f0fd43af827e2035abf113daf9d"
score = 75
@@ -369245,8 +369657,8 @@ rule SIGNATURE_BASE_MAL_EXE_Lockbit_V2 : FILE
date = "2023-01-01"
modified = "2023-01-06"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L144-L169"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L144-L169"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "00260c390ffab5734208a7199df0e4229a76261c3f5b7264c4515acb8eb9c2f8"
logic_hash = "9472727d75e34d8bf87c56b74a6dfc04052e621b5fe31732ea9a10c76a05e0c0"
score = 80
@@ -369277,8 +369689,8 @@ rule SIGNATURE_BASE_MAL_EXE_Prestigeransomware : FILE
date = "2023-01-04"
modified = "2023-01-06"
reference = "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L171-L195"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L171-L195"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "5fc44c7342b84f50f24758e39c8848b2f0991e8817ef5465844f5f2ff6085a57"
logic_hash = "2f51ca71d28c8d0df8de22011e16919672d5f9d3f3d94594c5d0cbf7f1585a1e"
score = 80
@@ -369307,8 +369719,8 @@ rule SIGNATURE_BASE_MAL_EXE_Royalransomware : FILE
date = "2023-01-03"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L197-L222"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L197-L222"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a8384c9e3689eb72fa737b570dbb53b2c3d103c62d46747a96e1e1becf14dfea"
logic_hash = "6f93bade7709945b478cbdc721d85ad9243d56ace19fba25835cec13a6210dfb"
score = 75
@@ -369339,8 +369751,8 @@ rule SIGNATURE_BASE_MAL_PY_Dimorf
date = "2023-01-03"
modified = "2023-12-05"
reference = "https://github.com/Ort0x36/Dimorf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_100days_of_yara_2023.yar#L224-L242"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_100days_of_yara_2023.yar#L224-L242"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7499b21f77d07364983b94134a60f7c99e71a5392386437d459a196bf71852fb"
score = 75
quality = 85
@@ -369366,8 +369778,8 @@ rule SIGNATURE_BASE_Equationgroup_Emptycriss : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L15-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L15-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fcfbe4a8a959491dfba9e5d958e43221d83a1e49dcf005872a1b71efb1226d99"
score = 75
quality = 85
@@ -369392,8 +369804,8 @@ rule SIGNATURE_BASE_Equationgroup_Scripme : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L32-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L32-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5cffded6563bb3c94868f25e086be8d92837a7656707bf4e6a9e9f375d9ee7e0"
score = 75
quality = 85
@@ -369419,8 +369831,8 @@ rule SIGNATURE_BASE_Equationgroup_Crypttool : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L50-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L50-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ae2d5eda038326376511450e1f5bd2bbf6264d23df013b005b322d70eb6266a0"
score = 75
quality = 85
@@ -369444,8 +369856,8 @@ rule SIGNATURE_BASE_Equationgroup_Dumppoppy : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L66-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L66-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b6fb6a3799196375796da6f3a0169246145e668019dd692da67ca6f06d09c3dc"
score = 75
quality = 85
@@ -369470,8 +369882,8 @@ rule SIGNATURE_BASE_Equationgroup_Auditcleaner : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L84-L102"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L84-L102"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "30a6ae9ce7d02c1d945d57eabf29f430ad4cdbc48dba5fe71654efc2c59fde08"
score = 75
quality = 85
@@ -369498,8 +369910,8 @@ rule SIGNATURE_BASE_Equationgroup_Reverse_Shell : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L104-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L104-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6dc388fecbf606b19c04626d64f5fe4184f07c2a1597a6f8337aa4a827b2d89b"
score = 75
quality = 85
@@ -369523,8 +369935,8 @@ rule SIGNATURE_BASE_Equationgroup_Tnmunger : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L120-L134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L120-L134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ddb957ca9350288d0fa98ba20847a99dcba931b5a03d0ae94cd3409f82f728eb"
score = 75
quality = 85
@@ -369548,8 +369960,8 @@ rule SIGNATURE_BASE_Equationgroup_Ys_Ratload : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L136-L151"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L136-L151"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "82d00b7eecdb60911ecd933387eeb2ce4eec9721993beee60247d1273ad3368f"
score = 75
quality = 85
@@ -369574,8 +369986,8 @@ rule SIGNATURE_BASE_Equationgroup_Eh_1_1_0 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L153-L168"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L153-L168"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d0972bb57076606b3c84f3cbbb0be85cd5663c7cd6f6d9f09a2991cb6532bfa9"
score = 75
quality = 85
@@ -369600,8 +370012,8 @@ rule SIGNATURE_BASE_Equationgroup_Evolvingstrategy_1_0_1 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L170-L188"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L170-L188"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87d25f1a4ca4a75292ab6cdcd1a79890c4475c2a9b34761ed92988bd517b4497"
score = 75
quality = 85
@@ -369627,8 +370039,8 @@ rule SIGNATURE_BASE_Equationgroup_Toast_V3_2_0 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L190-L205"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L190-L205"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a505eaafb6882e2701fe0a9b8712f85c1073d83291436eeaa7f4c52876d12359"
score = 75
quality = 85
@@ -369653,8 +370065,8 @@ rule SIGNATURE_BASE_Equationgroup_Sshobo : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L207-L223"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L207-L223"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "90c892e06ccedb6a3208d728e9f3c27c14bbe1b4c13b63d4a350bbbf38efbe9d"
score = 75
quality = 85
@@ -369680,8 +370092,8 @@ rule SIGNATURE_BASE_Equationgroup_Magicjack_V1_1_0_0_Client_1_1_0_0 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L225-L239"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L225-L239"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "44e853b8d148f84107d29449aa44b2e52226c9d2f397c019aa0f1d347863e388"
score = 75
quality = 85
@@ -369705,8 +370117,8 @@ rule SIGNATURE_BASE_Equationgroup_Packrat : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L241-L256"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L241-L256"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7e88e14e0d9c8e8f5ccca3bea78b875bf75fbf0dd54badc339237ca94f0d6373"
score = 75
quality = 85
@@ -369731,8 +370143,8 @@ rule SIGNATURE_BASE_Equationgroup_Telex : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L258-L274"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L258-L274"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9661bc43831307cb04883cfe8e54ebb2fe72bf3d7731b2b483cd19c40a5aeaa9"
score = 75
quality = 85
@@ -369758,8 +370170,8 @@ rule SIGNATURE_BASE_Equationgroup_Calserver : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L276-L291"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L276-L291"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "85080074058703a696ac7f978abd8f4d5234f6553c19736fb52375421c4af42b"
score = 75
quality = 85
@@ -369784,8 +370196,8 @@ rule SIGNATURE_BASE_Equationgroup_Porkclient : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L293-L308"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L293-L308"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4de13f1cac8698fc86e44d29143877924aec4e6712415ee6b35810afed8072d6"
score = 75
quality = 85
@@ -369810,8 +370222,8 @@ rule SIGNATURE_BASE_Equationgroup_Electricslide : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L310-L326"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L310-L326"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0803b61afc592d4fba523dc54d8f856a557b916a9f6e256efccd50178e8e024c"
score = 75
quality = 85
@@ -369837,8 +370249,8 @@ rule SIGNATURE_BASE_Equationgroup_Libxmexploit2 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L328-L343"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L328-L343"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7bd88d15cca38e91c65e8373194e35ab9492a80eb27b22ad4000e192f2d9b886"
score = 75
quality = 85
@@ -369863,8 +370275,8 @@ rule SIGNATURE_BASE_Equationgroup_Wrap_Telnet : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L345-L360"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L345-L360"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa7fda8b95b697bb0541642677579f9db9df379048421481cdb66068032bf681"
score = 75
quality = 85
@@ -369889,8 +370301,8 @@ rule SIGNATURE_BASE_Equationgroup_Elgingamble
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L362-L378"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L362-L378"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e561794d969b6198f71115087db8cc89043f2079252eef22458450e16596b0eb"
score = 75
quality = 85
@@ -369916,8 +370328,8 @@ rule SIGNATURE_BASE_Equationgroup_Cmsd : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L380-L397"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L380-L397"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2b9c7ef750c2e45df7839395db51c93204bc9855f5de05bd59c50bb6a964bc8b"
score = 75
quality = 85
@@ -369943,8 +370355,8 @@ rule SIGNATURE_BASE_Equationgroup_Ebbshave : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L399-L415"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L399-L415"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a1a5ddefc646dc55161eb9b2a1b0e4176df7e99660db48b245af3ef9ab0871c"
score = 75
quality = 85
@@ -369970,8 +370382,8 @@ rule SIGNATURE_BASE_Equationgroup_Eggbasket : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L417-L432"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L417-L432"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4800d5c820a18d3483dc5c055c0e2f5374ce3b160ecb4d940a00ec4a90ca50d"
score = 75
quality = 85
@@ -369996,8 +370408,8 @@ rule SIGNATURE_BASE_Equationgroup_Jparsescan : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L434-L448"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L434-L448"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d86b6757abb5ad1902e91f100e6a6bea52e6e14684d184b6b8138270484275f4"
score = 75
quality = 85
@@ -370021,8 +370433,8 @@ rule SIGNATURE_BASE_Equationgroup_Sambal : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L450-L467"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L450-L467"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6066332b16996a9d8635d3752f46c6529cfc2c94d3d6f0c9791f2068c982bf3e"
score = 75
quality = 85
@@ -370049,8 +370461,8 @@ rule SIGNATURE_BASE_Equationgroup_Pclean_V2_1_1_2 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L469-L483"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L469-L483"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9323ef0c76348d242b010cf0f1c6a1bf5dd120a02418350bb0ed137f468ac624"
score = 75
quality = 85
@@ -370074,8 +370486,8 @@ rule SIGNATURE_BASE_Equationgroup_Envisioncollision : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L485-L501"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L485-L501"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8cd8c24b212ca71feb6093682fc614c88790c10d7c7d72dac65b047e5791894a"
score = 75
quality = 85
@@ -370101,8 +370513,8 @@ rule SIGNATURE_BASE_Equationgroup_Cmsex : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L503-L520"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L503-L520"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "997e08a49c5ae82bcc590e5febd449a4d3e9098f5aa154ccc0824b976f0a6365"
score = 75
quality = 85
@@ -370129,8 +370541,8 @@ rule SIGNATURE_BASE_Equationgroup_Exze : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L522-L537"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L522-L537"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b8678f58da689be9507a345b6b80ece6cdb7a78d73db339bdc15ad0a66b4a2e6"
score = 75
quality = 85
@@ -370155,8 +370567,8 @@ rule SIGNATURE_BASE_Equationgroup_DUL : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L539-L553"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L539-L553"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "55df9a844352babf0c30075139e2a62cbf9db898280546d27b172e4d611ce1c0"
score = 75
quality = 85
@@ -370180,8 +370592,8 @@ rule SIGNATURE_BASE_Equationgroup_Slugger2 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L555-L574"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L555-L574"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c736fdfa96d5e99bc4d093c03a81b8a4f58501ec8c03a2891f9f694d88b5284"
score = 75
quality = 85
@@ -370209,8 +370621,8 @@ rule SIGNATURE_BASE_Equationgroup_Ebbisland : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L576-L594"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L576-L594"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f4b5054d4239e23146f0764ffe9037b658ecdb9a5f479956c5c45abc1012a17"
score = 75
quality = 85
@@ -370238,8 +370650,8 @@ rule SIGNATURE_BASE_Equationgroup_Jackpop : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L596-L614"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L596-L614"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6efc4ccd2727f93713ad35dc1f054fa25e976e8c3d95f00226fbd56d7f1ce30b"
score = 75
quality = 85
@@ -370266,8 +370678,8 @@ rule SIGNATURE_BASE_Equationgroup_Parsescan : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L616-L630"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L616-L630"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "25e0bc21f93cd72814cd6114883ed903af84a62dced126201b6037a476dbd2cd"
score = 75
quality = 85
@@ -370291,8 +370703,8 @@ rule SIGNATURE_BASE_Equationgroup_Jscan : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L632-L646"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L632-L646"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d3bbdb90da9fa5b8b41a8b5d35a9b42e4fa15f291146575b0ef22e81441dcbde"
score = 75
quality = 85
@@ -370316,8 +370728,8 @@ rule SIGNATURE_BASE_Equationgroup_Promptkill : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L648-L662"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L648-L662"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b46161b8cbb9a539171349b3e2a58f8e5a48c344b6d99020b3e96da9c878771"
score = 75
quality = 85
@@ -370341,8 +370753,8 @@ rule SIGNATURE_BASE_Equationgroup_Epoxyresin_V1_0_0 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L664-L681"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L664-L681"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c1cbc18f05b299837463aa27a9c47ea0355ca5974b2c6ab1e0a18cc9ad1b26a1"
score = 75
quality = 83
@@ -370368,8 +370780,8 @@ rule SIGNATURE_BASE_Equationgroup_Estopmoonlit : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L683-L699"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L683-L699"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "06293b6f48d2595f3426088cddc4b0c4d1ebc1de90fa640d5b5e806a45a2b6bd"
score = 75
quality = 85
@@ -370395,8 +370807,8 @@ rule SIGNATURE_BASE_Equationgroup_Envoytomato : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L701-L715"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L701-L715"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f15b3b4281ec45a7a71c9bf8b88c60befec665f78b76a615c5912a6b7f94235b"
score = 75
quality = 85
@@ -370420,8 +370832,8 @@ rule SIGNATURE_BASE_Equationgroup_Smash : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L717-L732"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L717-L732"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "073496e34dded05be40ee851442f9c0ec998f35e02a5d4221677a195b792f786"
score = 75
quality = 85
@@ -370446,8 +370858,8 @@ rule SIGNATURE_BASE_Equationgroup_Ratload : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L734-L749"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L734-L749"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "34298175663a01b26e317c31c720f2f4fe93a5c7e375c9642664479d8672e8cd"
score = 75
quality = 85
@@ -370472,8 +370884,8 @@ rule SIGNATURE_BASE_Equationgroup_Ys : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L751-L766"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L751-L766"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4962cc732ce3dea6dc52c7d91ce94089eb4498ba4c442ecc6363ea75de47de31"
score = 75
quality = 85
@@ -370498,8 +370910,8 @@ rule SIGNATURE_BASE_Equationgroup_Ewok : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L768-L784"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L768-L784"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d10d75885daa8cd20e5d7d7e142d1e7a2dbc10a50debf7892629f67b948bbdbe"
score = 75
quality = 85
@@ -370525,8 +370937,8 @@ rule SIGNATURE_BASE_Equationgroup_Xspy : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L786-L799"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L786-L799"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "94ab45d6c94c63c5c9c68ee3d509143af4eb574058c0cd4f26eed8058dbd9213"
score = 75
quality = 85
@@ -370549,8 +370961,8 @@ rule SIGNATURE_BASE_Equationgroup_Estesfox
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L801-L814"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L801-L814"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bfbc8ac62dcb61b492b1803de535f51ceb54ac83e45071270a6ef5faeaa521b2"
score = 75
quality = 85
@@ -370573,8 +370985,8 @@ rule SIGNATURE_BASE_Equationgroup_Elatedmonkey_1_0_1_1 : FILE
date = "2017-04-08"
modified = "2022-08-18"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L816-L832"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L816-L832"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "756337ecb951357c5440ea2fe010982089539c35dc556288d61db6de22348c1f"
score = 75
quality = 85
@@ -370599,8 +371011,8 @@ rule SIGNATURE_BASE_Equationgroup_Scanner : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L834-L849"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L834-L849"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b0454fd41d3591fc5811da6407a422b7c28d0b923109cdfa85b337cc7fffb178"
score = 75
quality = 85
@@ -370625,8 +371037,8 @@ rule SIGNATURE_BASE_Equationgroup__Ftshell_Ftshell_V3_10_3_0 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L853-L871"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L853-L871"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1eb7915fd057b2cc5f788ca11b3c71210ce5e7ac29c52790c249490435e62926"
score = 75
quality = 85
@@ -370654,8 +371066,8 @@ rule SIGNATURE_BASE_Equationgroup__Scanner_Scanner_V2_1_2 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L873-L892"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L873-L892"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c42aaacea1347fd64d7f91421f692e77e33e273d4c2e71806ef7f5f086aba11"
score = 75
quality = 85
@@ -370684,8 +371096,8 @@ rule SIGNATURE_BASE_Equationgroup__Ghost_Sparc_Ghost_X86_3 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L894-L912"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L894-L912"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c4ad8e06934c1ece520863951f14cbf86d1bc4bba97aede1d58def1e5c7df4eb"
score = 75
quality = 85
@@ -370713,8 +371125,8 @@ rule SIGNATURE_BASE_Equationgroup__Pclean_V2_1_1_Pclean_V2_1_1_4 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L914-L930"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L914-L930"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5622d6fff876fa5d07795491d14f0396378c1b07b69cf8bcabb5e0bd3c19e72a"
score = 75
quality = 85
@@ -370740,8 +371152,8 @@ rule SIGNATURE_BASE_Equationgroup__Jparsescan_Parsescan_5 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L932-L950"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L932-L950"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "719baa53db53f4cc4f3e9ed935814e42e5cb4b7fb8eaaa373feb73df69bfcde0"
score = 75
quality = 85
@@ -370769,8 +371181,8 @@ rule SIGNATURE_BASE_Equationgroup__Funnelout_V4_1_0_1 : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L952-L969"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L952-L969"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ae0b387725017de2766593ea55677dca36eee68107e0692a7d5e2526db74765b"
score = 75
quality = 85
@@ -370797,8 +371209,8 @@ rule SIGNATURE_BASE_Equationgroup__Magicjack_V1_1_0_0_Client : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L971-L988"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L971-L988"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5e22b01aa9b1283fa7a326b7c0f8047ed373fac750c89e9ba02c49f0f454e275"
score = 75
quality = 85
@@ -370825,8 +371237,8 @@ rule SIGNATURE_BASE_Equationgroup__Ftshell : FILE
date = "2017-04-08"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L990-L1007"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L990-L1007"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "84c646b2c81f870f650fafd26471017b00b3b7020e72390f818304958e694572"
score = 75
quality = 85
@@ -370853,8 +371265,8 @@ rule SIGNATURE_BASE_Equationgroup_Store_Linux_I386_V_3_3_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1018-L1033"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1018-L1033"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f284c2fecee23f01f83e0534d7d56a88b102e6dcc02a26321fe246604dc8cb0e"
score = 75
quality = 85
@@ -370879,8 +371291,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Genkey : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1035-L1049"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1035-L1049"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c1d823e297b0b1f47f12a3240d59f5ecc482f1140e5b2962f76ec2fff719664a"
score = 75
quality = 85
@@ -370904,8 +371316,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursetingle_2_0_1_2_Mswin32_V_2_0_1 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1051-L1065"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1051-L1065"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bc27edc946beb5065d4fe43e53a33b448c24c7dd3eae0cedd4770c02fce7836b"
score = 75
quality = 85
@@ -370929,8 +371341,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursesleepy_Mswin32_V_1_0_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1067-L1082"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1067-L1082"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0dcbf2b314ff9c392ae0cb4f14762dd20c6b85f7f547af683db3aea1c57dee57"
score = 75
quality = 85
@@ -370955,8 +371367,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursehelper_Win2K_I686_V_2_2_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1084-L1100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1084-L1100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f6c92fc3540750a1223682b1672575b3a3120f5ebf63190a9b31d7e4e5ce13c7"
score = 75
quality = 85
@@ -370981,8 +371393,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Addkey : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1102-L1117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1102-L1117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec5b7499e3c3cc6b581c381ae61a4c987691c0d93dd589a5907fd7419335963a"
score = 75
quality = 85
@@ -371007,8 +371419,8 @@ rule SIGNATURE_BASE_Equationgroup_Noclient_3_3_2 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1119-L1136"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1119-L1136"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "14b1f135da81fd9a071e0f692bc7f1ab6f6f63d7dd05e1557e5c2d51135727b6"
score = 75
quality = 85
@@ -371035,8 +371447,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseflower_Mswin32_V_1_0_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1138-L1153"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1138-L1153"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e70954945b3a5e08e5ae216b16702056b403dbf14391276eae1ed13e8273c1ee"
score = 75
quality = 85
@@ -371060,8 +371472,8 @@ rule SIGNATURE_BASE_Equationgroup_Tmpwatch : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1155-L1169"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1155-L1169"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6fab5100f6ee0bf9a4e13e262c8d47e600f5aad64c7e04fe08fa42a5d78c38e8"
score = 75
quality = 85
@@ -371085,8 +371497,8 @@ rule SIGNATURE_BASE_Equationgroup_Orleans_Stride_Sunos5_9_V_2_4_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1171-L1186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1171-L1186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1380b22e661926ebb2878d89c80e115a58d0bfc060681a55564c97c1e9f36765"
score = 75
quality = 85
@@ -371111,8 +371523,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Noprep : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1188-L1203"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1188-L1203"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c27815333e05d318bc32d01e755386bc1d1dbfd9f2b92a460fbd0f703e9ba210"
score = 75
quality = 85
@@ -371137,8 +371549,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursezinger_Linuxrh7_3_V_2_0_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1205-L1221"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1205-L1221"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa56fe4dd44d266741a3f0b0edfc24660b260c1ade45c23171f22bc43a3bee75"
score = 75
quality = 85
@@ -371164,8 +371576,8 @@ rule SIGNATURE_BASE_Equationgroup_Seconddate_Implantstandalone_3_0_3 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1223-L1238"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1223-L1238"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d56f471104bfb2ef2bf730e5a8b60c123706f12eb52226895b123b16eed2883"
score = 75
quality = 85
@@ -371190,8 +371602,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Solaris_I386_V_3_3_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1240-L1256"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1240-L1256"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "61ded97e99e6bdfe2738c6d73719b3182d970aba8ea9d7cab751349669129de2"
score = 75
quality = 85
@@ -371217,8 +371629,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr_Dev_Bin_Now : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1258-L1272"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1258-L1272"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1d7f009c5593ac1b1517024b828b016d705b63f6812a49d909f35c34b936e6d7"
score = 75
quality = 85
@@ -371242,8 +371654,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr_Dev_Bin_Post : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1274-L1287"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1274-L1287"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ffd95302df11d1ebab37817e967a1ad4d1e85e62b38a0ccd6adf0f36925e64c1"
score = 75
quality = 85
@@ -371266,8 +371678,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseyo_Win2K_V_1_0_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1289-L1306"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1289-L1306"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ad9bb848a0c4805a14465ff44e3c967c9afa7369536a211a8a1fb100902fbb55"
score = 75
quality = 85
@@ -371293,8 +371705,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1308-L1322"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1308-L1322"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6df2a36e51fbe23e090094a91da76ca881a65d7e129c6e428ffef13787f230bc"
score = 75
quality = 85
@@ -371318,8 +371730,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseroot_Win2K_V_2_1_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1324-L1340"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1324-L1340"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "64ea35c9287ed35b5e7fbc8aaa228f87bc003111dd6fc35f5277eeea5f371a2c"
score = 75
quality = 85
@@ -371345,8 +371757,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursewham_Curserazor_Cursezinger_Curseroot_Win
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1342-L1362"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1342-L1362"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a5a8e6a516b51c2eed616c80a1162990c1dda4460ec7786793d66820ca15b5a4"
score = 75
quality = 85
@@ -371375,8 +371787,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Linux_I386_V_3_3_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1364-L1381"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1364-L1381"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "245662b561178f4d929ed858811846b2a49dc80af25396864a3d7bd90d16ac2b"
score = 75
quality = 85
@@ -371403,8 +371815,8 @@ rule SIGNATURE_BASE_Equationgroup_Charm_Saver_Win2K_V_2_0_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1383-L1399"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1383-L1399"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87cea1f46a3165485274165e840a4945d6f6a6f9ff7fd011e685e8bb90acae8a"
score = 75
quality = 85
@@ -371429,8 +371841,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursehappy_Win2K_V_6_1_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1401-L1415"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1401-L1415"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3bf5878c3be20a7a543d4937c6d820df726062e39ee262a6c31f7e91b32fd55e"
score = 75
quality = 85
@@ -371454,8 +371866,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Store : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1417-L1433"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1417-L1433"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "34dc21d933d56b6f6c342ca110d9cff7bb51d9fd1b88b359861e5b5650679ad0"
score = 75
quality = 85
@@ -371481,8 +371893,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Linux_X86_64_V_3_3_0 : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1435-L1450"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1435-L1450"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "be2ca3791ef1025db6a1dd6bcdf1a9f0b224c3f7585af4546029840251c50094"
score = 75
quality = 85
@@ -371507,8 +371919,8 @@ rule SIGNATURE_BASE_Equationgroup_Linux_Exactchange : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1452-L1472"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1452-L1472"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a0bcf5aa1f434fe9698a7408df68870d4908cdf87f22bb4acfedc50bb2c8f11f"
score = 75
quality = 85
@@ -371538,8 +371950,8 @@ rule SIGNATURE_BASE_Equationgroup_X86_Linux_Exactchange : FILE
date = "2017-04-09"
modified = "2023-12-05"
reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1474-L1490"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1474-L1490"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9365eb74a364eb83150672919ea1abe635465fe3239fff26ba91037c74971466"
score = 75
quality = 85
@@ -371565,8 +371977,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eclipsedwing_Rpcproxy_Pcdlllaunc
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1502-L1519"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1502-L1519"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8a01ea872c161521301182b922ece893f9ad1a33d902ec94963946f3b07d7266"
score = 75
quality = 85
@@ -371593,8 +372005,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Explodingcantouch_1_2_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1521-L1536"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1521-L1536"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9239a61e71c86fc239f75baa9c781da18553e3c502495ad7429eaf3c744e870c"
score = 75
quality = 85
@@ -371619,8 +372031,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Architouch_1_0_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1538-L1551"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1538-L1551"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb6959b7b50e6f2895bab5f3355bef836c9a9774285cfb5fea339ce3d2c67f73"
score = 75
quality = 85
@@ -371643,8 +372055,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Erraticgopher_1_0_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1553-L1569"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1553-L1569"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b099bd202a962e64cb4f417eb7e09893b869e950eb0740394d222e8b4b89283"
score = 75
quality = 85
@@ -371670,8 +372082,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Esteemaudit_2_1_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1571-L1585"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1571-L1585"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "272d435758c0021bfd84d84c00eb05ece2461a39d092693b61d362365ab098cd"
score = 75
quality = 85
@@ -371695,8 +372107,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Darkpulsar_1_1_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1587-L1601"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1587-L1601"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da8e1723da9e2d9955a3042bceb313d7d10903bfc078ba090c1c5a57be243b96"
score = 75
quality = 85
@@ -371720,8 +372132,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Educatedscholar_1_0_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1603-L1617"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1603-L1617"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0265ce5dfb5697a0610a6023b75f6e3ef2ef0308f639978a8617337df2e16c77"
score = 75
quality = 85
@@ -371745,8 +372157,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Doublepulsar_1_3_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1619-L1634"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1619-L1634"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b7ed9dbd4312541bd4d939602f63ce1d909729cce1845b018be6a07a9cb7fe2"
score = 75
quality = 85
@@ -371771,8 +372183,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Erraticgophertouch_1_0_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1636-L1651"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1636-L1651"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "08646f7887daddd8efac875bc7b111df7a52feae0a4b81bfd2d2ae7ef9453b5e"
score = 75
quality = 85
@@ -371797,8 +372209,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Smbtouch_1_1_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1653-L1666"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1653-L1666"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5eb9d45dfc47470236923a5b8174bc17733e4333db6f8bbe63c4f4bc913cf26"
score = 75
quality = 85
@@ -371821,8 +372233,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Educatedscholartouch_1_0_0 : FIL
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1668-L1682"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1668-L1682"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4c06fad158db8337ff768ad1553401ec31eee6b0d50333ce91a3a12e79d8981a"
score = 75
quality = 85
@@ -371846,8 +372258,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Esteemaudittouch_2_1_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1684-L1698"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1684-L1698"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f4e62ec7a68115d5ff155ea94fb2c99b9177e928533338a111e531c694ff7b8f"
score = 75
quality = 85
@@ -371871,8 +372283,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Rpctouch_2_1_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1700-L1714"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1700-L1714"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3ea1f30c0a2c91cc9ca2eec8eaab167c83f4f52c2732d03d1e7fb99e63986662"
score = 75
quality = 85
@@ -371896,8 +372308,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mofconfig_1_0_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1716-L1729"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1716-L1729"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a922eb01efa52601b72c3d91a26585504fcf706a9ed16a36328f94f5871b0b24"
score = 75
quality = 85
@@ -371920,8 +372332,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Easypi_Explodingcan : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1731-L1747"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1731-L1747"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c5978d8cbffde2339cadd84f44d1df24e76f298a2f05bd9a6565246bfae1b1e3"
score = 75
quality = 85
@@ -371947,8 +372359,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eclipsedwingtouch_1_0_4 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1749-L1763"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1749-L1763"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4707dbbb302b9b2192bdd23e4b64e25b5b2f49c3dd7951905a07cb5b54d524d9"
score = 75
quality = 85
@@ -371972,8 +372384,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Iistouch_1_2_2 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1765-L1779"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1765-L1779"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f4f5e17d3777d6ae8bfd0646eeffcd631331e4d8966f5124ebc9352438dc790f"
score = 75
quality = 85
@@ -371997,8 +372409,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Namedpipetouch_2_0_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1781-L1800"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1781-L1800"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "63d4395db4672b7a146dbd285e42344fb895b38f67fa9f7885b73855d7211190"
score = 75
quality = 85
@@ -372026,8 +372438,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Easybee_1_0_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1802-L1816"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1802-L1816"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e3488a1d686b9ad468553cfe2c939e70ea6b9a21409df8b06bb54418495576ec"
score = 75
quality = 85
@@ -372051,8 +372463,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Regread_1_1_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1818-L1832"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1818-L1832"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5bf833d7fb073ad74037cf6df4729c75d50641a46a962aee8deac19e31b74419"
score = 75
quality = 85
@@ -372076,8 +372488,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Englishmansdentist_1_2_0 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1834-L1848"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1834-L1848"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd415731c1c8398d2b0b1758c4e7eb3e708620b269f9312cf0a750ab2099162e"
score = 75
quality = 85
@@ -372101,8 +372513,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Architouch_Eternalsynergy_Smbtou
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1850-L1870"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1850-L1870"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "faeac75104a15cac8528663a82eadbc7bc22cc0a1d1a3b3dfccb6ea46fb24a67"
score = 75
quality = 85
@@ -372131,8 +372543,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eternalromance_2 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1872-L1889"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1872-L1889"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "481a08bc73ac66245c0712599a61cccdf5127276a09a67cf894f76b7763c5c9b"
score = 75
quality = 85
@@ -372159,8 +372571,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Emphasismine : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1891-L1910"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1891-L1910"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "20ec32f5e9e439fb212985d5ae104ae5742231f594423cd125a9e64ed6eb234a"
score = 75
quality = 85
@@ -372189,8 +372601,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eternalromance : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1912-L1930"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1912-L1930"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "757740038b9b1e1d099bb208104e9f48e7eb57ffb2de09e83c66df7914b816cb"
score = 75
quality = 85
@@ -372218,8 +372630,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen4 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1932-L1963"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1932-L1963"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "68a85b4109a2222dce0625aae8a55541206b9275236232e5049e5b4ee28d8e52"
score = 75
quality = 85
@@ -372259,8 +372671,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1965-L1984"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1965-L1984"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd40d51ba26706517dae332d84f574eb206a424693cfb586375695e364990b5d"
score = 75
quality = 85
@@ -372289,8 +372701,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen2 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L1986-L2012"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L1986-L2012"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c0833e92e23d595ebcf4af042febc44fba594356a647eb98e48b6fabf018d72"
score = 75
quality = 85
@@ -372325,8 +372737,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen3 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2014-L2042"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2014-L2042"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99b293d441fd27a6295e6a93123cf45e787472fb61575d566e7b4e0c61226fdb"
score = 75
quality = 85
@@ -372363,8 +372775,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Yak : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2054-L2070"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2054-L2070"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "69b9514508f557376d876262793e5650289abfeeeee8b5ca9beaf42f3ec4d64c"
score = 75
quality = 85
@@ -372390,8 +372802,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Aduser_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2072-L2086"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2072-L2086"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d378773f4acd850e5a8d92d6cce84d57f659330edc025565cf4bc34afb0a6ae6"
score = 75
quality = 85
@@ -372415,8 +372827,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remoteexecute_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2088-L2112"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2088-L2112"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa46cb188ba820199c013633ade72ab1c8bea316384042e9e3b5098c439841a5"
score = 75
quality = 85
@@ -372450,8 +372862,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Banner_Implant9X : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2114-L2129"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2114-L2129"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5bda7b8ab097c0a5ca90b05147d4227e5a03735b99633b5081d80d2d72bceba9"
score = 75
quality = 85
@@ -372475,8 +372887,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Greatdoc_Dll_Config : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2131-L2147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2131-L2147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "edb14cc9e51bbf6b3ca2c52f841edfa3df1ca89b3e7c1b5a59baf3a13be0fc46"
score = 75
quality = 85
@@ -372502,8 +372914,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Scanner : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2149-L2166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2149-L2166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7f2ee4ac260b78764573187c501ed27fbfdf573e618f15dbd307177afa670605"
score = 75
quality = 85
@@ -372530,8 +372942,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mcl_Ntmemory_Std : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2168-L2183"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2168-L2183"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d3c76cf0ca0f798e1ca3c0a1b88c3bb425f1c36439842c4c33247dfcb44a877"
score = 75
quality = 85
@@ -372556,8 +372968,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Tacothief : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2185-L2198"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2185-L2198"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "565d94ac0dd65de0926d11ae08ee78f14dcb211ca97c77c39f394fb36890fc6f"
score = 75
quality = 85
@@ -372580,8 +372992,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ntevt : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2200-L2219"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2200-L2219"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "29572cce9af51adf12db019f885f868fd77ff9034a6944a6286a4d2a0988842a"
score = 75
quality = 85
@@ -372608,8 +373020,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Processes_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2221-L2236"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2221-L2236"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e9e26224b7eafc999c9638d4591a45297e3293b0e90e63c2d207ee52848c4ce2"
score = 75
quality = 85
@@ -372634,8 +373046,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_St_Lp : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2238-L2254"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2238-L2254"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "38a48a931856e0eb8e16b7902f5e494b50f8895d4221b5359fc3339d1b52eb8e"
score = 75
quality = 85
@@ -372661,8 +373073,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Epwrapper : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2256-L2271"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2256-L2271"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a1a54cd3fef3db9a20f3be25336fcbabe0d993403f001a04a02b5dbfd629543"
score = 75
quality = 85
@@ -372687,8 +373099,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_2000 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2273-L2290"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2273-L2290"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dfcd7d928c921dbe7162712ca74a105a938fd9ac675faaaa228d05139b2077de"
score = 75
quality = 85
@@ -372714,8 +373126,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dllload_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2292-L2309"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2292-L2309"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab50ad9e01c55b3f40e98e6e2cf77c1ad7d6d6ec81a56bbb2263a6e05912e272"
score = 75
quality = 85
@@ -372741,8 +373153,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_EXPA : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2311-L2327"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2311-L2327"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2aa4ee5b128714cfa7f5d29f7ef110e1b18fb7bc21351444b2472ff74c4139d3"
score = 75
quality = 85
@@ -372768,8 +373180,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remoteexecute_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2329-L2345"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2329-L2345"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3eedb6abb09989784a7dc5e721f9901e936f2c0241967b48858e5e5897b9f24a"
score = 75
quality = 85
@@ -372794,8 +373206,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_DS_Parselogs : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2347-L2362"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2347-L2362"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4c35476b512378d1e3c7e7e3e9dae16adb0d4de4ecab143d034110836c11d0d"
score = 75
quality = 85
@@ -372820,8 +373232,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Oracle_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2364-L2379"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2364-L2379"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "568a5d103527e6fd99bbac8d49a2d667f464fd16d5bf276f98c88c39e129b58b"
score = 75
quality = 85
@@ -372846,8 +373258,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dmgz_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2381-L2395"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2381-L2395"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ae3e0c30c9dbee311d4e5576b1a447ac57f8b1786dc5753246ad3c08ccecb85"
score = 75
quality = 85
@@ -372871,8 +373283,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setresourcename : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2397-L2413"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2397-L2413"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e26aac30e06da14060a955761d08e6f543db2f2747be2959b0090f60e6eb52a5"
score = 75
quality = 85
@@ -372898,8 +373310,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Drivers_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2415-L2431"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2415-L2431"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "45190a317f3d293dbc3015873080d1253bfb3298008f5dea69ab1a5780a70721"
score = 75
quality = 85
@@ -372924,8 +373336,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Shares_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2433-L2449"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2433-L2449"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "11a1af97d720286a7fadf8b056f8f7add70acb041a828441166f5c74bc7a819d"
score = 75
quality = 85
@@ -372951,8 +373363,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ntfltmgr : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2451-L2475"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2451-L2475"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9f280baf785f54218cbf47f65419cfe23c687e58021f36b5d116904d2cec9a9b"
score = 75
quality = 85
@@ -372985,8 +373397,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_BH : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2477-L2492"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2477-L2492"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "273e38e287b1597753f653c0ed8300936581a1b767029d3f0ba757de589bcd5a"
score = 75
quality = 85
@@ -373011,8 +373423,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_LP : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2494-L2508"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2494-L2508"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cd7b92f13e0a00d23baef70e38b476b62394106dfa70e831786f398c573aa744"
score = 75
quality = 85
@@ -373036,8 +373448,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remotecommand_Lp : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2510-L2524"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2510-L2524"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "974772264324e7721f51a88534aaa3b4eb1d409e04f673783caf4849d90522de"
score = 75
quality = 85
@@ -373061,8 +373473,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Lp_Mstcp : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2526-L2545"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2526-L2545"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5d1423661f95d955f411414138da45cc4be59b2e6bf8e70f471b8f41fc9ea3f4"
score = 75
quality = 83
@@ -373090,8 +373502,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Renamer : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2547-L2561"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2547-L2561"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4941f31be6674499b202a3071d795317e6d97fb19088ea370180708e3d04bca7"
score = 75
quality = 85
@@ -373115,8 +373527,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Exploit : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2563-L2579"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2563-L2579"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6f04ec5d1066b34ebee2504f7d229610e525743f7536d58bf99fc4f89ac6aa3b"
score = 75
quality = 85
@@ -373142,8 +373554,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level3_Gen : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2581-L2600"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2581-L2600"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2ba0f5ada13bd8c71836f26e278c334fdbf2578eac189852befee7a81c07e169"
score = 75
quality = 85
@@ -373171,8 +373583,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Put_Implant9X : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2602-L2618"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2602-L2618"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e79a59e400aac544dc1160d5898e3053f88f7d5bc142440177526187650484e7"
score = 75
quality = 85
@@ -373197,8 +373609,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Promiscdetect_Safe : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2620-L2635"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2620-L2635"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b8c2e9a00af4e6aed7f603dee0439357e3389180fbd2e83d6809e76dc7d0428"
score = 75
quality = 85
@@ -373223,8 +373635,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Packetscan_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2637-L2652"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2637-L2652"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aa2106d2aad3e81c864181c851574f76f48cd4fe48bb3327135f2956d271dfde"
score = 75
quality = 85
@@ -373249,8 +373661,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setports : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2654-L2668"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2654-L2668"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b2c61f6ca2d59d5e596e7c5c87ed3476d957763daeaf41e6f356bacf26415faf"
score = 75
quality = 85
@@ -373274,8 +373686,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Grdo_Filescanner_Implant : FILE
date = "2017-04-15"
modified = "2023-01-06"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2670-L2686"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2670-L2686"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ae88d27f41dd4888c445c654c919b3862fe3fc8c92aef816b22b2fb408a49cce"
score = 75
quality = 85
@@ -373300,8 +373712,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Msgks_Mskgu : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2688-L2704"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2688-L2704"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d3a230d29997ab247db2b7a2a0f369206513a98c16f744e2fb1fca6495d5e36b"
score = 75
quality = 85
@@ -373327,8 +373739,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ifconfig_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2706-L2722"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2706-L2722"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e88f589bed7830a1be81c85c9eb77b7f5c14bef2f0f1b3be6293aa9c5e870278"
score = 75
quality = 85
@@ -373353,8 +373765,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2724-L2739"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2724-L2739"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3ee7a1284e2abd0282606c22b9112bd1af536e5fd48ef27e8d9216da8e1fb1c5"
score = 75
quality = 85
@@ -373379,8 +373791,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dsz_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2741-L2755"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2741-L2755"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3d76131a42aed642a8c54076544488a8d24ec16416469813324541d72e30101b"
score = 75
quality = 85
@@ -373404,8 +373816,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Genkey : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2757-L2770"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2757-L2770"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cdaa33645d0ea614891fc0579937e983b8b4f6c4830191518dc8272791dcc8df"
score = 75
quality = 85
@@ -373428,8 +373840,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Wmi_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2772-L2785"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2772-L2785"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "69754b6f26292aa1a457c71d079d934ce75794624c38e9d19c84ceb77a5fb26d"
score = 75
quality = 85
@@ -373452,8 +373864,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Clocksvc : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2787-L2807"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2787-L2807"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "04cdd8e4ca9df0231ca66caa8083eff1fe0834cdedc4360fce0a934970a6d162"
score = 75
quality = 85
@@ -373482,8 +373894,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Xxxridearea : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2809-L2825"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2809-L2825"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4d2eeabbb3bb27f46232fe0a43f0ecda9f3589dbe6b08fd4f8aac14f6d12090b"
score = 75
quality = 85
@@ -373509,8 +373921,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Yak_Min_Install : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2827-L2842"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2827-L2842"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f224c87c5626fee98dae5b4bbab2b4468bdd126ac63371ede53545d7cb177123"
score = 75
quality = 85
@@ -373535,8 +373947,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setouraddr : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2844-L2858"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2844-L2858"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d49bcef48afeb63b763c88443930f28be1d6f9f27d5f0bd9161d151fa3081868"
score = 75
quality = 85
@@ -373560,8 +373972,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Getadmin_LSADUMP_Modifyprivilege
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2860-L2882"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2860-L2882"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee5c818c29ccb1b280669f7f5e828963c4523b73b68674d8c0aae72189f0208c"
score = 75
quality = 85
@@ -373592,8 +374004,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Sendpktrigger : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2884-L2897"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2884-L2897"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "277367e69406a84ff4ff6b57d05bf97468b0083e23f9c5cd14cdd26cad5846d7"
score = 75
quality = 85
@@ -373616,8 +374028,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dmgz_Target_2 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2899-L2916"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2899-L2916"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab9ab949ee17655e424f6a65d3605e9900d214d1c620e051104762d5c214419f"
score = 75
quality = 85
@@ -373643,8 +374055,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mstcp32_DXGHLP16_Tdip : FILE
date = "2017-04-15"
modified = "2023-01-06"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2918-L2938"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2918-L2938"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "35fab86ca4cb287c8046a1764a91523673e12b5729d87c90b0c298dcbfcf86eb"
score = 75
quality = 85
@@ -373673,8 +374085,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Regprobe : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2940-L2955"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2940-L2955"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01e7387c26ae3736c8fac1a3bb6ff283f8b06949af7a4ac36a556b292412bda2"
score = 75
quality = 85
@@ -373699,8 +374111,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Doublefeaturedll_Dll_2 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2957-L2974"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2957-L2974"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d6751ebfb2541c86b74583b7867de0a193ca106bf77337c8b10f15cdeb596bd"
score = 75
quality = 85
@@ -373727,8 +374139,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gangsterthief_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2976-L2993"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2976-L2993"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8145d6eedf20cf95baf329a6240b5b740273ff0a7f82edd3c346eb8c67e69e1"
score = 75
quality = 85
@@ -373755,8 +374167,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setcallbackports : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L2995-L3009"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L2995-L3009"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e087534589228ac1af8b8b8d2ebbc1bc99fc25b38cb4c4d840cab8e90e75644a"
score = 75
quality = 85
@@ -373780,8 +374192,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_BH_2000 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3011-L3025"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3011-L3025"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0cd3ba351b1c5716ed322c9f177a848322324526f3d39c2be5cc34bc6aee9fa6"
score = 75
quality = 85
@@ -373805,8 +374217,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Rc5 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3027-L3043"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3027-L3043"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6d9ba73fe2a6da99ba44b00bcb5ecf51e983ac245fd5c6e620d35e8120514464"
score = 75
quality = 85
@@ -373832,8 +374244,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level_Generic : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3045-L3075"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3045-L3075"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ddb3441b62b477ab7e3406a22e2a246b60c1d1d25e4acf52ee452a2dfac2daf7"
score = 75
quality = 85
@@ -373872,8 +374284,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level3_Http_Exe : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3077-L3094"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3077-L3094"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "50d83b157c338830eea6aba2e09e9d513dd5b50e257d1a16c0d51616bfa26a7f"
score = 75
quality = 85
@@ -373899,8 +374311,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Parsecapture : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3096-L3111"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3096-L3111"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8946bc6d1812a998757a4032755f37aa2be6121a958ebfb6fec90fa60da038fb"
score = 75
quality = 85
@@ -373925,8 +374337,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Activedirectory_Target : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3113-L3127"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3113-L3127"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0dee634fe81870b21531046be512e9e54b127207c1910ca5ce5dfab63b1d0603"
score = 75
quality = 85
@@ -373950,8 +374362,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Legacy_Dll : HIGHVOL FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3129-L3144"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3129-L3144"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "923a595737bc83fe05d0ca7301c70e1cb03cecf97dfa99f5967b77b892a9a533"
score = 75
quality = 85
@@ -373976,8 +374388,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Svctouch : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3146-L3159"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3146-L3159"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0e876611ffe4740141a0454f68cfc7dd3c46e0fd44deeb9f3e0f66c8fccd3745"
score = 75
quality = 85
@@ -374000,8 +374412,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Pwd_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3161-L3176"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3161-L3176"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f565c42781ff4b0b37e7c00673fb2da2877018317cd415bdb47d4e019485c727"
score = 75
quality = 85
@@ -374025,8 +374437,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Kisucomms_Target_2000 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3178-L3198"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3178-L3198"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7d350228ad779d0453c1077afb2b533036eb1e43e4f74a433d68c781db963ab1"
score = 75
quality = 85
@@ -374053,8 +374465,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Sldecoder : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3200-L3214"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3200-L3214"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "81a74169dc8f93f314f384bd859df07a4ffaaf430b221b440de922fad3497535"
score = 75
quality = 85
@@ -374078,8 +374490,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Windows_Implant : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3216-L3229"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3216-L3229"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b6b349c98a328b4bbdd6d8718af8477c36ec219bb0076dd56998395d0ef5f32"
score = 75
quality = 85
@@ -374102,8 +374514,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Msgkd_Msslu64_Msgki_Mssld : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3231-L3256"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3231-L3256"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f61ce58356ffca197d4a2a4aae43414bcb8f2f284dbee818124dd450f4b50cb9"
score = 75
quality = 85
@@ -374137,8 +374549,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setcallback : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3258-L3272"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3258-L3272"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "63a17dd56874085753cae92f70d6248ceaac6eaea99fda0d3a551e4988a73895"
score = 75
quality = 85
@@ -374162,8 +374574,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Doublefeaturereader_Doublefeatu
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3274-L3293"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3274-L3293"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9049e1fe31917ecc27e57afecd5845afcd966aac83d386b7c0995c1e3378a0d0"
score = 75
quality = 85
@@ -374191,8 +374603,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Vtuner_Vtuner_1 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3295-L3315"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3295-L3315"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8c161b36599b11264c31c54b94d6bdba53b3f13d27861ededc9f03bba394b775"
score = 75
quality = 85
@@ -374221,8 +374633,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Ecwi_ESKE_EVFR_RPC2_2 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3317-L3336"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3317-L3336"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "73522034c6588fee090eff87602568371562bdbcbe781ee6e152f3b854514690"
score = 75
quality = 85
@@ -374251,8 +374663,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__EAFU_Ecwi_ESKE_EVFR_RPC2_4 : FI
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3338-L3361"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3338-L3361"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed6e0e4e5a0849aad64bbc47c047f3fe388052d0ebe89de0257d4422fb39be21"
score = 75
quality = 85
@@ -374284,8 +374696,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Sendcftrigger_Sendpktrigger_6 :
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3363-L3379"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3363-L3379"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4fb290bdf15e0701b6d543e1f978011046abe23e58c790ee1b992a5e0443a271"
score = 75
quality = 85
@@ -374311,8 +374723,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Addresource : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3381-L3398"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3381-L3398"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e59863ac7f1147cdbc34cbd2b09183487999d9f01974279c7ccc0c5af7a99976"
score = 75
quality = 85
@@ -374339,8 +374751,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ESKE_RPC2_8 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3400-L3416"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3400-L3416"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1fa706fb7f138d679421fe6c5b29d6bf93893adc8bffe9dffaafa728c1b2d1d5"
score = 75
quality = 85
@@ -374366,8 +374778,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ETBL_ETRE_10 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3441-L3458"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3441-L3458"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bc30c62da7a7fd9144efef6f44c50552234f372c38c4479a024fbb0ca72530de"
score = 75
quality = 85
@@ -374394,8 +374806,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 : FI
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3460-L3479"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3460-L3479"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8d43aa4823de248308597bd02cd27e598808b94e1ad7348ddb9e27d8a37ac426"
score = 75
quality = 85
@@ -374424,8 +374836,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_Ridearea2_12 : FI
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3481-L3498"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3481-L3498"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0119cd825c02a094ddd76c5cb27bee6cef112f25333eab62017448804b29286e"
score = 75
quality = 85
@@ -374452,8 +374864,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_13 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3500-L3516"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3500-L3516"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0a1859266b859d4da660a7fc7d0015954ff100c39b941b5461ba0c99b5103547"
score = 75
quality = 85
@@ -374479,8 +374891,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Nameprobe_SMBTOUCH_14 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3518-L3535"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3518-L3535"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c60fc34aa42810a5622fbe53122ded4ffb4ee321fed1badd481ce5c2ae5225ef"
score = 75
quality = 85
@@ -374507,8 +374919,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_RPC2_15 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3537-L3555"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3537-L3555"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6c61d17e1a985deb31bd6e1d603283e77df477b52fce9eb8b6cb4e99b2f9c4dc"
score = 75
quality = 85
@@ -374536,8 +374948,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_16 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3557-L3578"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3557-L3578"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3e6c4e013727bbbf3859374af46553067a9fc782f2eca582ea13d8eab03380ce"
score = 75
quality = 85
@@ -374568,8 +374980,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ETBL_ETRE_SMBTOUCH_17 : FILE
date = "2017-04-15"
modified = "2023-12-05"
reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3580-L3597"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3580-L3597"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ef86350732b5064035ff58b63202be29e906d2b566af105f03298e3e339eda52"
score = 75
quality = 85
@@ -374596,8 +375008,8 @@ rule SIGNATURE_BASE_Equationgroup_Scanner_Output : FILE
date = "2017-04-17"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_eqgrp_apr17.yar#L3609-L3626"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_eqgrp_apr17.yar#L3609-L3626"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a8ac7e7f14d72798a1f6658eae4c66d871a525c8cb49afa2ca8656047da20524"
score = 75
quality = 85
@@ -374625,8 +375037,8 @@ rule SIGNATURE_BASE_Shadowpad_Nssock2 : FILE
date = "2017-08-15"
modified = "2023-12-05"
reference = "https://securelist.com/shadowpad-in-corporate-networks/81432/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_shadowpad.yar#L13-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_shadowpad.yar#L13-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ea9675d5acfdc80cfa787db2c2dfe2169aa7c5e3ead35f020d0b0b664ecb4bf4"
score = 75
quality = 85
@@ -374651,8 +375063,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Adselfservice_CVE_2021_40539_ADSLOG_Sep21 : LOG CVE
date = "2021-09-20"
modified = "2023-12-05"
reference = "https://us-cert.cisa.gov/ncas/alerts/aa21-259a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_adselfservice_cve_2021_40539.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_adselfservice_cve_2021_40539.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "49b7857187c15f48e928747266adca44c227964cef72914616ea269b0e88fe73"
score = 70
quality = 85
@@ -374673,8 +375085,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Adselfservice_CVE_2021_40539_Weblog_Sep21_1 : LOG C
date = "2021-09-20"
modified = "2023-12-05"
reference = "https://us-cert.cisa.gov/ncas/alerts/aa21-259a"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_adselfservice_cve_2021_40539.yar#L16-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_adselfservice_cve_2021_40539.yar#L16-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bc27afd63d32ac95711e5b4e70764fe0d1bcbb4b4b9b4e3f324e058bba2ef8f6"
score = 60
quality = 85
@@ -374696,8 +375108,8 @@ rule SIGNATURE_BASE_Sedll_Javascript_Decryptor : FILE
date = "2017-10-18"
modified = "2023-01-07"
reference = "https://goo.gl/MZ7dRg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_leviathan.yar#L11-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_leviathan.yar#L11-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "26ef61d8bb1764dddd951526902fb510fbacc8b808fe99ddee1956dc8b59bd1d"
score = 75
quality = 85
@@ -374725,8 +375137,8 @@ rule SIGNATURE_BASE_Leviathan_Cobaltstrike_Sample_1 : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://goo.gl/MZ7dRg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_leviathan.yar#L33-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_leviathan.yar#L33-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ebc8c2f8ddba302e0fbde69e27986236053a3d31c50cf3a2f979a9ebb90907f"
score = 75
quality = 85
@@ -374757,8 +375169,8 @@ rule SIGNATURE_BASE_Mockdll_Gen : FILE
date = "2017-10-18"
modified = "2023-12-05"
reference = "https://goo.gl/MZ7dRg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_leviathan.yar#L57-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_leviathan.yar#L57-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cbe7b816199d251bfdc751f46bd95da6f0447ebd56f564619d24eb08bbd4a2c7"
score = 75
quality = 85
@@ -374785,8 +375197,8 @@ rule SIGNATURE_BASE_Vbscript_Favicon_File : FILE
date = "2017-10-18"
modified = "2023-01-06"
reference = "https://goo.gl/MZ7dRg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_leviathan.yar#L77-L96"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_leviathan.yar#L77-L96"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5b89ea916adf6864c8b1cb7cd7ee6d74ea47bf17a0b03cc513046f8d260ae376"
score = 75
quality = 85
@@ -374812,8 +375224,8 @@ rule SIGNATURE_BASE_MAL_Win_Amadey_Jun25 : FILE
date = "2025-06-18"
modified = "2025-07-24"
reference = "https://0x0d4y.blog/amadey-targeted-analysis/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_win_amadey_jun25.yar#L1-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_win_amadey_jun25.yar#L1-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "08dc17aa8f7e83bc349339a9a1b48184b094d8c66273d7199a15b206c6416946"
score = 80
quality = 85
@@ -374841,8 +375253,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_LIBCUE_CVE_2023_43641_Oct23_1 : CVE_2023_43641 FIL
date = "2023-10-27"
modified = "2023-12-05"
reference = "https://github.com/github/securitylab/blob/main/SecurityExploits/libcue/track_set_index_CVE-2023-43641/README.md"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_libcue_cve_2023_43641.yar#L2-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_libcue_cve_2023_43641.yar#L2-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a2cd3c1b0b3551ffb24bf7704c37c1be6c1a9655c74447d2f7f94540dd0ab188"
score = 70
quality = 85
@@ -374865,8 +375277,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_32
date = "2016-08-08"
modified = "2023-12-05"
reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_strider.yara#L8-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_strider.yara#L8-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1cfc43ab15b3d220a636c150315c30f5654e53fad67d20534ce4d5c00295e35e"
score = 80
quality = 85
@@ -374887,8 +375299,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_64
date = "2016-08-08"
modified = "2023-12-05"
reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_strider.yara#L22-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_strider.yara#L22-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "957e5b6afabec3fb1b169dd85d0e950107e219f7dec8ef779a18bd90d9824a97"
score = 80
quality = 85
@@ -374909,8 +375321,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_Parser
date = "2016-08-08"
modified = "2023-12-05"
reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_strider.yara#L36-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_strider.yara#L36-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2f6db962807c07ff1bbe8b53eeb386d7b0ac88f95b76439c0d8b65d597739bdd"
score = 80
quality = 85
@@ -374931,8 +375343,8 @@ rule SIGNATURE_BASE_Remsec_Encrypted_Api
date = "2016-08-08"
modified = "2023-12-05"
reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_strider.yara#L50-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_strider.yara#L50-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4f10c24a8480c17c2939fe3fecba2820b22f8a47bc2b2e73ac1080a355025d7c"
score = 80
quality = 85
@@ -374953,8 +375365,8 @@ rule SIGNATURE_BASE_Remsec_Packer_A
date = "2016-08-08"
modified = "2023-12-05"
reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_strider.yara#L64-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_strider.yara#L64-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b46a41686fbf1c63e8a8b583859f23bf789bc9f11ee6b1fb01bb08e602772e76"
score = 80
quality = 85
@@ -374975,8 +375387,8 @@ rule SIGNATURE_BASE_Remsec_Packer_B
date = "2016-08-08"
modified = "2023-12-05"
reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_strider.yara#L78-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_strider.yara#L78-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9c63b5934d60b59a33364ef56c913220e59b9798a682a7f97e6755270adf4e4b"
score = 80
quality = 85
@@ -374997,8 +375409,8 @@ rule SIGNATURE_BASE_PUP_Computraceagent : FILE
date = "2018-05-01"
modified = "2023-12-05"
reference = "https://asert.arbornetworks.com/lojack-becomes-a-double-agent/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fancybear_computrace_agent.yar#L1-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fancybear_computrace_agent.yar#L1-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "65e964e68be1e286ab3aa39677e250cf5994a7a08d0f6db286c0260cf77d6c48"
score = 75
quality = 85
@@ -375021,8 +375433,8 @@ rule SIGNATURE_BASE_APT_Crywiper_Dec22
date = "2022-12-05"
modified = "2023-12-05"
reference = "https://securelist-ru.translate.goog/novyj-troyanec-crywiper/106114/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ru_crywiper.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ru_crywiper.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7c22e02ed996cd820ed87a0c5d50e3264629cdd887aad4ea466cadeccaee2b2f"
score = 75
quality = 85
@@ -375046,8 +375458,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf : FILE
date = "2017-02-09"
modified = "2022-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L10-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L10-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4f0eab53a135242c7891b8c88e937a854c945a10000ca4cbf7b21f4596dca410"
score = 75
quality = 85
@@ -375069,8 +375481,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_2
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L25-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L25-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8f803a5d71a084e1ea453638bdeaa2dd590a1912be652b74b065d9afd332ffa2"
score = 75
quality = 85
@@ -375095,8 +375507,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Psh
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L42-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L42-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2e6015e8c91ccd8647e78220d10c2d704867369d962b734bb4522a1213be2f2d"
score = 75
quality = 85
@@ -375121,8 +375533,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Exe
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L59-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L59-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3baa242e90dd845e022785101ebc2d5c0d84007d20aef6a2bb6a9a8c6280d4eb"
score = 75
quality = 85
@@ -375150,8 +375562,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_3
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L79-L102"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L79-L102"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d1aeb97c19365f996dc1bc0fd6e01342878967be25d3e042158eba986af28b4a"
score = 75
quality = 83
@@ -375184,8 +375596,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_4
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L104-L121"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L104-L121"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8e84ef13aa72c7c35520b3534b908c7d00240915ab02f8216a2cef6440c322a2"
score = 75
quality = 85
@@ -375212,8 +375624,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Exe_2
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L123-L139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L123-L139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bd82f496ade1a62e0aee8c8c90cee84377cb90adf11c87652082e74c8c85e568"
score = 75
quality = 83
@@ -375239,8 +375651,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_5
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L141-L156"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L141-L156"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb602670329391b091f87818a0f5defaa8f688f7921978510739b96ca63a2f12"
score = 75
quality = 85
@@ -375265,8 +375677,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_6
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L158-L177"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L158-L177"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b9498828a55477049922e50329d0c38ee34b8484562113a2686669ccbb8b3318"
score = 75
quality = 85
@@ -375295,8 +375707,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_7
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L179-L194"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L179-L194"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "167d295de5ffc9c88cf72f086fef4514f08cc3b9dd2d93b3ec36acffd6430370"
score = 75
quality = 85
@@ -375321,8 +375733,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_8
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L196-L215"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L196-L215"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d2b26276843cdfef2d1458ee6c3e2ecea962d1cd42bc21b86ebd03599bebcbc6"
score = 75
quality = 85
@@ -375351,8 +375763,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Cmd
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L217-L230"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L217-L230"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ea44b3d00733eb7d4f924ccaece5265fcd90a462acb954a134b5355ecb0621e5"
score = 75
quality = 85
@@ -375375,8 +375787,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_9 : FILE
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L232-L252"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L232-L252"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b5761b51b79f83c48deafaf3786cb90ef493ab0448cd67b86655cecb0160a627"
score = 75
quality = 83
@@ -375403,8 +375815,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_10 : FILE
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L254-L269"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L254-L269"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c772fdc40e110ef1287da680dc4ef1718b86856abab4d814ec7bc2ee1e7808ee"
score = 75
quality = 85
@@ -375429,8 +375841,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Svc : FILE
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L271-L285"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L271-L285"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "21c6aa2333335a5822328fb5176ca37060eb401640ed5cc340aefb63685078f4"
score = 75
quality = 85
@@ -375454,8 +375866,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_11
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L287-L302"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L287-L302"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f003989a99315b42c0c73beaa2928d0187fe92a4bf329912d64fac9f8fc9358c"
score = 75
quality = 83
@@ -375480,8 +375892,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Ref
date = "2017-02-09"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L304-L323"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L304-L323"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ed6e408575b88ff67479ac1b1a2f37c5fad3ec200a446700840ad4245386bfc4"
score = 75
quality = 85
@@ -375510,8 +375922,8 @@ rule SIGNATURE_BASE_MAL_Metasploit_Framework_UA : FILE
date = "2018-08-16"
modified = "2023-12-05"
reference = "https://github.com/rapid7/metasploit-framework/commit/12a6d67be48527f5d3987e40cac2a0cbb4ab6ce7"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L325-L339"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L325-L339"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "986fea99735b93aed9dbf72582c009e11a1e7ba19b256902f93312474ef34b4a"
score = 65
quality = 85
@@ -375534,8 +375946,8 @@ rule SIGNATURE_BASE_HKTL_Meterpreter_Inmemory
date = "2020-06-29"
modified = "2023-04-21"
reference = "https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_metasploit_payloads.yar#L341-L363"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_metasploit_payloads.yar#L341-L363"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b39dbcb276842a1306205cf2e51ce86b6d2aa21353d277df15f4ea3b3d97678"
score = 85
quality = 85
@@ -375564,8 +375976,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_1 : FILE
date = "2017-09-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xtreme_rat.yar#L14-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xtreme_rat.yar#L14-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fa78b43f729032291c27f67dc53bd39a85c9a50323c7adf909ca2a8c5acdd861"
score = 75
quality = 85
@@ -375594,8 +376006,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_2 : FILE
date = "2017-09-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xtreme_rat.yar#L39-L53"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xtreme_rat.yar#L39-L53"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb86167e0267d52b1b7503abd8f5b988296e3cde12453ace529c4e043d2ca69e"
score = 75
quality = 85
@@ -375619,8 +376031,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_3 : FILE
date = "2017-09-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xtreme_rat.yar#L55-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xtreme_rat.yar#L55-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c110863028ab1f557270e52de608179ce582a47e0a20994f83d385ed285bda9a"
score = 75
quality = 85
@@ -375645,8 +376057,8 @@ rule SIGNATURE_BASE_Xtreme_RAT_Gen_Imp : FILE
date = "2017-09-27"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_xtreme_rat.yar#L71-L86"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_xtreme_rat.yar#L71-L86"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9cfd6473e7f8d1f899fe2cdbb49a4086ea7ac6151602d0964ed28b16d2d0188d"
score = 75
quality = 85
@@ -375666,8 +376078,8 @@ rule SIGNATURE_BASE_APT_SAP_Netweaver_Exploitation_Activity_Apr25_1 : SCRIPT CVE
date = "2025-04-25"
modified = "2025-05-15"
reference = "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_sap_netweaver_apr25.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_sap_netweaver_apr25.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ab6c5e17bba15a3f968bdbe88a8cf4a039c55b6035d91fd3c6b30092be89af5c"
score = 70
quality = 85
@@ -375689,8 +376101,8 @@ rule SIGNATURE_BASE_APT_SAP_Netweaver_Exploitation_Activity_Apr25_2 : SCRIPT CVE
date = "2025-04-25"
modified = "2025-05-15"
reference = "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_sap_netweaver_apr25.yar#L16-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_sap_netweaver_apr25.yar#L16-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dfc24a4f359e2bc899ab3924bd342c2c6bd8c757b7c1d3859a47f61b9e4039a9"
score = 70
quality = 85
@@ -375711,11 +376123,11 @@ rule SIGNATURE_BASE_SUSP_WEBSHELL_Cmd_Indicator_Apr25
date = "2025-04-25"
modified = "2025-05-07"
reference = "https://regex101.com/r/N6oZ2h/2"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_sap_netweaver_apr25.yar#L29-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_sap_netweaver_apr25.yar#L29-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b992786a58389749db40fc90363f00c5df374d514374afc2d6fdff4429cb1ec0"
score = 60
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -375733,8 +376145,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic : FILE
date = "2021-01-14"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L83-L411"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L83-L411"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "bee1b76b1455105d4bfe2f45191071cf05e83a309ae9defcf759248ca9bceddd"
hash = "6bf351900a408120bee3fc6ea39905c6a35fe6efcf35d0a783ee92062e63a854"
hash = "e3b4e5ec29628791f836e15500f6fdea19beaf3e8d9981c50714656c50d3b365"
@@ -375764,7 +376176,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic : FILE
hash = "dd5d8a9b4bb406e0b8f868165a1714fe54ffb18e621582210f96f6e5ae850b33"
logic_hash = "03c1963ec7a0409970baa98dc3a62f721c092b41d4026475a38b1ef466426b75"
score = 70
- quality = -134
+ quality = -109
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -375958,8 +376370,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Callback : FILE
date = "2021-01-14"
modified = "2023-09-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L413-L718"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L413-L718"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e98889690101b59260e871c49263314526f2093f"
hash = "63297f8c1d4e88415bc094bc5546124c9ed8d57aca3a09e36ae18f5f054ad172"
hash = "81388c8cc99353cdb42572bb88df7d3bd70eefc748c2fa4224b6074aa8d7e6a2"
@@ -375977,7 +376389,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Callback : FILE
hash = "487e8c08e85774dfd1f5e744050c08eb7d01c6877f7d03d7963187748339e8c4"
logic_hash = "e12dec5252a816c10443fe0e0b40b0b9b4a187b32facd8e09e1f057801da25f9"
score = 60
- quality = -153
+ quality = -103
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -376175,8 +376587,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Base64_Encoded_Payloads : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L720-L870"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L720-L870"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "88d0d4696c9cb2d37d16e330e236cb37cfaec4cd"
hash = "e3b4e5ec29628791f836e15500f6fdea19beaf3e8d9981c50714656c50d3b365"
hash = "e726cd071915534761822805724c6c6bfe0fcac604a86f09437f03f301512dc5"
@@ -376292,8 +376704,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Unknown_1 : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L872-L894"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L872-L894"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "12ce6c7167b33cc4e8bdec29fb1cfc44ac9487d1"
hash = "cf4abbd568ce0c0dfce1f2e4af669ad2"
logic_hash = "ce2d4c87c001a45febf7eac5474aa0d24ea73067f9154203ef5653bf77e7028f"
@@ -376321,8 +376733,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Eval : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L896-L955"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L896-L955"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a61437a427062756e2221bfb6d58cd62439d09d9"
hash = "90c5cc724ec9cf838e4229e5e08955eec4d7bf95"
hash = "2b41abc43c5b6c791d4031005bf7c5104a98e98a00ee24620ce3e8e09a78e78f"
@@ -376378,8 +376790,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Double_Eval_Tiny : FILE
date = "2021-01-11"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L957-L1008"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L957-L1008"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f66fb918751acc7b88a17272a044b5242797976c73a6e54ac6b04b02f61e9761"
hash = "6b2f0a3bd80019dea536ddbf92df36ab897dd295840cb15bb7b159d0ee2106ff"
hash = "aabfd179aaf716929c8b820eefa3c1f613f8dcac"
@@ -376387,7 +376799,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Double_Eval_Tiny : FILE
hash = "006620d2a701de73d995fc950691665c0692af11"
logic_hash = "cf0405e8a44497574d75291bf86bf9413d9a64140e820f7f5a655fe5302c6918"
score = 75
- quality = 17
+ quality = 42
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -376419,15 +376831,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC : FILE
date = "2021-01-12"
modified = "2025-09-22"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1010-L1139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1010-L1139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "eec9ac58a1e763f5ea0f7fa249f1fe752047fa60"
hash = "181a71c99a4ae13ebd5c94bfc41f9ec534acf61cd33ef5bce5fb2a6f48b65bf4"
hash = "76d4e67e13c21662c4b30aab701ce9cdecc8698696979e504c288f20de92aee7"
hash = "1d0643927f04cb1133f00aa6c5fa84aaf88e5cf14d7df8291615b402e8ab6dc2"
logic_hash = "d300de628add5912955f4915921dc387bd3ca3e7bf327e3d9f0ae82e3839a3ec"
score = 75
- quality = -48
+ quality = -23
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -376497,8 +376909,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded : FILE
date = "2021-04-18"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1141-L1192"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1141-L1192"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "119fc058c9c5285498a47aa271ac9a27f6ada1bf4d854ccd4b01db993d61fc52"
hash = "d5ca3e4505ea122019ea263d6433221030b3f64460d3ce2c7d0d63ed91162175"
hash = "8a1e2d72c82f6a846ec066d249bfa0aaf392c65149d39b7b15ba19f9adc3b339"
@@ -376536,8 +376948,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded_Mixed_Dec_And_Hex : FILE
date = "2021-04-18"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1194-L1250"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1194-L1250"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0e21931b16f30b1db90a27eafabccc91abd757fa63594ba8a6ad3f477de1ab1c"
hash = "929975272f0f42bf76469ed89ebf37efcbd91c6f8dac1129c7ab061e2564dd06"
hash = "88fce6c1b589d600b4295528d3fcac161b581f739095b99cd6c768b7e16e89ff"
@@ -376552,7 +376964,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded_Mixed_Dec_And_Hex : FILE
hash = "0ff05e6695074f98b0dee6200697a997c509a652f746d2c1c92c0b0a0552ca47"
logic_hash = "d9b4d224d43915cf08050c173627b314c3e41a30ecfffe28038281eadc114e51"
score = 75
- quality = -8
+ quality = 17
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -376581,14 +376993,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Tiny : FILE
date = "2021-01-12"
modified = "2024-03-11"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1252-L1347"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1252-L1347"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b7b7aabd518a2f8578d4b1bc9a3af60d155972f1"
hash = "694ec6e1c4f34632a9bd7065f73be473"
hash = "5c871183444dbb5c8766df6b126bd80c624a63a16cc39e20a0f7b002216b2ba5"
logic_hash = "993f1c98362dcbc207c6ceacb116a27d44505dc6dfa1874def780af50422e1b9"
score = 75
- quality = -115
+ quality = -90
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -376648,8 +377060,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Str_Replace : FILE
date = "2021-01-12"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1349-L1404"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1349-L1404"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "691305753e26884d0f930cda0fe5231c6437de94"
hash = "7efd463aeb5bf0120dc5f963b62463211bd9e678"
hash = "fb655ddb90892e522ae1aaaf6cd8bde27a7f49ef"
@@ -376692,14 +377104,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Fopo : FILE
date = "2021-01-12"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1406-L1466"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1406-L1466"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "fbcff8ea5ce04fc91c05384e847f2c316e013207"
hash = "6da57ad8be1c587bb5cc8a1413f07d10fb314b72"
hash = "a698441f817a9a72908a0d93a34133469f33a7b34972af3e351bdccae0737d99"
logic_hash = "076c0c256e5951cdcb2b7bc55030f55bec48c1bea953b8bd85559a3230e387ae"
score = 75
- quality = 15
+ quality = 40
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -376740,8 +377152,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Gzinflated : FILE
date = "2021-01-12"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1468-L1541"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1468-L1541"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "49e5bc75a1ec36beeff4fbaeb16b322b08cf192d"
hash = "6f36d201cd32296bad9d5864c7357e8634f365cc"
hash = "ab10a1e69f3dfe7c2ad12b2e6c0e66db819c2301"
@@ -376795,8 +377207,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_3 : FILE
date = "2021-04-17"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1543-L1849"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1543-L1849"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "11bb1fa3478ec16c00da2a1531906c05e9c982ea"
hash = "d6b851cae249ea6744078393f622ace15f9880bc"
hash = "14e02b61905cf373ba9234a13958310652a91ece"
@@ -377003,8 +377415,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Includer_Eval : FILE
date = "2021-01-13"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1851-L1900"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1851-L1900"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3a07e9188028efa32872ba5b6e5363920a6b2489"
hash = "ab771bb715710892b9513b1d075b4e2c0931afb6"
hash = "202dbcdc2896873631e1a0448098c820c82bcc8385a9f7579a0dc9702d76f580"
@@ -377043,8 +377455,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Includer_Tiny : FILE
date = "2021-04-17"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1902-L1947"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1902-L1947"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0687585025f99596508783b891e26d6989eec2ba"
hash = "9e856f5cb7cb901b5003e57c528a6298341d04dc"
hash = "b3b0274cda28292813096a5a7a3f5f77378b8905205bda7bb7e1a679a7845004"
@@ -377079,8 +377491,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic : FILE
date = "2021-01-13"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L1949-L2022"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L1949-L2022"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "65dca1e652d09514e9c9b2e0004629d03ab3c3ef"
hash = "b8ab38dc75cec26ce3d3a91cb2951d7cdd004838"
hash = "c4765e81550b476976604d01c20e3dbd415366df"
@@ -377136,8 +377548,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic_Big : FILE
date = "2021-02-07"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2024-L2345"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2024-L2345"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6559bfc4be43a55c6bb2bd867b4c9b929713d3f7f6de8111a3c330f87a9b302c"
hash = "9e82c9c2fa64e26fd55aa18f74759454d89f968068d46b255bd4f41eb556112e"
hash = "6def5296f95e191a9c7f64f7d8ac5c529d4a4347ae484775965442162345dc93"
@@ -377322,8 +377734,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
date = "2021-02-07"
modified = "2024-12-16"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2347-L2433"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2347-L2433"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1d4b374d284c12db881ba42ee63ebce2759e0b14"
hash = "fc0086caee0a2cd20609a05a6253e23b5e3245b8"
hash = "b15b073801067429a93e116af1147a21b928b215"
@@ -377331,7 +377743,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
hash = "042245ee0c54996608ff8f442c8bafb8"
logic_hash = "9c995f9c1c5e3a70dbb8170f6d1a2fba51c0f29184a5d3647016b520f4bfc0e3"
score = 50
- quality = -100
+ quality = -75
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -377370,8 +377782,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2435-L2483"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2435-L2483"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "339f32c883f6175233f0d1a30510caa52fdcaa37"
hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
hash = "af987b0eade03672c30c095cee0c7c00b663e4b3c6782615fb7e430e4a7d1d75"
@@ -377380,7 +377792,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks : FILE
hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
logic_hash = "faa064686a5632788497d0300ba017c3e564f3b70f07a01f2e49bf7c934feb28"
score = 75
- quality = 19
+ quality = 44
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -377409,15 +377821,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks_OBFUSC : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2485-L2531"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2485-L2531"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "23dc299f941d98c72bd48659cdb4673f5ba93697"
hash = "e3f393a1530a2824125ecdd6ac79d80cfb18fffb89f470d687323fb5dff0eec1"
hash = "1e75914336b1013cc30b24d76569542447833416516af0d237c599f95b593f9b"
hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
logic_hash = "34354283762d6f62a4537e914d969f84546339da9be533e209d8738605b7e3ac"
score = 75
- quality = 19
+ quality = 44
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -377446,8 +377858,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_By_String_Known_Webshell : FILE
date = "2021-01-09"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2533-L2669"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2533-L2669"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d889da22893536d5965541c30896f4ed4fdf461d"
hash = "10f4988a191774a2c6b85604344535ee610b844c1708602a355cf7e9c12c3605"
hash = "7b6471774d14510cf6fa312a496eed72b614f6fc"
@@ -377556,8 +377968,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Strings_SUSP : FILE
date = "2021-01-12"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2671-L2757"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2671-L2757"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "0dd568dbe946b5aa4e1d33eab1decbd71903ea04"
hash = "dde2bdcde95730510b22ae8d52e4344997cb1e74"
hash = "499db4d70955f7d40cf5cbaf2ecaf7a2"
@@ -377618,8 +378030,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_In_Htaccess : FILE
date = "2021-01-07"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2759-L2781"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2759-L2781"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c026d4512a32d93899d486c6f11d1e13b058a713"
hash = "d79e9b13a32a9e9f3fa36aa1a4baf444bfd2599a"
hash = "e1d1091fee6026829e037b2c70c228344955c263"
@@ -377647,14 +378059,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Function_Via_Get : FILE
date = "2021-01-09"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2783-L2827"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2783-L2827"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ce739d65c31b3c7ea94357a38f7bd0dc264da052d4fd93a1eabb257f6e3a97a6"
hash = "d870e971511ea3e082662f8e6ec22e8a8443ca79"
hash = "73fa97372b3bb829835270a5e20259163ecc3fdbf73ef2a99cb80709ea4572be"
logic_hash = "309203db8e7374531d359e3a723418d47bead45034c4a7bd726fb714622dc039"
score = 75
- quality = 58
+ quality = 83
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -377691,8 +378103,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Writer : FILE
date = "2021-04-17"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2829-L2919"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2829-L2919"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ec83d69512aa0cc85584973f5f0850932fb1949fb5fb2b7e6e5bbfb121193637"
hash = "407c15f94a33232c64ddf45f194917fabcd2e83cf93f38ee82f9720e2635fa64"
hash = "988b125b6727b94ce9a27ea42edc0ce282c5dfeb"
@@ -377751,8 +378163,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Writer : FILE
date = "2021-03-07"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L2921-L3091"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L2921-L3091"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "df6eaba8d643c49c6f38016531c88332e80af33c"
hash = "83642a926291a499916e8c915dacadd0d5a8b91f"
hash = "5417fad68a6f7320d227f558bf64657fe3aa9153"
@@ -377760,7 +378172,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Writer : FILE
hash = "fc44fd7475ee6c0758ace2b17dd41ed7ea75cc73"
logic_hash = "7c9f4c9a5005efad02760cf9ba3ea946068ae281cda10215bf8c88f209b582a5"
score = 60
- quality = -100
+ quality = -75
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -377840,8 +378252,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_OBFUSC : FILE
date = "2021-01-12"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L3093-L3368"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L3093-L3368"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ad597eee256de51ffb36518cd5f0f4aa0f254f27517d28fb7543ae313b15e112"
hash = "e0d21fdc16e0010b88d0197ebf619faa4aeca65243f545c18e10859469c1805a"
hash = "54a5620d4ea42e41beac08d8b1240b642dd6fd7c"
@@ -377953,8 +378365,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Eval_On_Input : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L3370-L3474"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L3370-L3474"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d6b96d844ac395358ee38d4524105d331af42ede"
hash = "9be2088d5c3bfad9e8dfa2d7d7ba7834030c7407"
hash = "a1df4cfb978567c4d1c353e988915c25c19a0e4a"
@@ -378008,8 +378420,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE
date = "2021-01-13"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L3476-L3667"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L3476-L3667"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3b7910a499c603715b083ddb6f881c1a0a3a924d"
hash = "990e3f129b8ba409a819705276f8fa845b95dad0"
hash = "22345e956bce23304f5e8e356c423cee60b0912c"
@@ -378119,8 +378531,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded : FILE
date = "2021-03-14"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L3669-L3779"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L3669-L3779"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1bc7327f9d3dbff488e5b0b69a1b39dcb99b3399"
hash = "9885ee1952b5ad9f84176c9570ad4f0e32461c92"
hash = "27a020c5bc0dbabe889f436271df129627b02196"
@@ -378178,13 +378590,13 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded_Aspcoding : FILE
date = "2021-03-14"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L3781-L3887"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L3781-L3887"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "7cfd184ab099c4d60b13457140493b49c8ba61ee"
hash = "f5095345ee085318235c11ae5869ae564d636a5342868d0935de7582ba3c7d7a"
logic_hash = "a0f0b8585b28b13a90c5d112997cacea00af8c89c81eda5edf05508ad41459ab"
score = 60
- quality = -30
+ quality = -5
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -378232,8 +378644,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_By_String : FILE
date = "2021-01-13"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L3889-L4067"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L3889-L4067"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f72252b13d7ded46f0a206f63a1c19a66449f216"
hash = "bd75ac9a1d1f6bcb9a2c82b13ea28c0238360b3a7be909b2ed19d3c96e519d3d"
hash = "56a54fe1f8023455800fd0740037d806709ffb9ece1eb9e7486ad3c3e3608d45"
@@ -378248,7 +378660,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_By_String : FILE
hash = "de173ea8dcef777368089504a4af0804864295b75e51794038a6d70f2bcfc6f5"
logic_hash = "b6ff83bc501753b893a0f5e60c6aafa292617279c0855ce3ba2d0b9b73325e8a"
score = 75
- quality = -66
+ quality = -41
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -378352,8 +378764,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Sniffer : FILE
date = "2021-03-14"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L4069-L4204"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L4069-L4204"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1206c22de8d51055a5e3841b4542fb13aa0f97dd"
hash = "60d131af1ed23810dbc78f85ee32ffd863f8f0f4"
hash = "c3bc4ab8076ef184c526eb7f16e08d41b4cec97e"
@@ -378421,15 +378833,15 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Tiny : FILE
date = "2021-01-07"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L4206-L4415"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L4206-L4415"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "990e3f129b8ba409a819705276f8fa845b95dad0"
hash = "52ce724580e533da983856c4ebe634336f5fd13a"
hash = "0864f040a37c3e1cef0213df273870ed6a61e4bc"
hash = "b184dc97b19485f734e3057e67007a16d47b2a62"
logic_hash = "e1b4e9fa88bb4260a83a22ec73c9fbec4d4f4928965cba9dfdd6fdba1307e8e4"
score = 75
- quality = -127
+ quality = -102
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -378524,15 +378936,15 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic : FILE
date = "2021-03-07"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L4417-L4718"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L4417-L4718"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75"
hash = "4cf6fbad0411b7d33e38075f5e00d4c8ae9ce2f6f53967729974d004a183b25c"
hash = "a91320483df0178eb3cafea830c1bd94585fc896"
hash = "f3398832f697e3db91c3da71a8e775ebf66c7e73"
logic_hash = "c1807922c71cb591ce63ea2d4531d85c5b45ad0f03db07381f8160aec18264ed"
score = 60
- quality = -126
+ quality = -151
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -378691,8 +379103,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Registry_Reader : FILE
date = "2021-03-14"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L4720-L4867"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L4720-L4867"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4d53416398a89aef3a39f63338a7c1bf2d3fcda4"
hash = "f85cf490d7eb4484b415bea08b7e24742704bdda"
hash = "898ebfa1757dcbbecb2afcdab1560d72ae6940de"
@@ -378767,8 +379179,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Regeorg_CSHARP : FILE
date = "2021-01-11"
modified = "2023-07-05"
reference = "https://github.com/sensepost/reGeorg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L4869-L4979"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L4869-L4979"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c1f43b7cf46ba12cfc1357b17e4f5af408740af7ae70572c9cf988ac50260ce1"
hash = "479c1e1f1c263abe339de8be99806c733da4e8c1"
hash = "38a1f1fc4e30c0b4ad6e7f0e1df5a92a7d05020b"
@@ -378827,8 +379239,8 @@ rule SIGNATURE_BASE_WEBSHELL_CSHARP_Generic : FILE
date = "2021-01-11"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L4981-L5089"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L4981-L5089"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b6721683aadc4b4eba4f081f2bc6bc57adfc0e378f6d80e2bfa0b1e3e57c85c7"
hash = "4b365fc9ddc8b247a12f4648cd5c91ee65e33fae"
hash = "019eb61a6b5046502808fb5ab2925be65c0539b4"
@@ -378886,8 +379298,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Runtime_Compile : FILE
date = "2021-01-11"
modified = "2023-04-05"
reference = "https://github.com/antonioCoco/SharPyShell"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5091-L5189"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5091-L5189"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e826c4139282818d38dcccd35c7ae6857b1d1d01"
hash = "e20e078d9fcbb209e3733a06ad21847c5c5f0e52"
hash = "57f758137aa3a125e4af809789f3681d1b08ee5b"
@@ -378952,8 +379364,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_SQL : FILE
date = "2021-03-14"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5191-L5372"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5191-L5372"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "216c1dd950e0718e35bc4834c5abdc2229de3612"
hash = "ffe44e9985d381261a6e80f55770833e4b78424bn"
hash = "3d7cd32d53abc7f39faed133e0a8f95a09932b64"
@@ -379056,8 +379468,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Scan_Writable : FILE
date = "2021-03-14"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5374-L5517"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5374-L5517"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2409eda9047085baf12e0f1b9d0b357672f7a152"
hash = "af1c00696243f8b062a53dad9fb8b773fa1f0395631ffe6c7decc42c47eedee7"
logic_hash = "80969fd0c27903dabf08a250a47971725ac5762fd2f9afd96167b8f88f277348"
@@ -379129,8 +379541,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Regeorg : FILE
date = "2021-01-24"
modified = "2024-12-09"
reference = "https://github.com/sensepost/reGeorg"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5519-L5569"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5519-L5569"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6db49e43722080b5cd5f07e058a073ba5248b584"
hash = "650eaa21f4031d7da591ebb68e9fc5ce5c860689"
hash = "00c86bf6ce026ccfaac955840d18391fbff5c933"
@@ -379172,14 +379584,14 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_HTTP_Proxy : FILE
date = "2021-01-24"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5571-L5619"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5571-L5619"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2f9b647660923c5262636a5344e2665512a947a4"
hash = "97c1e2bf7e769d3fc94ae2fc74ac895f669102c6"
hash = "2f9b647660923c5262636a5344e2665512a947a4"
logic_hash = "7183902d43fc633db06a41b4a6bc02d2eb5662b7ee08080b57563783b8b67568"
score = 75
- quality = 25
+ quality = 50
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
importance = 70
@@ -379213,8 +379625,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Writer_Nano : FILE
date = "2021-01-24"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5621-L5702"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5621-L5702"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ac91e5b9b9dcd373eaa9360a51aa661481ab9429"
hash = "c718c885b5d6e29161ee8ea0acadb6e53c556513"
hash = "9f1df0249a6a491cdd5df598d83307338daa4c43"
@@ -379265,8 +379677,8 @@ rule SIGNATURE_BASE_EXT_WEBSHELL_JSP_Generic_Tiny : FILE
date = "2021-01-07"
modified = "2024-12-16"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5704-L5789"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5704-L5789"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8fd343db0442136e693e745d7af1018a99b042af"
hash = "87c3ac9b75a72187e8bc6c61f50659435dbdc4fde6ed720cebb93881ba5989d8"
hash = "1aa6af726137bf261849c05d18d0a630d95530588832aadd5101af28acc034b5"
@@ -379318,8 +379730,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic : FILE
date = "2021-01-07"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5791-L5885"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5791-L5885"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4762f36ca01fb9cda2ab559623d2206f401fc0b1"
hash = "bdaf9279b3d9e07e955d0ce706d9c42e4bdf9aa1"
hash = "ee9408eb923f2d16f606a5aaac7e16b009797a07"
@@ -379379,8 +379791,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Base64 : FILE
date = "2021-01-24"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5887-L5964"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5887-L5964"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "8b5fe53f8833df3657ae2eeafb4fd101c05f0db0"
hash = "1b916afdd415dfa4e77cecf47321fd676ba2184d"
logic_hash = "1787b7c6e587e1745930faaac5d28338a86baf6abc19be7c0ffe875029ff6ca1"
@@ -379434,8 +379846,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Processbuilder : FILE
date = "2021-01-07"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L5966-L6003"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L5966-L6003"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "82198670ac2072cd5c2853d59dcd0f8dfcc28923"
hash = "c05a520d96e4ebf9eb5c73fc0fa446ceb5caf343"
hash = "347a55c174ee39ec912d9107e971d740f3208d53af43ea480f502d177106bbe8"
@@ -379471,8 +379883,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Reflection : FILE
date = "2021-01-07"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6005-L6087"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6005-L6087"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "62e6c6065b5ca45819c1fc049518c81d7d165744"
hash = "bf0ff88cbb72c719a291c722ae3115b91748d5c4920afe7a00a0d921d562e188"
logic_hash = "386aeb3745c5dd815f00bbc941450a2c3f1ddfc2956c67ecd5bee9318b1756ef"
@@ -379518,8 +379930,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Classloader : FILE
date = "2021-01-07"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6089-L6166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6089-L6166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6b546e78cc7821b63192bb8e087c133e8702a377d17baaeb64b13f0dd61e2347"
hash = "f3a7e28e1c38fa5d37811bdda1d6b0893ab876023d3bd696747a35c04141dcf0"
hash = "8ea2a25344e6094fa82dfc097bbec5f1675f6058f2b7560deb4390bcbce5a0e7"
@@ -379565,8 +379977,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Encoded_Shell : FILE
date = "2021-01-07"
modified = "2023-07-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6168-L6194"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6168-L6194"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "3eecc354390d60878afaa67a20b0802ce5805f3a9bb34e74dd8c363e3ca0ea5c"
hash = "f6c2112e3a25ec610b517ff481675b2ce893cb9f"
hash = "62e6c6065b5ca45819c1fc049518c81d7d165744"
@@ -379598,8 +380010,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Netspy : FILE
date = "2021-01-24"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6196-L6262"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6196-L6262"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "94d1aaabde8ff9b4b8f394dc68caebf981c86587"
hash = "3870b31f26975a7cb424eab6521fc9bffc2af580"
logic_hash = "65432e42ad2626b62b1d1a6298c301513c2fb03d89193a77b053069cebcb45e9"
@@ -379649,8 +380061,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_By_String : FILE
date = "2021-01-09"
modified = "2025-08-18"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6264-L6363"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6264-L6363"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e9060aa2caf96be49e3b6f490d08b8a996c4b084"
hash = "4c2464503237beba54f66f4a099e7e75028707aa"
hash = "06b42d4707e7326aff402ecbb585884863c6351a"
@@ -379716,8 +380128,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Input_Upload_Write : FILE
date = "2021-01-24"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6365-L6425"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6365-L6425"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ef98ca135dfb9dcdd2f730b18e883adf50c4ab82"
hash = "583231786bc1d0ecca7d8d2b083804736a3f0a32"
hash = "19eca79163259d80375ebebbc440b9545163e6a3"
@@ -379761,8 +380173,8 @@ rule SIGNATURE_BASE_WEBSHELL_Generic_OS_Strings : FILE
date = "2021-01-12"
modified = "2024-12-09"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6427-L6596"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6427-L6596"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d5bfe40283a28917fcda0cefd2af301f9a7ecdad"
hash = "fd45a72bda0a38d5ad81371d68d206035cb71a14"
hash = "b4544b119f919d8cbf40ca2c4a7ab5c1a4da73a3"
@@ -379842,8 +380254,8 @@ rule SIGNATURE_BASE_WEBSHELL_In_Image : FILE
date = "2021-02-27"
modified = "2024-03-11"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6598-L6858"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6598-L6858"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d4fde4e691db3e70a6320e78657480e563a9f87935af873a99db72d6a9a83c78"
hash = "84938133ee6e139a2816ab1afc1c83f27243c8ae76746ceb2e7f20649b5b16a4"
hash = "52b918a64afc55d28cd491de451bb89c57bce424f8696d6a94ec31fb99b17c11"
@@ -379971,8 +380383,8 @@ rule SIGNATURE_BASE_WEBSHELL_Mixed_OBFUSC : FILE
date = "2023-01-28"
modified = "2023-04-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6860-L6884"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6860-L6884"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "76cc6390cbdb81055c72edb124db2bf52e3d0b975406367a9c49a0ee6621d30b"
score = 50
quality = 85
@@ -380005,8 +380417,8 @@ rule SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation : FILE
date = "2023-01-28"
modified = "2023-04-05"
reference = "https://github.com/SigmaHQ/Detection-Rule-License/blob/main/LICENSE.Detection.Rules.md"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_webshells.yar#L6886-L6912"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_webshells.yar#L6886-L6912"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "d08a00e56feb78b7f6599bad6b9b1d8626ce9a6ea1dfdc038358f4c74e6f65c9"
hash = "2ce5c4d31682a5a59b665905a6f698c280451117e4aa3aee11523472688edb31"
hash = "ff732d91a93dfd1612aed24bbb4d13edb0ab224d874f622943aaeeed4356c662"
@@ -380039,8 +380451,8 @@ rule SIGNATURE_BASE_Gen_Python_Reverse_Shell : FILE
date = "2018-02-24"
modified = "2023-12-05"
reference = "https://www.virustotal.com/en/file/9ec5102bcbabc45f2aa7775464f33019cfbe9d766b1332ee675957c923a17efd/analysis/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_python_reverse_shell.yara#L1-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_python_reverse_shell.yara#L1-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "12b1424265cd0ea62b8dd5c08933f1285a156d906df6c31ca9a94fbc303f248e"
score = 75
quality = 83
@@ -380070,8 +380482,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_1 : FILE
date = "2016-02-29"
modified = "2023-05-04"
reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turbo_campaign.yar#L1-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turbo_campaign.yar#L1-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "61ef65a1500d3def3376a82bc376db451d202d18b03855ee279b6c01757deb2a"
score = 75
quality = 83
@@ -380128,8 +380540,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Kernelmodule_1 : FILE
date = "2016-02-29"
modified = "2023-05-04"
reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turbo_campaign.yar#L51-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turbo_campaign.yar#L51-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fab37e2dbe05c694da6e428aa922747b276c2827cbbd2b6c8002f0cc30c2870c"
score = 75
quality = 85
@@ -380169,8 +380581,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Linux_Sharedmemcreation_1 : FILE
date = "2016-02-29"
modified = "2023-12-05"
reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turbo_campaign.yar#L85-L96"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turbo_campaign.yar#L85-L96"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "adbdccea9ea7aefcca18d659c027a49e7e2e053873b77ddaf369203b3e301033"
score = 75
quality = 85
@@ -380191,8 +380603,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Linux_Strings_1 : FILE
date = "2016-02-29"
modified = "2023-12-05"
reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turbo_campaign.yar#L98-L128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turbo_campaign.yar#L98-L128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b54b406a562247d4c3d4a9c4d1b7584bdcecfe5b6c76867c04770e016eeb8c9a"
score = 75
quality = 83
@@ -380226,8 +380638,8 @@ rule SIGNATURE_BASE_Apt_Win_Exe_Trojan_Derusbi_1 : FILE
date = "2016-02-29"
modified = "2023-12-05"
reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turbo_campaign.yar#L130-L189"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turbo_campaign.yar#L130-L189"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "02fb4da724b257aef0ec0fecfe5b7a25a23fe4dd5baae0ddd2d21350b9af34e9"
score = 75
quality = 83
@@ -380278,8 +380690,8 @@ rule SIGNATURE_BASE_MAL_Enfal_Nov22 : FILE
modified = "2023-01-06"
old_rule_name = "Enfal_Malware"
reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.enfal"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_enfal.yar#L1-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_enfal.yar#L1-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf349ba2b7bd635808b4ee23c6286e7dd403fbc185c6b59f0bb1fbf47ba7d9bb"
score = 75
quality = 85
@@ -380307,8 +380719,8 @@ rule SIGNATURE_BASE_Enfal_Malware_Backdoor : FILE
date = "2015-02-10"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_enfal.yar#L27-L57"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_enfal.yar#L27-L57"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ce0c19e666cc0db50194bd56f51beddeee22c787b67810655241fdd4d34a31e"
score = 60
quality = 85
@@ -380342,8 +380754,8 @@ rule SIGNATURE_BASE_MAL_JS_NPM_Supplychain_Attack_Sep25 : FILE
date = "2025-09-09"
modified = "2025-11-29"
reference = "https://www.linkedin.com/feed/update/urn:li:activity:7370889385992437760/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_npm_supply_chain_sep25.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_npm_supply_chain_sep25.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b83d1bd79cdff02ed2fff7bf1feb57801ff9a933de1bd4f7ceecf738213ab4c"
score = 85
quality = 85
@@ -380368,8 +380780,8 @@ rule SIGNATURE_BASE_MAL_JS_NPM_Supplychain_Compromise_Sep25 : FILE
date = "2025-09-16"
modified = "2025-09-17"
reference = "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_npm_supply_chain_sep25.yar#L22-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_npm_supply_chain_sep25.yar#L22-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ddcf152ee8b90496d9d3f7f51dc239d927a3a2095082d13c6cc7e21819097f4"
score = 80
quality = 85
@@ -380394,8 +380806,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_3 : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L14-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L14-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b74b89ac382b2b839c169cd1388d86888172f133091afd079ec42c9380935fdc"
score = 80
quality = 85
@@ -380422,8 +380834,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_SHADOW : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L33-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L33-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fc923c7e85f3870e08a077b344e575d3c349fa02f3d218a9a7ec31992f14866b"
score = 85
quality = 85
@@ -380442,8 +380854,8 @@ rule SIGNATURE_BASE_APT_APT41_CRACKSHOT : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L46-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L46-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "70dd9edfc7f9ace7b00a35eb2ef664aa4fbaab8e2d268922d1593074897e769c"
score = 85
quality = 85
@@ -380469,8 +380881,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_2 : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L66-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L66-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f2ec2e91edaaf976169b1fa6645aeae75135e5d5f522e0fda2438f84d674f383"
score = 70
quality = 85
@@ -380496,8 +380908,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L84-L106"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L84-L106"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "34459c2a8a13b8084c93a640723a3e2b67d2f695ff84ab63f4e313cacc458f32"
score = 80
quality = 85
@@ -380525,8 +380937,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L108-L135"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L108-L135"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c8afa91f90157c3ac0f7954cd2d42022392c4e6f039d88d1dd4bace19028c2b1"
score = 85
quality = 85
@@ -380562,8 +380974,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_2 : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L137-L157"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L137-L157"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dc35b78df1631b1c9650de2bac625a7bc629225f36fe5e32fbff829cb77dc9ac"
score = 75
quality = 85
@@ -380589,8 +381001,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_BIN : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L159-L180"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L159-L180"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c6557bff952454482271d1b52fb37b2dd0471abd237449fd9c94b293ea5218b3"
score = 90
quality = 85
@@ -380617,8 +381029,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_BIN_2 : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L182-L200"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L182-L200"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e3d622b4719962f59d95dbf1374c526c22461dd1d9313504f28e8e5c9184272"
score = 85
quality = 85
@@ -380646,8 +381058,8 @@ rule SIGNATURE_BASE_APT_APT41_Revokedcert_Aug19_1 : FILE
date = "2019-08-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L202-L231"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L202-L231"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f78c1310f99ac1993b01f3469f2f8e0765b79b2ea17fc6e7cff4e99949ca1139"
score = 60
quality = 85
@@ -380665,8 +381077,8 @@ rule SIGNATURE_BASE_APT_APT41_CN_ELF_Speculoos_Backdoor : FILE
date = "2020-04-14"
modified = "2023-12-05"
reference = "https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt41.yar#L233-L267"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt41.yar#L233-L267"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee4cbbc5fc51fb24cbf6017dfb4763ac72a0b23a3b6e794b909e678ebfbabc03"
score = 90
quality = 85
@@ -380706,8 +381118,8 @@ rule SIGNATURE_BASE_APT12_Malware_Aug17 : FILE
date = "2017-08-30"
modified = "2023-12-05"
reference = "http://blog.macnica.net/blog/2017/08/post-fb81.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt12_malware.yar#L13-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt12_malware.yar#L13-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0766376689540680f8db699f64aa89fc32ddef619a74864eb816c598b8d08c8a"
score = 75
quality = 85
@@ -380729,11 +381141,11 @@ rule SIGNATURE_BASE_SUSP_Macos_Plist_Suspicious : FILE
modified = "2025-06-03"
old_rule_name = "gen_malware_MacOS_plist_suspicious"
reference = "https://objective-see.com/blog/blog_0x3A.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_malware_MacOS_plist_suspicious.yar#L1-L73"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_malware_MacOS_plist_suspicious.yar#L1-L73"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "52076ec107b5bcbbe35265dfc4034a6a25a453459d22392848980b22115f68bc"
score = 60
- quality = 58
+ quality = 83
tags = "FILE"
hash1 = "0541fc6a11f4226d52ae3d4158deb8f50ed61b25bb5f889d446102e1ee57b76d"
hash2 = "6cc6abec7d203f99c43ce16630edc39451428d280b02739757f17fd01fc7dca3"
@@ -380790,8 +381202,8 @@ rule SIGNATURE_BASE_Datper_Backdoor : FILE
date = "2017-08-21"
modified = "2023-12-05"
reference = "http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tick_datper.yar#L13-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tick_datper.yar#L13-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eacdc648226f20fa3847f0b5e8cafcee59cc1c6274cabb885db297f5b5fceafb"
score = 75
quality = 85
@@ -380824,8 +381236,8 @@ rule SIGNATURE_BASE_EXP_Libre_Office_CVE_2018_16858 : CVE_2018_16858 FILE
date = "2019-02-01"
modified = "2023-12-05"
reference = "https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2018_16858.yar#L1-L17"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2018_16858.yar#L1-L17"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "95a02b70c117947ff989e3e00868c2185142df9be751a3fefe21f18fa16a1a6f"
logic_hash = "6dd34350f24945ba5a594acae96dc00bb200841a645443a70a59006cea1db949"
score = 75
@@ -380849,8 +381261,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_Mal_HTA : CVE_2017_8759 FILE
date = "2017-09-14"
modified = "2023-12-05"
reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_8759.yar#L11-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_8759.yar#L11-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f98578104e411fcf75a46f8a0bc3e561c94d0ca4ad7c1aae2595d03a29efd74e"
score = 75
quality = 85
@@ -380873,8 +381285,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_Mal_Doc : CVE_2017_8759 FILE
date = "2017-09-14"
modified = "2023-11-21"
reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_8759.yar#L26-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_8759.yar#L26-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0c81feebef463fee41661ca951a39ee789db5d36acc8262ddb391609d8680108"
score = 75
quality = 85
@@ -380901,8 +381313,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Via_JS : FILE
date = "2017-09-14"
modified = "2023-12-05"
reference = "https://twitter.com/buffaloverflow/status/907728364278087680"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_8759.yar#L47-L61"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_8759.yar#L47-L61"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3c170479283fe859b9ecfba4834396aaf78b375472250a4b188bc913f69c97fd"
score = 60
quality = 81
@@ -380925,8 +381337,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Excel : CVE_2017_8759 FILE
date = "2017-09-15"
modified = "2023-12-05"
reference = "https://twitter.com/buffaloverflow/status/908455053345869825"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_8759.yar#L63-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_8759.yar#L63-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "adea595b251796e93cdc54cc59198d88a68e28d42899c90721f63f6813df24fe"
score = 60
quality = 83
@@ -380948,8 +381360,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Txt : CVE_2017_8759 FILE
date = "2017-09-14"
modified = "2023-12-05"
reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_8759.yar#L78-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_8759.yar#L78-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "184179006ed2ac2ad76e09c53196805fcb1b7380dab1d5740b4469a89d6b0b32"
score = 75
quality = 60
@@ -380973,8 +381385,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_WSDL_In_RTF : CVE_2017_8759 FILE
date = "2017-09-15"
modified = "2023-12-05"
reference = "https://twitter.com/xdxdxdxdoa/status/908665278199996416"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2017_8759.yar#L94-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2017_8759.yar#L94-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "47adc7adfc55239792aef818648546adb1627e74690de0d811100cc49aab8c2f"
score = 75
quality = 85
@@ -381000,8 +381412,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lorenz_May21_1 : FILE
date = "2021-05-04"
modified = "2023-12-05"
reference = "Internal Research - DACH TE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_ransom_lorenz.yar#L1-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_ransom_lorenz.yar#L1-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "aec940deb2c3bc099a50a2e8f014ae425d306d331078d9ac2abc2ec7b8bf572e"
score = 75
quality = 85
@@ -381032,8 +381444,8 @@ rule SIGNATURE_BASE_Reflectiveloader : FILE
date = "2017-07-17"
modified = "2021-03-15"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_loaders.yar#L14-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_loaders.yar#L14-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4d839674f8d8181b11af964a7c84a9eb8f07623500dd2695fca9ca3b15c247e2"
score = 70
quality = 85
@@ -381062,8 +381474,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_1 : FILE
date = "2017-08-20"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_loaders.yar#L53-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_loaders.yar#L53-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9ad012dda538d37242c92c6ed16a0fb1cd9252a2884387f8e7d9c80b041c8fea"
score = 75
quality = 85
@@ -381089,8 +381501,8 @@ rule SIGNATURE_BASE_DLL_Injector_Lynx : FILE
date = "2017-08-20"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_loaders.yar#L78-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_loaders.yar#L78-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1904b152c42126abd87671747dc2733e2a5e2a01ab55346c131fb430fe5ba58e"
score = 75
quality = 85
@@ -381120,8 +381532,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_2 : FILE
date = "2017-08-20"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_loaders.yar#L102-L128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_loaders.yar#L102-L128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f01b2cf754c3527d0d7fd44c28d3cdb9327762572b43a7d6f7667e5c2a26ab17"
score = 60
quality = 85
@@ -381150,8 +381562,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_3 : FILE
date = "2017-08-20"
modified = "2022-12-21"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_loaders.yar#L130-L154"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_loaders.yar#L130-L154"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4fbba94e6d3dc7b4976c90c0f95683c548f3c444bf5eaf0a7c55d96150978a67"
score = 75
quality = 85
@@ -381178,8 +381590,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_4 : FILE
date = "2017-08-20"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_loaders.yar#L156-L176"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_loaders.yar#L156-L176"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b988ea586589dced18f2165eff431be897b3e96fce2d124f5f41d52b520ccd76"
score = 75
quality = 85
@@ -381206,8 +381618,8 @@ rule SIGNATURE_BASE_Quarkspwdump_Gen
date = "2015-09-29"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_quarkspwdump.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_quarkspwdump.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "327235260076f97c29acc1ca997205d08ef55fad795594fe2268f1d8e666d636"
score = 80
quality = 85
@@ -381239,8 +381651,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_1 : FILE
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://goo.gl/x81cSy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_industroyer.yar#L12-L37"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_industroyer.yar#L12-L37"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "276b7abdf43b62c3943a8dc362e1c68b23cc505d288e4395a6ac3cb4795371f2"
score = 75
quality = 85
@@ -381274,8 +381686,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_2 : FILE
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://goo.gl/x81cSy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_industroyer.yar#L39-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_industroyer.yar#L39-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cda3e21c130acd76785905364416b3e8803e866dd93529da57ec980e7af081b7"
score = 75
quality = 83
@@ -381321,8 +381733,8 @@ rule SIGNATURE_BASE_Industroyer_Portscan_3 : FILE
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://goo.gl/x81cSy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_industroyer.yar#L79-L100"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_industroyer.yar#L79-L100"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "539a420989c178b3fa26e313d23e9f9c6804aa6dbd2d94f463ae924d46ac2851"
score = 75
quality = 85
@@ -381352,8 +381764,8 @@ rule SIGNATURE_BASE_Industroyer_Portscan_3_Output
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://goo.gl/x81cSy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_industroyer.yar#L102-L115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_industroyer.yar#L102-L115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6a2fc7b66b1e93f523e08e12ba420d261bae198918bb09eac1a7cdecc04a6737"
score = 75
quality = 85
@@ -381376,8 +381788,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_4 : FILE
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://goo.gl/x81cSy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_industroyer.yar#L117-L134"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_industroyer.yar#L117-L134"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb850445eaf3e1a6c9a9d6c453ed0f6729a95a671a01ce8fbaddf15599e4f2ba"
score = 75
quality = 85
@@ -381402,8 +381814,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_5 : FILE
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://goo.gl/x81cSy"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_industroyer.yar#L136-L158"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_industroyer.yar#L136-L158"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9dfd3cfc724f0dfe090b1bcbf03b9ebd0d01b3d781f833a8ca6ba1451a63d5ad"
score = 75
quality = 85
@@ -381434,8 +381846,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_1 : FILE
date = "2019-10-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_trickbot.yar#L3-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_trickbot.yar#L3-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fef15c0bda6dc2b28f34791da3ca68a03f7368b63ead17e631a2d4f05d1b40e2"
score = 75
quality = 85
@@ -381463,8 +381875,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_2 : FILE
date = "2019-10-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_trickbot.yar#L24-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_trickbot.yar#L24-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "185e59c156218b418bec0c94144b19639c17e3a9595d993e3761eae15379f9fb"
score = 75
quality = 85
@@ -381489,8 +381901,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_3 : FILE
date = "2019-10-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_trickbot.yar#L40-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_trickbot.yar#L40-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "87860212077b63bf3e4835a3a64b934fc7edd3258355a3e94a69acaba39c2516"
score = 75
quality = 85
@@ -381516,8 +381928,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_4 : FILE
date = "2019-10-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_trickbot.yar#L58-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_trickbot.yar#L58-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c109510d86260b4173bbbac5fe69936acb109e7fdbe71fbe2955e5ed85f5cd85"
score = 75
quality = 85
@@ -381546,8 +381958,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_5 : FILE
date = "2019-10-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_trickbot.yar#L79-L96"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_trickbot.yar#L79-L96"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e304b236dd58faa0e6fdd73bc93c24f6ff0ec6c1f9a54b104f8e87441834e22b"
score = 75
quality = 85
@@ -381574,8 +381986,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_6 : FILE
date = "2019-10-02"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_trickbot.yar#L98-L115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_trickbot.yar#L98-L115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "599b1f56483f4ea267595b90dd4ef93b7e2147e4a0d8449cdd9d2539a96c3f79"
score = 75
quality = 85
@@ -381601,8 +382013,8 @@ rule SIGNATURE_BASE_Fakem_Generic : FILE
date = "2016-01-25"
modified = "2023-01-06"
reference = "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_fakem_backdoor.yar#L8-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_fakem_backdoor.yar#L8-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0ee606be48961d1e4c1fd9e0e10b53603cfd62cec652baef62f893c0a9e9684c"
score = 85
quality = 85
@@ -381646,8 +382058,8 @@ rule SIGNATURE_BASE_SUSP_VULN_DRV_PROCEXP152_May23 : FILE
date = "2023-05-05"
modified = "2023-07-28"
reference = "https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/thor_inverse_matches.yar#L502-L520"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/thor_inverse_matches.yar#L502-L520"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d988bba837b91b2ad7f69be8765a948848bce21e2daa53af602f714758cda4d4"
score = 50
quality = 85
@@ -381671,8 +382083,8 @@ rule SIGNATURE_BASE_Gazer_Certificate_1 : FILE
date = "2017-08-30"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_gazer.yar#L27-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_gazer.yar#L27-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ef248ac5cdde0034d940f80b32966fe64841dcf99923dfc0a7035354af963f56"
score = 75
quality = 85
@@ -381694,8 +382106,8 @@ rule SIGNATURE_BASE_Gazer_Logfile_Name_1 : FILE
date = "2017-08-30"
modified = "2023-12-05"
reference = "https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_gazer.yar#L41-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_gazer.yar#L41-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c893ec41884f106329350c079b087e41a5b9f1040ab0892c90c03972d49dc070"
score = 75
quality = 85
@@ -381718,8 +382130,8 @@ rule SIGNATURE_BASE_SUSP_BAT_Aux_Jan20_1 : FILE
date = "2020-01-29"
modified = "2023-12-05"
reference = "https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_bat_aux.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_bat_aux.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b8cd9b7683a18a02a81222d6819fe903500702c83f198f73ac428d1bc91fb9a"
score = 65
quality = 85
@@ -381745,8 +382157,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Linux_Malware_Indicators_Aug20_1 : FILE
date = "2020-08-03"
modified = "2026-01-04"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_lnx_malware_indicators.yar#L1-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_lnx_malware_indicators.yar#L1-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1d07d424f2a66b60e55d21dff6d4c4f9f2591c3ab622dcfbc1cd989d28b44017"
score = 65
quality = 85
@@ -381776,8 +382188,8 @@ rule SIGNATURE_BASE_Lightftp_Fftp_X86_64 : FILE
date = "2015-05-14"
modified = "2023-12-05"
reference = "https://github.com/hfiref0x/LightFTP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pup_lightftp.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pup_lightftp.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f29a98a4014fc6c026aef4054bc2bee7bde2e9ad7f26f2368fdf0949f50847bb"
score = 50
quality = 85
@@ -381805,8 +382217,8 @@ rule SIGNATURE_BASE_Lightftp_Config : FILE
date = "2015-05-14"
modified = "2023-12-05"
reference = "https://github.com/hfiref0x/LightFTP"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/pup_lightftp.yar#L23-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/pup_lightftp.yar#L23-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ce9821213538d39775af4a48550eefa3908323c5"
logic_hash = "1e8c06dac9a5910816703ed15bef83116d9e2d9e612fda69697170ed98ee5f60"
score = 75
@@ -381834,8 +382246,8 @@ rule SIGNATURE_BASE_EXPL_Gitlab_CE_RCE_CVE_2021_22205 : CVE_2021_22205
date = "2021-10-26"
modified = "2023-12-05"
reference = "https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_gitlab_cve_2021_22205.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_gitlab_cve_2021_22205.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "54b841716a6bd56706c1c38fcda9a27ffd7feba2660602b191e8e347983e578d"
score = 70
quality = 85
@@ -381864,8 +382276,8 @@ rule SIGNATURE_BASE_EXPL_Gitlab_CE_RCE_Malformed_JPG_CVE_2021_22204 : CVE_2021_2
date = "2021-10-26"
modified = "2023-12-05"
reference = "https://attackerkb.com/topics/D41jRUXCiJ/cve-2021-22205/rapid7-analysis?referrer=blog"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_gitlab_cve_2021_22205.yar#L29-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_gitlab_cve_2021_22205.yar#L29-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0718ad24337acbb746c6e0d7e0b42d2d034ff583ec6fd12b34fda4737d7e78b0"
score = 70
quality = 83
@@ -381887,8 +382299,8 @@ rule SIGNATURE_BASE_MAL_Icedid_GZIP_LDR_202104 : FILE
date = "2021-04-12"
modified = "2023-01-27"
reference = "https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_icedid.yar#L14-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_icedid.yar#L14-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a7cc6c7dcbf43bace6a1f259af38560327c34386517e719ad81068b2d9b6659"
score = 75
quality = 85
@@ -381919,8 +382331,8 @@ rule SIGNATURE_BASE_MAL_Qbot_HTML_Smuggling_Indicators_Oct22_1 : FILE
date = "2022-10-07"
modified = "2023-12-05"
reference = "https://twitter.com/ankit_anubhav/status/1578257383133876225?s=20&t=Bu3CCJCzImpTGOQX_KGsdA"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_qbot_payloads.yar#L2-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_qbot_payloads.yar#L2-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a5bd9eb72205f1398ec0b8773751309699b3267e0272dacf2728f8495c0c0ec2"
score = 75
quality = 83
@@ -381971,8 +382383,8 @@ rule SIGNATURE_BASE_Mal_Dropper_Httpexe_From_CAB : FILE
date = "2016-05-25"
modified = "2023-12-05"
reference = "https://goo.gl/13Wgy1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_danti_svcmondr.yar#L10-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_danti_svcmondr.yar#L10-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d114a3ab348bba49a78852b87b712908bc974bf35a2b841099a232e761cad8f2"
score = 60
quality = 85
@@ -381996,8 +382408,8 @@ rule SIGNATURE_BASE_Mal_Http_EXE : FILE
date = "2016-05-25"
modified = "2023-01-27"
reference = "https://goo.gl/13Wgy1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_danti_svcmondr.yar#L27-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_danti_svcmondr.yar#L27-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0e28b64bbfd2b6d40f4bd82373624d22df3d5c45c22d7155747f0ff33976207d"
score = 80
quality = 85
@@ -382035,8 +382447,8 @@ rule SIGNATURE_BASE_Mal_Potplayer_DLL : FILE
date = "2016-05-25"
modified = "2023-12-05"
reference = "https://goo.gl/13Wgy1"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_danti_svcmondr.yar#L60-L77"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_danti_svcmondr.yar#L60-L77"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1d1b68fa8de2e4ddfa71cbcd5e166181370172cc8a3167ade2da393e4f7998f1"
score = 70
quality = 85
@@ -382061,8 +382473,8 @@ rule SIGNATURE_BASE_MAL_Webmonitor_RAT : FILE
date = "2018-04-13"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_webmonitor_rat.yar#L1-L34"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_webmonitor_rat.yar#L1-L34"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fbf6368527a7bd841b7679d668d6b77ce720fd0f6bcbd5fa9ff6301ae72199ec"
score = 75
quality = 85
@@ -382099,8 +382511,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Bibi_Oct23 : FILE
date = "2023-11-01"
modified = "2023-12-05"
reference = "https://x.com/ESETresearch/status/1719437301900595444?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_bibi_wiper_oct23.yar#L24-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_bibi_wiper_oct23.yar#L24-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c22dc994005f91f81d0e8e5f8d400b12ecd28336866bc62b8527e104f6339372"
score = 75
quality = 85
@@ -382129,8 +382541,8 @@ rule SIGNATURE_BASE_Andromeda_Malbot_Jun_1A : FILE
date = "2017-06-30"
modified = "2022-12-21"
reference = "http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_andromeda_jun17.yar#L12-L38"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_andromeda_jun17.yar#L12-L38"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5958608ad5527628c4b6cbe08badbff39a50dcdb6cf603f6fbb5fa32ef61c0c7"
score = 75
quality = 85
@@ -382164,8 +382576,8 @@ rule SIGNATURE_BASE_APT_MAL_Falsefont_Backdoor_Jan24 : FILE
date = "2024-01-11"
modified = "2024-04-24"
reference = "https://twitter.com/MsftSecIntel/status/1737895710169628824"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_peach_sandstorm.yar#L1-L31"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_peach_sandstorm.yar#L1-L31"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614"
logic_hash = "9a1b3779b63dd7fa8ddc84067dec09542518e9acebbf5d3b45cb75ec4add1158"
score = 80
@@ -382196,8 +382608,8 @@ rule SIGNATURE_BASE_MAL_ELF_Xlogin_Nov24_1 : FILE
date = "2024-11-11"
modified = "2024-12-12"
reference = "https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_xlogin_nov24.yar#L2-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_xlogin_nov24.yar#L2-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "42fe8a32022592ff976d6d2839d949e28f60c8958f64a20c1c3c9091fb64d31e"
score = 80
quality = 85
@@ -382224,8 +382636,8 @@ rule SIGNATURE_BASE_Destructive_Ransomware_Gen1 : FILE
date = "2018-02-12"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2018/02/olympic-destroyer.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_olympic_destroyer.yar#L13-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_olympic_destroyer.yar#L13-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f7a41c5a7e812e0e26b346cc6465290b17aff31620cbcf6e01c569d8eea2dbd"
score = 75
quality = 85
@@ -382251,8 +382663,8 @@ rule SIGNATURE_BASE_Olympicdestroyer_Gen2 : FILE
date = "2018-02-12"
modified = "2023-12-05"
reference = "http://blog.talosintelligence.com/2018/02/olympic-destroyer.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_olympic_destroyer.yar#L30-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_olympic_destroyer.yar#L30-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1bcf0e95d9de62271a09f6ac64ce65debc91e541e1fccfe5c31661466c00bd5e"
score = 75
quality = 85
@@ -382285,8 +382697,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Aug25_1 : FILE
date = "2025-08-21"
modified = "2025-08-21"
reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_commvault_cve_2025_57791.yar#L1-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_commvault_cve_2025_57791.yar#L1-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d5c6815a5ca3b03ef8f76ed7b378800012c763f90fcba2187bb07d81ce01d832"
score = 60
quality = 85
@@ -382308,8 +382720,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Aug25_2 : FILE
date = "2025-08-21"
modified = "2025-08-21"
reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_commvault_cve_2025_57791.yar#L16-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_commvault_cve_2025_57791.yar#L16-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "61e3ddc09157badb2a1abf30da2cc35cac1a723db1134a37cb667be78209b845"
score = 65
quality = 85
@@ -382331,11 +382743,11 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Artifact_Aug25 : FILE
date = "2025-08-21"
modified = "2025-08-21"
reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_commvault_cve_2025_57791.yar#L30-L45"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_commvault_cve_2025_57791.yar#L30-L45"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7a3f57509dc7e986fd6d00204deb5baec815e04e0e140a7751bab8ce18e8da62"
score = 75
- quality = 35
+ quality = 60
tags = "FILE"
strings:
@@ -382356,8 +382768,8 @@ rule SIGNATURE_BASE_EXPL_JSP_Commvault_CVE_2025_57791_Aug25_1 : FILE
date = "2025-08-21"
modified = "2025-08-21"
reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_commvault_cve_2025_57791.yar#L47-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_commvault_cve_2025_57791.yar#L47-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "359b35ced874244901f64bc09456cfec7079421ef6bab58ea95a3b1887ecc858"
score = 75
quality = 85
@@ -382379,8 +382791,8 @@ rule SIGNATURE_BASE_EXPL_JSP_Commvault_CVE_2025_57791_Aug25_2 : FILE
date = "2025-08-21"
modified = "2025-08-21"
reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_commvault_cve_2025_57791.yar#L61-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_commvault_cve_2025_57791.yar#L61-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3375a33556a9b479f0c170de6e06c80ab0277f1356e4ac44bfe51d6a65a578fe"
score = 75
quality = 85
@@ -382403,11 +382815,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Commvault_CVE_2025_57791_Indicator_Shell_Drop_Aug25
date = "2025-08-21"
modified = "2025-08-21"
reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_commvault_cve_2025_57791.yar#L76-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_commvault_cve_2025_57791.yar#L76-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f0e9fedba803b0cd8b1469bad7a50bf4647f7e2f786520caf5a79ac626879125"
score = 70
- quality = 60
+ quality = 85
tags = ""
strings:
@@ -382425,8 +382837,8 @@ rule SIGNATURE_BASE_Shimrat
date = "2015-11-20"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mofang.yar#L1-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mofang.yar#L1-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0dd19e6a65b06bd5846ec224f01c3feea066540317223d1991154b2305882b20"
score = 75
quality = 85
@@ -382459,8 +382871,8 @@ rule SIGNATURE_BASE_Shimratreporter
date = "2015-11-20"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_mofang.yar#L28-L49"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_mofang.yar#L28-L49"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "931d65628e5f0b7c63fe270b0a6cd3890f41a4ee7e253ce056b37f2d55542258"
score = 75
quality = 85
@@ -382492,8 +382904,8 @@ rule SIGNATURE_BASE_VULN_Erlang_OTP_SSH_CVE_2025_32433_Apr25 : CVE_2025_32433 FI
date = "2025-04-18"
modified = "2025-04-28"
reference = "https://www.upwind.io/feed/cve-2025-32433-critical-erlang-otp-ssh-vulnerability-cvss-10"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/vuln_erlang_otp_ssh_cve_2025_32433.yar#L1-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/vuln_erlang_otp_ssh_cve_2025_32433.yar#L1-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "77d23956bd467a6eb56a91fa7a4bd939873363cd101a9d21b5b298c7b2e6c1ec"
score = 60
quality = 85
@@ -382519,8 +382931,8 @@ rule SIGNATURE_BASE_Beacon_K5Om : FILE
date = "2017-06-07"
modified = "2023-12-05"
reference = "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt19.yar#L10-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt19.yar#L10-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4b1ec0fc6c0ad4e76c526f7568153bca62f9bffdd38a3b1eaa51a37a1dcab226"
score = 75
quality = 85
@@ -382549,8 +382961,8 @@ rule SIGNATURE_BASE_FE_LEGALSTRIKE_MACRO
date = "2017-06-02"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt19.yar#L34-L50"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt19.yar#L34-L50"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b38edeedcc02168d3ba7e82c3f5c6963ffc8ce1688eeb424ce686484f3687512"
score = 75
quality = 85
@@ -382575,8 +382987,8 @@ rule SIGNATURE_BASE_FE_LEGALSTRIKE_RTF : FILE
date = "2017-06-02"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_apt19.yar#L52-L69"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_apt19.yar#L52-L69"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "af811694076f7d53ee76713538839c4ec82c591518d59d5988dcb893bfd32ffe"
score = 75
quality = 85
@@ -382604,8 +383016,8 @@ rule SIGNATURE_BASE_EXPL_Zoho_RCE_Fix_Lines_Dec21_1 : FILE
date = "2021-12-06"
modified = "2023-12-05"
reference = "https://twitter.com/cyb3rops/status/1467784104930385923"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_zoho_rcef_logs.yar#L2-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_zoho_rcef_logs.yar#L2-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e6d9c3364da57c03a5e838f485deefabec2f3ec67d19a9017e564ba702a72d03"
score = 65
quality = 85
@@ -382631,8 +383043,8 @@ rule SIGNATURE_BASE_APT_PY_Bluelight_Loader : INKYSQUID
date = "2021-06-22"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_inkysquid.yar#L39-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_inkysquid.yar#L39-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e7e18a6d648b1383706439ba923335ac4396f6b5d2a3dc8f30f63ded7df29eda"
score = 75
quality = 85
@@ -382659,8 +383071,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Decrok : INKYSQUID
date = "2021-06-23"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_inkysquid.yar#L61-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_inkysquid.yar#L61-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6a452d088d60113f623b852f33f8f9acf0d4197af29781f889613fed38f57855"
logic_hash = "47fa03e95ac17ba7195858cd63b1769e5d56ab8a5edf872b345989b767050b87"
score = 75
@@ -382686,8 +383098,8 @@ rule SIGNATURE_BASE_APT_NK_Scarcruft_RUBY_Shellcode_XOR_Routine : APT
date = "2021-05-20"
modified = "2023-12-05"
reference = "https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_inkysquid.yar#L104-L133"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_inkysquid.yar#L104-L133"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a97041a06729d639c22a4ee272cc96555345b692fc0da8b62e898891d02b23ea"
score = 75
quality = 85
@@ -382711,8 +383123,8 @@ rule SIGNATURE_BASE_APT_NK_Scarcruft_Evolved_ROKRAT : APT FILE
date = "2021-07-09"
modified = "2023-12-05"
reference = "https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nk_inkysquid.yar#L135-L179"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nk_inkysquid.yar#L135-L179"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01a2f410687c943d6c6e421ffacfe42f9e7b6afb82e43ba03a8d525e075a3a3c"
score = 75
quality = 85
@@ -382750,8 +383162,8 @@ rule SIGNATURE_BASE_SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1 : FILE
date = "2022-03-03"
modified = "2022-03-04"
reference = "https://twitter.com/cyb3rops/status/1499514240008437762"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_nvidia_leaked_cert.yar#L4-L22"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_nvidia_leaked_cert.yar#L4-L22"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e7e9e58ec1e3922471ad3ffd4ad9fbb3ac4b3c3841c35d1cd8886607f3cf1ab9"
score = 70
quality = 85
@@ -382769,8 +383181,8 @@ rule SIGNATURE_BASE_MAL_UNC2891_Slapstick : FILE
date = "2022-03-30"
modified = "2023-01-05"
reference = "https://github.com/fboldewin/YARA-rules/tree/master"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_unc2891_mal_jan23.yar#L19-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_unc2891_mal_jan23.yar#L19-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4bc51a47a1b620c3bb950c287c38a37e528e79f9720fb4d9fa9ebecbeca82036"
score = 75
quality = 85
@@ -382797,8 +383209,8 @@ rule SIGNATURE_BASE_SUSP_VHD_Suspicious_Small_Size : FILE
date = "2019-12-21"
modified = "2023-01-27"
reference = "https://twitter.com/MeltX0R/status/1208095892877774850"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_vhd_anomaly.yar#L2-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_vhd_anomaly.yar#L2-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0bd5b113714854feaa89d52d4bab6a4a00f0dcb7fd816fa7b036eb43d3ea0dd8"
score = 50
quality = 83
@@ -382826,8 +383238,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat : FILE
date = "2016-04-23"
modified = "2023-12-05"
reference = "https://blog.cylance.com/the-ghost-dragon"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ghostdragon_gh0st_rat.yar#L8-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ghostdragon_gh0st_rat.yar#L8-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b67c7ff76c14e771c4e952a408c2c006c9ae88fda97b775747a95322aff355e7"
score = 75
quality = 83
@@ -382875,8 +383287,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat_Sample2 : FILE
date = "2016-04-23"
modified = "2023-12-05"
reference = "https://blog.cylance.com/the-ghost-dragon"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ghostdragon_gh0st_rat.yar#L54-L75"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ghostdragon_gh0st_rat.yar#L54-L75"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f41776a033be766844c9867902d2ef9b79bf59bdf212f0158eccf79db0810460"
score = 75
quality = 85
@@ -382902,8 +383314,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat_Sample3
date = "2016-04-23"
modified = "2023-12-05"
reference = "https://blog.cylance.com/the-ghost-dragon"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ghostdragon_gh0st_rat.yar#L77-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ghostdragon_gh0st_rat.yar#L77-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "39ddb94ac14032f88e54e413ed650277e95f6dcf66219fcf43a01aff1f10a058"
score = 75
quality = 85
@@ -382929,8 +383341,8 @@ rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE
date = "2026-01-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L12-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L12-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2cd0a5f1e9bcce6807e57ec8477d222a"
hash = "c843046e54b755ec63ccb09d0a689674"
logic_hash = "0a207038b3cbba88d05cd6a053fd14337ac1fbb08b2a532b542ee2bb6b881a5a"
@@ -382957,8 +383369,8 @@ rule SIGNATURE_BASE_Stonedrill_Main_Sub : FILE
date = "2017-03-07"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L43-L56"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L43-L56"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "794094c0cbb81f6f971e16de36d444351b17cf38a91d8210f914b80da7d9ed26"
score = 75
quality = 85
@@ -382982,8 +383394,8 @@ rule SIGNATURE_BASE_Stonedrill_BAT_1 : FILE
date = "2017-03-07"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L65-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L65-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d7263a527cae45072082c0f2fd0abc33acb2a25b34c06becf36fbd36f0697d5c"
score = 75
quality = 85
@@ -383009,8 +383421,8 @@ rule SIGNATURE_BASE_Stonedrill_Service_Install : FILE
date = "2017-03-07"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L82-L96"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L82-L96"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "52abe90c7f87ffeace4b58f9959e5a21c475bfa7ae2c5bc2744fe5fe43ffdda8"
score = 75
quality = 85
@@ -383035,8 +383447,8 @@ rule SIGNATURE_BASE_Stonedrill_Ntssrvr32 : FILE
date = "2017-03-07"
modified = "2023-01-27"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L98-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L98-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f1122aba53f32b10bd5f43cb619aa5d668b1457f3a5ea2a68c97254ab8631faa"
score = 75
quality = 85
@@ -383064,8 +383476,8 @@ rule SIGNATURE_BASE_Stonedrill_Malware_2 : FILE
date = "2017-03-07"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L120-L145"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L120-L145"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "cb1f8b24465ad8ca19dd540b1f8b63a73bc2624958bf45547b15c10583d07281"
score = 75
quality = 60
@@ -383099,8 +383511,8 @@ rule SIGNATURE_BASE_Stonedrill : FILE
date = "2017-03-07"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L147-L170"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L147-L170"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ef7173e259f985083d5451a2d464047b40112a084a05d471797d5dbf2d0fb21d"
score = 75
quality = 85
@@ -383131,8 +383543,8 @@ rule SIGNATURE_BASE_Stonedrill_VBS_1 : FILE
date = "2017-03-07"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_stonedrill.yar#L172-L192"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_stonedrill.yar#L172-L192"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "79416d27a6a09d544becd84f8e551c09b94c97181f8fddc481f47e42763d47ac"
score = 75
quality = 85
@@ -383161,8 +383573,8 @@ rule SIGNATURE_BASE_Sofacy_Malware_Strangespaces : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L8-L23"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L8-L23"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ee8bbebaa0978d038424cee3775ba312476afa014ce0d57c73d6844f758116ca"
score = 75
quality = 85
@@ -383187,8 +383599,8 @@ rule SIGNATURE_BASE_Sofacy_Malware_AZZY_Backdoor_1 : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L25-L40"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L25-L40"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb"
logic_hash = "9c99f218d856d374423cada147bc38c8319f9ebff1e43e012143fad7af992d29"
score = 75
@@ -383213,8 +383625,8 @@ rule SIGNATURE_BASE_Sofacy_AZZY_Backdoor_Implant_1 : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L42-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L42-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c"
logic_hash = "b6ddf1274ed78db0c7183e3cc8063c01e4d011bc2947ec05449f3fd0df2050e7"
score = 75
@@ -383241,8 +383653,8 @@ rule SIGNATURE_BASE_Sofacy_AZZY_Backdoor_Helperdll : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L61-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L61-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6"
logic_hash = "100903551eeacf4266fc97a09949bdafe05e94698bed7cea295c8e970df22ec8"
score = 75
@@ -383267,8 +383679,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen1 : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L80-L97"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L80-L97"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b6693fa45fed5ed001d8fb4b43427c7036d95cb36b125e7242864d000085018"
score = 75
quality = 85
@@ -383295,8 +383707,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen2 : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L99-L116"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L99-L116"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45"
hash = "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f"
hash = "b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d"
@@ -383323,8 +383735,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen3 : FILE
date = "2015-12-04"
modified = "2023-12-05"
reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_dec15.yar#L118-L143"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_dec15.yar#L118-L143"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f"
hash = "4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3"
logic_hash = "8e7f56013629d8b4d0c7600552590e8073deb16d5b6dced11444c2110b88f387"
@@ -383356,8 +383768,8 @@ rule SIGNATURE_BASE_Winnti_Fonfig : FILE
date = "2017-01-25"
modified = "2023-12-05"
reference = "https://goo.gl/VbvJtL"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_ms_report_201701.yar#L10-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_ms_report_201701.yar#L10-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "715892268431bf76cf9bf0bdbeaf4129befdc590b5b2dcae479d95dfe77561a4"
score = 75
quality = 85
@@ -383381,8 +383793,8 @@ rule SIGNATURE_BASE_Winnti_Nlaifsvc : FILE
date = "2017-01-25"
modified = "2023-12-05"
reference = "https://goo.gl/VbvJtL"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_ms_report_201701.yar#L26-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_ms_report_201701.yar#L26-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7268c79baf37174e04b391ae42cdd6014f17478c5b89d0c7b8042eb839324f87"
score = 75
quality = 85
@@ -383407,8 +383819,8 @@ rule SIGNATURE_BASE_CVE_2015_1701_Taihou : CVE_2015_1701 FILE
date = "2015-05-13"
modified = "2023-12-05"
reference = "http://goo.gl/W4nU0q"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2015_1701.yar#L2-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2015_1701.yar#L2-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d230e036c303642c40bdf83be2b097f6e447a7e7d4292c495179edbae8a4124c"
score = 70
quality = 85
@@ -383442,8 +383854,8 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_1647_Apr21_1 : CVE_2021_1647 FILE
date = "2021-05-04"
modified = "2023-12-05"
reference = "https://attackerkb.com/topics/DzXZpEuBeP/cve-2021-1647-microsoft-windows-defender-zero-day-vulnerability"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/expl_cve_2021_1647.yar#L2-L18"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/expl_cve_2021_1647.yar#L2-L18"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b0e1809ba10e5ea624e1c4d2e948c928c590b40e6315def8cb1216930ead8579"
score = 75
quality = 85
@@ -383469,8 +383881,8 @@ rule SIGNATURE_BASE_HKTL_Reverse_Connect_TCP_PTY_Shell : FILE
date = "2019-10-19"
modified = "2023-12-05"
reference = "https://github.com/infodox/python-pty-shells/blob/master/tcp_pty_backconnect.py"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_python_pty_shell.yar#L1-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_python_pty_shell.yar#L1-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6b92077f9ff775ae3f8166f47a32aaa872fcbf7fcefc3789e5411388aac5403a"
score = 75
quality = 85
@@ -383495,8 +383907,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Gen_1 : FILE
date = "2016-04-22"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nanocore_rat.yar#L8-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nanocore_rat.yar#L8-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "09fab3ef1b4ca9092fd69fb09c4ef759946fcb5b84161441bff797bb4009ed00"
score = 70
quality = 85
@@ -383523,8 +383935,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Gen_2 : FILE
date = "2016-04-22"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nanocore_rat.yar#L28-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nanocore_rat.yar#L28-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "23b3d149012fb8395b7daa2ecaf3ee66fdeac352ac94d632d76e52df2c6e8ea6"
score = 100
quality = 85
@@ -383549,8 +383961,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Sample_1 : FILE
date = "2016-04-22"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nanocore_rat.yar#L46-L62"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nanocore_rat.yar#L46-L62"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c74e5fe7e9d4dd7f032281b0e617f2355bc5844acf04a8ffbfd42165c7d9b8e4"
score = 75
quality = 85
@@ -383575,8 +383987,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Sample_2 : FILE
date = "2016-04-22"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nanocore_rat.yar#L64-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nanocore_rat.yar#L64-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "505176b7320e95c652f0b6fdc6fadc3d16ff30115263862ba61209fa2fb82a2d"
score = 75
quality = 85
@@ -383601,8 +384013,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Feb18_1 : FILE
date = "2018-02-19"
modified = "2023-12-05"
reference = "Internal Research - T2T"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nanocore_rat.yar#L92-L115"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nanocore_rat.yar#L92-L115"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "824fd7304fb298ced69811078aa2dd23d7116554cffb8b6e4b690fccc93a4caf"
score = 75
quality = 85
@@ -383631,8 +384043,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Feb18_2 : FILE
date = "2018-02-19"
modified = "2023-12-05"
reference = "Internal Research - T2T"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_nanocore_rat.yar#L117-L137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_nanocore_rat.yar#L117-L137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c104e431a4ecc0d18d7eb74e7a55d32bf8978ee922637d48f3f6a9466a0f5b1a"
score = 75
quality = 85
@@ -383663,8 +384075,8 @@ rule SIGNATURE_BASE_Corkowdll : FILE
date = "2016-01-02"
modified = "2023-12-05"
reference = "https://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_corkow_dll.yar#L3-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_corkow_dll.yar#L3-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "072112c79f20ba08b7ef71d3dacff7eb947b4a27bf6381ce788e229f2f791cdf"
score = 75
quality = 85
@@ -383686,8 +384098,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Conticrypter
date = "2021-03-17"
modified = "2023-12-05"
reference = "https://github.com/Neo23x0/signature-base"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_ransom_conti.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_ransom_conti.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "256fbd028a91da45049e2e861e16e97201f09cb92ab049eda373c80e6a796726"
score = 75
quality = 85
@@ -383712,8 +384124,8 @@ rule SIGNATURE_BASE_HKTL_Khepri_Beacon_Sep21_1 : FILE
date = "2021-09-08"
modified = "2023-12-05"
reference = "https://github.com/geemion/Khepri/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_khepri.yar#L2-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_khepri.yar#L2-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c688dbda6006ef28305285f6aeec24a23cbfe9174d09cf4e3586bd0cf7290e60"
score = 90
quality = 85
@@ -383749,8 +384161,8 @@ rule SIGNATURE_BASE_Shifu_Banking_Trojan : FILE
date = "2015-09-01"
modified = "2023-12-05"
reference = "https://securityintelligence.com/shifu-masterful-new-banking-trojan-is-attacking-14-japanese-banks/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_shifu_trojan.yar#L8-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_shifu_trojan.yar#L8-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f65fa80638e6a8bf8c5afb3dbe1262572ca0a7c56507369934ac3d958f3e6267"
score = 75
quality = 85
@@ -383778,8 +384190,8 @@ rule SIGNATURE_BASE_SHIFU_Banking_Trojan : FILE
date = "2015-10-31"
modified = "2023-12-05"
reference = "http://goo.gl/52n8WE"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_shifu_trojan.yar#L29-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_shifu_trojan.yar#L29-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "01f5217ee4e81b0b2ff37ccc7eed353ace26aa68538cce5bc207c0c071f0850a"
score = 70
quality = 85
@@ -383821,8 +384233,8 @@ rule SIGNATURE_BASE_MAL_Coralwave_Lenovospkvol_Remcosmicdrop : FILE
date = "2026-01-01"
modified = "2026-01-02"
reference = "https://bazaar.abuse.ch/sample/050edadedd7947bc6418f7856a29df5b7b5550bf5eec7f5f37e9a7e1713036f6/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_coralwave_remcos_dropper.yar#L1-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_coralwave_remcos_dropper.yar#L1-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "65302b435a5bc30e8f0215455679635ec50b5b1caba9e55f9258d17c7238be54"
logic_hash = "ec6303584d65cf2138ca44a1cf5e958586d9eee2e9e17a90d0942b1ebee3d01f"
score = 85
@@ -383852,8 +384264,8 @@ rule SIGNATURE_BASE_SUSP_CMD_Var_Expansion : FILE
date = "2018-09-26"
modified = "2023-12-05"
reference = "https://twitter.com/asfakian/status/1044859525675843585"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_susp_cmd_var_expansion.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_susp_cmd_var_expansion.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "68ce14cac07494645f3b5f1d61012e4fe21cfa9fa7ad4019add2368b568fe043"
score = 60
quality = 85
@@ -383875,8 +384287,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_1 : FILE
date = "2023-03-29"
modified = "2023-04-20"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L3-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L3-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "68f4007791d365900c84e32e076aa3cac9f3a9ed46de297f1005306554ee13f5"
score = 85
quality = 85
@@ -383907,8 +384319,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_2 : FILE
date = "2023-03-29"
modified = "2023-12-05"
reference = "https://twitter.com/dan__mayer/status/1641170769194672128?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L32-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L32-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dec8310c1f5b304a755737a0005bb33b1762f21ed380b2b98b0f5427948ab930"
score = 80
quality = 60
@@ -383936,8 +384348,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_3
date = "2023-03-29"
modified = "2023-12-05"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L56-L79"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L56-L79"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "adfe04904d796690631e5841ee1ee10c767f9f4c340e5b9df78918e981359d4d"
score = 80
quality = 85
@@ -383964,8 +384376,8 @@ rule SIGNATURE_BASE_SUSP_APT_MAL_NK_3CX_Malicious_Samples_Mar23_1
date = "2023-03-29"
modified = "2023-04-20"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L81-L98"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L81-L98"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dcce1f5e769a2821d746a960cd333f8042fb71c8469aa41c29bbbd0dce79369c"
score = 75
quality = 85
@@ -383990,8 +384402,8 @@ rule SIGNATURE_BASE_APT_SUSP_NK_3CX_RC4_Key_Mar23_1 : FILE
date = "2023-03-29"
modified = "2023-12-05"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L100-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L100-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8324b537b149ad3816b12ae0f887f66a284a8e1ef4fe7cf51eb21d59c0f055b9"
score = 70
quality = 85
@@ -384017,8 +384429,8 @@ rule SIGNATURE_BASE_SUSP_3CX_App_Signed_Binary_Mar23_1 : FILE
date = "2023-03-29"
modified = "2023-12-05"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L119-L139"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L119-L139"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "3834b5ebb5a0db27a452fda1c97c921b2c9c8702505738232b15a3ed4a47dc47"
score = 65
quality = 85
@@ -384043,8 +384455,8 @@ rule SIGNATURE_BASE_SUSP_3CX_MSI_Signed_Binary_Mar23_1 : FILE
date = "2023-03-29"
modified = "2023-12-05"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L141-L166"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L141-L166"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b0fa9821a02803473ce8139b19d005968b03c9765cff5b9ae5428a259d88cc9f"
score = 60
quality = 85
@@ -384070,8 +384482,8 @@ rule SIGNATURE_BASE_APT_MAL_Macos_NK_3CX_Malicious_Samples_Mar23_1 : FILE
date = "2023-03-30"
modified = "2023-12-05"
reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L168-L184"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L168-L184"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c2733c2f7dcca82e5a0b2301777fb54853d04dfa893bcf88ecbec34d37e1a38a"
score = 80
quality = 85
@@ -384096,8 +384508,8 @@ rule SIGNATURE_BASE_APT_MAL_Macos_NK_3CX_DYLIB_Mar23_1
date = "2023-03-30"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e52c76de1e995cc7084ddb390b60f4bc66e5bdf89aaa28ef3fd70578ed3145a6"
score = 80
quality = 85
@@ -384129,8 +384541,8 @@ rule SIGNATURE_BASE_APT_SUSP_NK_3CX_Malicious_Samples_Mar23_1
date = "2023-03-30"
modified = "2023-12-05"
reference = "https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L216-L232"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L216-L232"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6ab8a4ac184eaba6eb56bfc49d6fa03f9b0877d75294aa9a242e9ac96482fab0"
score = 70
quality = 85
@@ -384155,8 +384567,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_4
date = "2023-03-29"
modified = "2023-12-05"
reference = "https://twitter.com/WhichbufferArda/status/1641404343323688964?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L234-L249"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L234-L249"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "851c2c99ebafd4e5e9e140cfe3f2d03533846ca16f8151ae8ee0e83c692884b7"
logic_hash = "2fd56527a094b1f155cf33af402328835d4fb8aee9a058742d3e3763acef9e46"
score = 80
@@ -384180,8 +384592,8 @@ rule SIGNATURE_BASE_MAL_3Cxdesktopapp_Macos_Backdoor_Mar23 : FILE
date = "2023-03-30"
modified = "2023-12-05"
reference = "https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67"
logic_hash = "777a0a29c376f3697021dd627e716c31bda7933c5f40a8fe79b80e3cea46ce43"
score = 80
@@ -384206,8 +384618,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_ICONIC_Stealer_Mar23_1 : FILE
date = "2023-03-31"
modified = "2023-12-05"
reference = "https://github.com/volexity/threat-intel/blob/main/2023/2023-03-30%203CX/attachments/iconicstealer.7z"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L279-L304"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L279-L304"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1f57a2af4a5b9e71e2b72ddc3839400731d9d37eb4349c393b37b3f86c0c7f73"
score = 80
quality = 85
@@ -384236,8 +384648,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Macos_Elextron_App_Mar23_1 : FILE
date = "2023-03-31"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L306-L328"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L306-L328"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "00dd28c3edd94e04e35ee9e3a43c30b5a0a1ad21ec8ecf2099bbeb9de2fca8d0"
score = 80
quality = 85
@@ -384263,8 +384675,8 @@ rule SIGNATURE_BASE_MAL_3Cxdesktopapp_Macos_Updateagent_Mar23 : FILE
date = "2023-03-30"
modified = "2023-12-05"
reference = "https://twitter.com/patrickwardle/status/1641692164303515653?s=20"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L330-L354"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L330-L354"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9e9a5f8d86356796162cee881c843cde9eaedfb3"
logic_hash = "0818a8f0b59a9baaefaa0b505f8261e0e0df283e79da8e95dc71e9afdca224ab"
score = 80
@@ -384290,8 +384702,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_2
date = "2023-04-29"
modified = "2023-12-05"
reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L373-L392"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L373-L392"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "c4887a5cd6d98e273ba6e9ea3c1d8f770ef26239819ea24a1bfebd81d6870505"
logic_hash = "a15f7f06be5e620baf33d595afc35246dae0307978984af832940a74ef2c84eb"
score = 80
@@ -384318,8 +384730,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_3
date = "2023-04-29"
modified = "2023-12-05"
reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L394-L410"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L394-L410"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "595392959b609caf088d027a23443cf2fefd043607ccdec3de19ad3bb43a74b1"
logic_hash = "58f860926db4a7dfefbd39ee35efaa0081b7e31a361efce02f5144266ab652a6"
score = 80
@@ -384344,8 +384756,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_4
date = "2023-04-29"
modified = "2023-12-05"
reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_mal_3cx_compromise_mar23.yar#L412-L428"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_mal_3cx_compromise_mar23.yar#L412-L428"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9b0761f81afb102bb784b398b16faa965594e469a7fcfdfd553ced19cc17e70b"
logic_hash = "ad22df404d948073428fc35b0c8fbfea25da3bc66e46ea6397ff751ae65d5939"
score = 80
@@ -384371,8 +384783,8 @@ rule SIGNATURE_BASE_Microcin_Sample_1 : FILE
date = "2017-09-26"
modified = "2023-12-05"
reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_microcin.yar#L13-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_microcin.yar#L13-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e7eb967035257490db2537ba46fd1f1e378fc33f93e7f65412949e987194a9db"
score = 75
quality = 85
@@ -384401,8 +384813,8 @@ rule SIGNATURE_BASE_Microcin_Sample_2 : FILE
date = "2017-09-26"
modified = "2023-12-05"
reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_microcin.yar#L38-L52"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_microcin.yar#L38-L52"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "99feb3e1672f69c4cf41a100e9ba64421fd75c3554306a1bf1475da6f1e14ed1"
score = 75
quality = 85
@@ -384426,8 +384838,8 @@ rule SIGNATURE_BASE_Microcin_Sample_3 : FILE
date = "2017-09-26"
modified = "2023-12-05"
reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_microcin.yar#L54-L68"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_microcin.yar#L54-L68"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bf1227460f1fc4a7bede853b0d4f15b520db870ac7ce2e6684dc195ea6322e82"
score = 75
quality = 85
@@ -384451,8 +384863,8 @@ rule SIGNATURE_BASE_Microcin_Sample_4 : FILE
date = "2017-09-26"
modified = "2023-12-05"
reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_microcin.yar#L70-L90"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_microcin.yar#L70-L90"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1293fbd1a6b440168bb1d7b250df0c8a1a7f99a7fb603a6abec7fe7ba20cf4f5"
score = 75
quality = 85
@@ -384481,8 +384893,8 @@ rule SIGNATURE_BASE_Microcin_Sample_5 : FILE
date = "2017-09-26"
modified = "2023-12-05"
reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_microcin.yar#L92-L110"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_microcin.yar#L92-L110"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "18b9b80ad3c27f32c71197f33e5e99742662cf5cf4ed5f83d574d44ba63f8b5f"
score = 75
quality = 85
@@ -384510,8 +384922,8 @@ rule SIGNATURE_BASE_Microcin_Sample_6 : FILE
date = "2017-09-26"
modified = "2023-12-05"
reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_microcin.yar#L112-L128"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_microcin.yar#L112-L128"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "280fb17b5ed5ff1c8018e426969f75e18589eabeb2a20e0e623f206e72e8958d"
score = 75
quality = 85
@@ -384537,8 +384949,8 @@ rule SIGNATURE_BASE_ATM_Malware_Javadispcash_1 : FILE
date = "2019-03-28"
modified = "2023-12-05"
reference = "https://twitter.com/r3c0nst/status/1111254169623674882"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_atm_javadipcash.yar#L1-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_atm_javadipcash.yar#L1-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "9a714571281844cfe7193b7c183b86b797ef5de5d1922eacaf45dad8d41cfc52"
score = 75
quality = 85
@@ -384566,8 +384978,8 @@ rule SIGNATURE_BASE_HKTL_Powersploit
date = "2018-06-23"
modified = "2023-12-05"
reference = "https://www.hybrid-analysis.com/sample/16937e76db6d88ed0420ee87317424af2d4e19117fe12d1364fee35aa2fadb75?environmentId=100"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_powersploit_dropper.yar#L1-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_powersploit_dropper.yar#L1-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "00bc389147926f3b474a7072381bb8b9cddad3ff581a5d2182006a674e0c0163"
score = 75
quality = 81
@@ -384591,8 +385003,8 @@ rule SIGNATURE_BASE_Venom_Rootkit : FILE
date = "2017-01-12"
modified = "2023-12-05"
reference = "https://security.web.cern.ch/security/venom.shtml"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_venom_linux_rootkit.yar#L10-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_venom_linux_rootkit.yar#L10-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0b2211edc6737e9da3e43bec9ef823e80c6bd6463adbb10d6839e9914aed22ac"
score = 75
quality = 85
@@ -384625,11 +385037,11 @@ rule SIGNATURE_BASE_APT_Lazarus_Dropper_Jun18_1 : FILE
date = "2018-06-01"
modified = "2023-12-05"
reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_jun18.yar#L13-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_jun18.yar#L13-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "868297209177471f29c9653747d3205f55a14b74a5da64562b20ebeadb14b1cf"
score = 60
- quality = 40
+ quality = 65
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
hash1 = "086a50476f5ceee4b10871c1a8b0a794e96a337966382248a8289598b732bd47"
@@ -384652,8 +385064,8 @@ rule SIGNATURE_BASE_APT_Lazarus_RAT_Jun18_1 : FILE
date = "2018-06-01"
modified = "2023-12-05"
reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_jun18.yar#L34-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_jun18.yar#L34-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7260f766ffd1122319ca69a6c87b0baa98d5727929f2e063a5b2edb05a44d827"
score = 75
quality = 85
@@ -384689,8 +385101,8 @@ rule SIGNATURE_BASE_APT_Lazarus_RAT_Jun18_2 : FILE
date = "2018-06-01"
modified = "2023-12-05"
reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_lazarus_jun18.yar#L68-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_lazarus_jun18.yar#L68-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b22b8386791e86f787efc40a394bbabdb4a009fc2d1a7b87aaf5039fc977a5bd"
score = 75
quality = 85
@@ -384716,8 +385128,8 @@ rule SIGNATURE_BASE_APT_ME_Bigbang_Gen_Jul18_1 : FILE
date = "2018-07-09"
modified = "2023-12-05"
reference = "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bigbang.yar#L3-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bigbang.yar#L3-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "496994ee035aa09233c648cf4ec0d1e84ceb970917b4dc5208a1390ec6eb39c2"
score = 75
quality = 85
@@ -384750,8 +385162,8 @@ rule SIGNATURE_BASE_APT_ME_Bigbang_Mal_Jul18_1 : FILE
date = "2018-07-09"
modified = "2023-12-05"
reference = "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_bigbang.yar#L31-L51"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_bigbang.yar#L31-L51"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da45482b465549fce0f088c5818dff4a734faa2e4fbcec43b750893d1c3fefad"
score = 75
quality = 85
@@ -384781,8 +385193,8 @@ rule SIGNATURE_BASE_Hermes2_1 : FILE
date = "2017-10-11"
modified = "2023-12-05"
reference = "https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_hermes_ransom.yar#L1-L27"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_hermes_ransom.yar#L1-L27"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "b27881f59c8d8cc529fa80a58709db36"
logic_hash = "85a7b3ec89f2bf32e5520a7c5c84661383be71abd8dae3d072d75d5b1118db24"
score = 75
@@ -384815,8 +385227,8 @@ rule SIGNATURE_BASE_MAL_Passwordstate_Moserware_Backdoor_Apr21_1 : FILE
date = "2021-04-25"
modified = "2023-12-05"
reference = "https://thehackernews.com/2021/04/passwordstate-password-manager-update.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/mal_passwordstate_backdoor.yar#L1-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/mal_passwordstate_backdoor.yar#L1-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "46bf5b7f4f75997535742021d1d5c2129daae0b3836c08383058e5e5b8e27d93"
score = 75
quality = 85
@@ -384845,8 +385257,8 @@ rule SIGNATURE_BASE_OSX_Backdoor_Bella : FILE
date = "2018-02-23"
modified = "2023-12-05"
reference = "https://twitter.com/JohnLaTwC/status/911998777182924801"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_osx_backdoor_bella.yar#L2-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_osx_backdoor_bella.yar#L2-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "4288a81779a492b5b02bad6e90b2fa6212fa5f8ee87cc5ec9286ab523fc02446 cec7be2126d388707907b4f9d681121fd1e3ca9f828c029b02340ab1331a5524 e1cf136be50c4486ae8f5e408af80b90229f3027511b4beed69495a042af95be"
logic_hash = "c2fa72072decd850698fbaaa9c2a6687cdf64e6bac068ff52a97963053db4339"
score = 75
@@ -384881,8 +385293,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Scripts
date = "2016-08-08"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L1-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L1-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "275ec8de40ae973b4ec4c891c56a70fc2fd05abff258b8015d986d0106506367"
score = 75
quality = 85
@@ -384916,8 +385328,8 @@ rule SIGNATURE_BASE_HKTL_Dsniff
date = "2019-02-19"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L27-L39"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L27-L39"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0edd3ba7e78ee2810aa3c7643a96382c1fe0b5e627913a5a9bac2e83c8d40274"
score = 55
quality = 85
@@ -384938,8 +385350,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Arping_Module
date = "2016-08-08"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L41-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L41-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d87e91441994c4ed863596d79c108c9f72adfb708f885cb63a881eb25aa089b7"
score = 75
quality = 85
@@ -384963,8 +385375,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Kblogi_Module
date = "2016-08-08"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L57-L71"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L57-L71"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "bba87b17a62fc968e89d4f6d10de06875c6b7f47c8bb7ae3f7932804b23a8e87"
score = 75
quality = 85
@@ -384988,8 +385400,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Basex_Module
date = "2016-08-08"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L73-L87"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L73-L87"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "90cfb58017d62312c56908aca1a48bb7425f5cd51540298ecf65305b46ffb2c8"
score = 75
quality = 85
@@ -385013,8 +385425,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Dext_Module
date = "2016-08-08"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L89-L104"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L89-L104"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7dbfb3ddfffa6fa65800e07fdcc527650474740afa658567efe46830587cedae"
score = 75
quality = 85
@@ -385039,8 +385451,8 @@ rule SIGNATURE_BASE_Hacktool_This_Cruft : FILE
date = "2016-08-08"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L106-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L106-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "875c34e8048c3f98afc97683d0b3086c3396753cd9fb14bc68681c63ed77fd51"
score = 60
quality = 85
@@ -385062,8 +385474,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M1 : FILE
date = "2016-08-09"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L130-L148"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L130-L148"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c81c996e487bdd840111513724ccf1220ee3bd8280d776aa4c128ef5263ee136"
score = 75
quality = 85
@@ -385090,8 +385502,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M2 : FILE
date = "2016-08-09"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L150-L167"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L150-L167"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "57099a802ee62a5183156f0b30713553b6fd83bbb5e1b453e9b25da0109b8777"
score = 75
quality = 85
@@ -385117,8 +385529,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M3 : FILE
date = "2016-08-09"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L169-L186"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L169-L186"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "739414990d112dd16e01831408ba745b04fae7621eb9074f73babbc40b69e1ad"
score = 75
quality = 85
@@ -385144,8 +385556,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M4 : FILE
date = "2016-08-09"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L188-L206"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L188-L206"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0735ba9591a9cf06cd13ba480b4559ef83105ab08ffcec21ebbbfdf3766edb93"
score = 75
quality = 85
@@ -385172,8 +385584,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M6 : FILE
date = "2016-08-09"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L208-L226"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L208-L226"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "95ca9a0b2e71e7152d20a01d238e7362024c6dac6fc95ed2ebfa96dcbc8dbd40"
score = 75
quality = 85
@@ -385200,8 +385612,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M7 : FILE
date = "2016-08-09"
modified = "2023-12-05"
reference = "https://goo.gl/eFoP4A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_project_sauron_extras.yar#L228-L261"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_project_sauron_extras.yar#L228-L261"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d132ddeb1d26b035565d3707b73d401fb413315febe26ac291cb05bfeca7c41d"
score = 75
quality = 85
@@ -385238,8 +385650,8 @@ rule SIGNATURE_BASE_Hiddencobra_Rule_1
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-164A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L11-L29"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L11-L29"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e8bb844d72b7d7564caec0d0842889000c77611eeb24ac5c5cb35072a92c9d10"
score = 75
quality = 85
@@ -385267,8 +385679,8 @@ rule SIGNATURE_BASE_Hiddencobra_Rule_3
date = "2017-06-13"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-164A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L52-L82"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L52-L82"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6c0e385e46fe9d6cde7d2bc8ef059cfd8c33ef5b17e9fcd7cea97863fb8d2c24"
score = 75
quality = 85
@@ -385308,8 +385720,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Ghostsecret_1 : FILE
date = "2018-08-11"
modified = "2023-12-05"
reference = "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L87-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L87-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b1e72ca66520152b444cc415bdf54921ebba9671519d3b0327316cee2bf0ba1d"
score = 75
quality = 85
@@ -385333,8 +385745,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Ghostsecret_2 : FILE
date = "2018-08-11"
modified = "2023-12-05"
reference = "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L103-L119"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L103-L119"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "878711f5e1a8a3cfefdaf13fc08a4778fba9d2f729248784cf72b610c8bc5e17"
score = 75
quality = 85
@@ -385360,8 +385772,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_1 : FILE
date = "2019-04-13"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L124-L137"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L124-L137"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "6cd036129ea54f4e3a2c52bf9ebd04e2d368e737cf83ca34a8feb79ea477a3af"
score = 75
quality = 85
@@ -385384,8 +385796,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_2 : FILE
date = "2019-04-13"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L139-L154"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L139-L154"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "741d69b470ac230d502116ebd5f09bbf4bdbbbdd7e70b97a4bd5d3f2c8e148ef"
score = 75
quality = 85
@@ -385410,8 +385822,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_3 : FILE
date = "2019-04-13"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hidden_cobra.yar#L156-L185"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hidden_cobra.yar#L156-L185"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5cbdf0c4c5025bc1d95d27a32fa69efb329e8f74243646a31458fea225d21875"
score = 75
quality = 85
@@ -385446,8 +385858,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_Loader : FILE
date = "2022-04-14"
modified = "2025-07-01"
reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_twisted_panda.yar#L1-L44"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_twisted_panda.yar#L1-L44"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b7f4f31a26b5f968b1d5c82d9165b4d45d75336993b113dda54fd37f628639ee"
score = 80
quality = 85
@@ -385473,8 +385885,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_SPINNER_1 : FILE
date = "2022-04-14"
modified = "2025-07-01"
reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_twisted_panda.yar#L46-L80"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_twisted_panda.yar#L46-L80"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e7abe4b3f4225596131882a9175f9ac2e45ba00557950772a8e4d1eaeab97d05"
score = 80
quality = 85
@@ -385500,8 +385912,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_SPINNER_2 : FILE
date = "2022-04-14"
modified = "2025-07-01"
reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_twisted_panda.yar#L82-L118"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_twisted_panda.yar#L82-L118"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d1e34903e58fb76671a076acbb9f26e10d511c8f00be90b4901d61b73b90a9a7"
score = 80
quality = 85
@@ -385529,8 +385941,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_64Bit_Loader : FILE
date = "2022-04-14"
modified = "2025-07-01"
reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_twisted_panda.yar#L120-L155"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_twisted_panda.yar#L120-L155"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "644547f9fa6ca3f34ea32e06896f341e0c92f5c57dee3c478aed0cdf87b2f3de"
score = 80
quality = 85
@@ -385554,8 +385966,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_Droppers : FILE
date = "2022-04-14"
modified = "2025-07-01"
reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_cn_twisted_panda.yar#L157-L194"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_cn_twisted_panda.yar#L157-L194"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "820b4796511dcf98cdc8017a39cc2c65e44d8d9a20f55803aa1ddd36f649c83a"
score = 80
quality = 85
@@ -385584,8 +385996,8 @@ rule SIGNATURE_BASE_SUSP_ELF_LNX_UPX_Compressed_File : FILE
date = "2018-12-12"
modified = "2023-12-05"
reference = "Internal Research"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_elf_file_anomalies.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_elf_file_anomalies.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0d310de1ab68bd6da9ae057c7edea0d6b24d408f85ec40c2306f1ac8a2bc2f55"
score = 40
quality = 85
@@ -385610,8 +386022,8 @@ rule SIGNATURE_BASE_Hiddencobra_R4_Wiper_1 : FILE
date = "2017-12-12"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hiddencobra_wiper.yar#L8-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hiddencobra_wiper.yar#L8-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "0e88b7f8491e87cce0deb5f246ca521bdb556b9c79c697559bdf8b0b332e714e"
score = 75
quality = 85
@@ -385633,8 +386045,8 @@ rule SIGNATURE_BASE_Hiddencobra_R4_Wiper_2 : FILE
date = "2017-12-12"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hiddencobra_wiper.yar#L22-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hiddencobra_wiper.yar#L22-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "f537f67be28f854db0d56199d2a43f90cf6c80469a6f9853db0cd550440c7e1f"
score = 75
quality = 85
@@ -385656,8 +386068,8 @@ rule SIGNATURE_BASE_Apt_Win32_Dll_Rat_Hizorrat : FILE
date = "2016-02-15"
modified = "2023-12-05"
reference = "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hizor_rat.yar#L1-L28"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hizor_rat.yar#L1-L28"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4e3224d34db788d2cba9da74690bf75429d6e8a516d7666d0331e465d08640cb"
score = 75
quality = 85
@@ -385688,8 +386100,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_1 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_molerats_jul17.yar#L11-L25"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_molerats_jul17.yar#L11-L25"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1b7f00dfb83f5da46663d94f238b55e375743edbdb01701a78922b87c72c518a"
score = 75
quality = 85
@@ -385712,8 +386124,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_2 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_molerats_jul17.yar#L27-L42"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_molerats_jul17.yar#L27-L42"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "35a517039474dcc5d503a48ca17e544166ee2ed44417ea5e7711093d3956f80c"
score = 75
quality = 85
@@ -385738,8 +386150,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_3 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_molerats_jul17.yar#L44-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_molerats_jul17.yar#L44-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4829905ede523fd9ed2cdf610f8fce4c0a5d993885e1897d1782ca70e96fa9a2"
score = 75
quality = 85
@@ -385764,8 +386176,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_4 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_molerats_jul17.yar#L61-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_molerats_jul17.yar#L61-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "dec058ae52a860f4850d7b8024b96c5a9044fdcebadbc12b384f5a6dfae91634"
score = 75
quality = 85
@@ -385790,8 +386202,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_5 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_molerats_jul17.yar#L78-L95"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_molerats_jul17.yar#L78-L95"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "eb2bb54fc1749d8422cdc8e084e1fa66981611128f56e7d7d678f177d37b7cdd"
score = 75
quality = 85
@@ -385817,8 +386229,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_Dropper : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_molerats_jul17.yar#L97-L112"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_molerats_jul17.yar#L97-L112"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b356d8dbca8f4d11dda976e7eb03c993d05af35d13113b8c85fb07531a0203dc"
score = 75
quality = 85
@@ -385843,8 +386255,8 @@ rule SIGNATURE_BASE_Hiddencobra_BANKSHOT_Gen : FILE
date = "2017-12-26"
modified = "2022-06-10"
reference = "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hiddencobra_bankshot.yar#L11-L63"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hiddencobra_bankshot.yar#L11-L63"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "db4d396736ab42942f1a11a819419410e388b011e8992ad187c2f484d637c99c"
score = 75
quality = 83
@@ -385898,8 +386310,8 @@ rule SIGNATURE_BASE_Unauthorized_Proxy_Server_RAT
date = "2017-12-26"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_hiddencobra_bankshot.yar#L67-L92"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_hiddencobra_bankshot.yar#L67-L92"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7ede26272ddcb25dca2b44ff08b232f358078872f6cf76491b0fd8d65772c60d"
score = 75
quality = 85
@@ -385935,11 +386347,11 @@ rule SIGNATURE_BASE_URL_File_Local_EXE : FILE
date = "2017-10-04"
modified = "2023-12-05"
reference = "https://twitter.com/malwareforme/status/915300883012870144"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/gen_url_to_local_exe.yar#L1-L15"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/gen_url_to_local_exe.yar#L1-L15"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "b85b723142f52ade68f6eb8ba54bb7dffafce0df6d1ae8a7c08b3ce621ccadd4"
score = 60
- quality = 60
+ quality = 85
tags = "FILE"
license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
@@ -385960,8 +386372,8 @@ rule SIGNATURE_BASE_Tophat_Malware_Jan18_1 : FILE
date = "2018-01-29"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tophat.yar#L13-L36"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tophat.yar#L13-L36"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "69a1e1105b28d66203f74e68038efacc926e501e28a73865485adf2fd7fc0ac0"
score = 75
quality = 85
@@ -385992,8 +386404,8 @@ rule SIGNATURE_BASE_Tophat_Malware_Jan18_2 : FILE
date = "2018-01-29"
modified = "2023-01-06"
reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tophat.yar#L38-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tophat.yar#L38-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2321e89559363c04ef0e92a9c9e03d11ff27410103b3aaba954b544e33961b2f"
score = 75
quality = 85
@@ -386021,8 +386433,8 @@ rule SIGNATURE_BASE_Tophat_BAT : FILE
date = "2018-01-29"
modified = "2023-12-05"
reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_tophat.yar#L62-L78"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_tophat.yar#L62-L78"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "5dc58fa39d8b2aed95b39da575191fe5d10d5dd95b57c320cde8983505e7184f"
score = 75
quality = 85
@@ -386048,8 +386460,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_1 : FILE
date = "2024-07-12"
modified = "2024-12-12"
reference = "https://x.com/0xToxin/status/1811656147943752045"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/susp_bat_obfusc_jul24.yar#L2-L16"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_bat_obfusc_jul24.yar#L2-L16"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "683f4651eb8c5b74eca16e7f97c5c44f0d70f045ea49f1f3726cb6975aba2ab9"
score = 70
quality = 85
@@ -386070,8 +386482,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_2 : FILE
date = "2024-07-12"
modified = "2024-12-12"
reference = "https://x.com/0xToxin/status/1811656147943752045"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/susp_bat_obfusc_jul24.yar#L18-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_bat_obfusc_jul24.yar#L18-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "729ec93d180bf39c146c3fd847655340428abc3231b556ca51d3ca68825e7c3e"
score = 70
quality = 85
@@ -386092,8 +386504,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_3 : FILE
date = "2024-07-12"
modified = "2024-12-12"
reference = "https://x.com/0xToxin/status/1811656147943752045"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/susp_bat_obfusc_jul24.yar#L37-L54"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_bat_obfusc_jul24.yar#L37-L54"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ecbe7850349f0368620ff4294e5d0ca277983799eed510f8bf8abe4d4c192197"
score = 70
quality = 85
@@ -386116,8 +386528,8 @@ rule SIGNATURE_BASE_MAL_Devilstongue_Hijackdll : FILE
date = "2021-07-15"
modified = "2023-12-05"
reference = "https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_candiru.yar#L3-L47"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_candiru.yar#L3-L47"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "4ad58a77f9ab5fa078dc40f3ec1d0b0180f25ff3ea304a3c85889df29739e0f5"
score = 80
quality = 85
@@ -386146,8 +386558,8 @@ rule SIGNATURE_BASE_Hdroot_Sample_Jul17_1 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "Winnti HDRoot VT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_hdroot.yar#L11-L26"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_hdroot.yar#L11-L26"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "41127e6d70af4b095555285f3d5570fc4dbe2a7918664502057cdc4fed8fab33"
score = 75
quality = 85
@@ -386172,8 +386584,8 @@ rule SIGNATURE_BASE_Hdroot_Sample_Jul17_2 : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "Winnti HDRoot VT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_hdroot.yar#L28-L64"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_hdroot.yar#L28-L64"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "94288abb5c4da7c4b07eeae55070797af1556dac35ad012aff1bbe8c05e0a215"
score = 75
quality = 85
@@ -386216,8 +386628,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Jul17_1A : FILE
date = "2017-07-07"
modified = "2023-12-05"
reference = "Winnti HDRoot VT"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_winnti_hdroot.yar#L66-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_winnti_hdroot.yar#L66-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e23af53be3e700055ea6536669065c131e7f674d45e43a389447c8c1f549dee5"
score = 75
quality = 85
@@ -386244,8 +386656,8 @@ rule SIGNATURE_BASE_LOG_APT_WEBSHELL_Solarwinds_SUNBURST_Report_Webshell_Dec20_2
date = "2020-12-21"
modified = "2023-12-05"
reference = "https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_solarwinds_susp_sunburst.yar#L21-L32"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_solarwinds_susp_sunburst.yar#L21-L32"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ec52e244a483ace0f6932b553b159b23b767c00d1f64a4711e5f359832e846f5"
score = 75
quality = 60
@@ -386266,8 +386678,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Enc_PK_Header : HIDDEN_COBRA TYPEFRAME FILE
date = "2018-04-12"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ar18_165a.yar#L2-L19"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ar18_165a.yar#L2-L19"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d0c8345b69e5f421fd93bc239031f2e51a120ae64be1eca0c1fdae2aa55ac42a"
score = 75
quality = 85
@@ -386294,8 +386706,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Import_Obfuscation_2 : HIDDEN_COBRA TYPEFRAM
date = "2018-04-12"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ar18_165a.yar#L21-L41"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ar18_165a.yar#L21-L41"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d52fc053afc6b3beb35a6dfd0f9b3714a5bad4e9b0dcfcce7be87d65f0a0c23e"
score = 75
quality = 85
@@ -386325,8 +386737,8 @@ rule SIGNATURE_BASE_APT_NK_AR18_165A_Hiddencobra_Import_Deob : HIDDEN_COBRA TYPE
date = "2018-04-12"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ar18_165a.yar#L43-L60"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ar18_165a.yar#L43-L60"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "ae769e62fef4a1709c12c9046301aa5d"
hash = "e48fe20eblf5a5887f2ac631fed9ed63"
logic_hash = "2eff83738ca4f2db8327c1ee2a9539d7ce882a315025a656d391c16079e432cb"
@@ -386353,8 +386765,8 @@ rule SIGNATURE_BASE_APT_NK_AR18_165A_1 : FILE
date = "2018-06-15"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_ar18_165a.yar#L62-L76"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_ar18_165a.yar#L62-L76"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "7b87c537c9ff38329a5e1e39d5ad1d6cef724c580f246721443eab603534b29d"
score = 75
quality = 85
@@ -386378,8 +386790,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomware : FILE
date = "2017-05-12"
modified = "2023-12-05"
reference = "https://goo.gl/HG2j5T"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wannacry.yar#L12-L46"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wannacry.yar#L12-L46"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "a652444d7946dbbc4fae76cd01f2e20993999fd1e6fc48a9ac0da57aab87a2da"
score = 75
quality = 83
@@ -386421,8 +386833,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomware_Gen : FILE
date = "2017-05-12"
modified = "2023-12-05"
reference = "https://www.us-cert.gov/ncas/alerts/TA17-132A"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wannacry.yar#L48-L66"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wannacry.yar#L48-L66"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "8f81c918dc1e2c8ef2e334ae504f88b10aef9e54a64486061d45296d2d738aab"
score = 75
quality = 85
@@ -386450,8 +386862,8 @@ rule SIGNATURE_BASE_Wanncry_M_Vbs : FILE
date = "2017-05-12"
modified = "2023-12-05"
reference = "https://goo.gl/HG2j5T"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wannacry.yar#L68-L83"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wannacry.yar#L68-L83"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "e4606834535b4cad2e0d4a9bf6519fc4d749422fa4920f91fed9147ccfdff090"
score = 75
quality = 85
@@ -386476,8 +386888,8 @@ rule SIGNATURE_BASE_Wanncry_BAT : FILE
date = "2017-05-12"
modified = "2023-12-05"
reference = "https://goo.gl/HG2j5T"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wannacry.yar#L85-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wannacry.yar#L85-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "472c6aa0f1b5229d639ef347ea39947d3fd292cda3c4086e29a19b64daad4f3f"
score = 75
quality = 85
@@ -386503,8 +386915,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomnote : FILE
date = "2017-05-12"
modified = "2023-12-05"
reference = "https://goo.gl/HG2j5T"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wannacry.yar#L103-L117"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wannacry.yar#L103-L117"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "da814848f4616166bd7b92fa1d55a54b565fa8e6036cb895e5795448e989a99d"
score = 75
quality = 85
@@ -386528,8 +386940,8 @@ rule SIGNATURE_BASE_APT_Lazaruswannacry : FILE
date = "2017-05-15"
modified = "2023-12-05"
reference = "https://twitter.com/neelmehta/status/864164081116225536"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/crime_wannacry.yar#L121-L147"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/crime_wannacry.yar#L121-L147"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "9c7c7149387a1c79679a87dd1ba755bc"
hash = "ac21c8ad899727137c4b94458d7aa8d8"
logic_hash = "8b32f1ea45a346088a18761540df3387997b53ea853f7a53cd292c9224f11209"
@@ -386565,8 +386977,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_1 : FILE
date = "2017-07-08"
modified = "2023-12-05"
reference = "https://blogs.rsa.com/cat-phishing/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_zxshell.yar#L12-L30"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_zxshell.yar#L12-L30"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "30195ff91bd62e32784040f9ec2cf72db90ef1c75056abfd9740f35ce1baccd9"
score = 75
quality = 85
@@ -386594,8 +387006,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_2 : FILE
date = "2017-07-08"
modified = "2023-12-05"
reference = "https://blogs.rsa.com/cat-phishing/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_zxshell.yar#L32-L58"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_zxshell.yar#L32-L58"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "d7c9f2af3842d60cf4b0b64bdb687a32014b449b42b101394e0424c12fc2808e"
score = 75
quality = 85
@@ -386629,8 +387041,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_3 : FILE
date = "2017-07-08"
modified = "2023-12-05"
reference = "https://blogs.rsa.com/cat-phishing/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_zxshell.yar#L60-L74"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_zxshell.yar#L60-L74"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1d7dd59cf6ef24ce47431f9f3fbc980019880082b4e6162bae70b64abaa26db7"
score = 75
quality = 85
@@ -386654,8 +387066,8 @@ rule SIGNATURE_BASE_Zxshell_Jul17 : FILE
date = "2017-07-08"
modified = "2023-12-05"
reference = "https://blogs.rsa.com/cat-phishing/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_zxshell.yar#L76-L101"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_zxshell.yar#L76-L101"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "2c7467417ffc8b0ed3037ace9ce4183c9d4a90d1c087a420dd3c7a9c422621b1"
score = 75
quality = 85
@@ -386691,8 +387103,8 @@ rule SIGNATURE_BASE_Zxshell_20171211_Chrsben : FILE
date = "2017-12-11"
modified = "2023-12-05"
reference = "https://goo.gl/snc85M"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_zxshell.yar#L115-L138"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_zxshell.yar#L115-L138"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "361441404582b0eaca25954f7fe1a3a3b9fefd15cac78d61408bc50aeb78bb61"
score = 75
quality = 85
@@ -386718,8 +387130,8 @@ rule SIGNATURE_BASE_MAL_DNSPIONAGE_Malware_Nov18 : FILE
date = "2018-11-30"
modified = "2023-01-06"
reference = "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dnspionage.yar#L2-L21"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dnspionage.yar#L2-L21"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "c7f148b790c391283ac833236ad7fd3af7af517098adeaf88b8ee8d95df11487"
score = 75
quality = 85
@@ -386746,8 +387158,8 @@ rule SIGNATURE_BASE_APT_Dnspionage_Karkoff_Malware_Apr19_1 : FILE
date = "2019-04-24"
modified = "2023-12-05"
reference = "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_dnspionage.yar#L23-L48"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_dnspionage.yar#L23-L48"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1e8157cec7e70f7c95dffecd1c5a820f29825586a95f2a5c6e4db0a51b1d4708"
score = 75
quality = 85
@@ -386779,8 +387191,8 @@ rule SIGNATURE_BASE_Apt_RU_Turla_Kazuar_Debugview_Pefeatures : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://www.epicturla.com/blog/sysinturla"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_kazuar.yar#L15-L59"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_kazuar.yar#L15-L59"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "10c2e47e5c1885c7dc19d1fb7933c9b15911cbe4c6fba99b7f763738ae934126"
score = 85
quality = 85
@@ -386801,8 +387213,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_Turla_Kazuar_May20_1 : FILE
date = "2020-05-28"
modified = "2023-12-05"
reference = "https://www.epicturla.com/blog/sysinturla"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_turla_kazuar.yar#L61-L81"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_turla_kazuar.yar#L61-L81"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "547ed3cd88057ab91a0804ecf515eacca04fcf6e490aed1ee0f6a26c3d6b8268"
score = 75
quality = 85
@@ -386830,12 +387242,12 @@ rule SIGNATURE_BASE_EXPL_Office_Templateinjection_Aug19 : FILE
modified = "2025-03-20"
old_rule_name = "EXPL_Office_TemplateInjection"
reference = "https://attack.mitre.org/techniques/T1221/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/susp_office_template_injection.yar#L1-L20"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/susp_office_template_injection.yar#L1-L20"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "f2bdf3716b39d29a9c6c3b7b3355e935594b8d8e9149a784a59dc2381fa1628a"
logic_hash = "8f79a12a7d1e7284fe19d925910988dbbe7448e73df8d5d075310997d09a6348"
score = 75
- quality = 60
+ quality = 85
tags = "FILE"
strings:
@@ -386855,8 +387267,8 @@ rule SIGNATURE_BASE_EXPL_RAR_Archive_With_Path_Traversal_Aug25 : CVE_2025_8088 C
date = "2025-08-11"
modified = "2025-08-11"
reference = "https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_rar_archive_with_path_traversal_aug25.yar#L1-L24"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_rar_archive_with_path_traversal_aug25.yar#L1-L24"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
hash = "2a8fafa01f6d3863c87f20905736ebab28d6a5753ab708760c0b6cf3970828c3"
hash = "dfab2f25c9d870f30bbc4abb873d155cf4904ece536714fb9cd32b2e0126dfab"
hash = "107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806"
@@ -386882,8 +387294,8 @@ rule SIGNATURE_BASE_Rtf_CVE_2018_0802 : CVE_2018_0802 FILE
date = "2018-01-14"
modified = "2023-12-05"
reference = "http://www.freebuf.com/vuls/159789.html"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/exploit_cve_2018_0802.yar#L2-L14"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/exploit_cve_2018_0802.yar#L2-L14"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "ac1cd4f2162d2c8415e2ee5167cabb8e8aff08a06afe244f5bfe099f2d3fbeb4"
score = 75
quality = 83
@@ -386905,8 +387317,8 @@ rule SIGNATURE_BASE_Sofacy_Fybis_ELF_Backdoor_Gen1 : FILE
date = "2016-02-13"
modified = "2023-01-27"
reference = "http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_fysbis.yar#L9-L35"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_fysbis.yar#L9-L35"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "fb5239aa75512c8c83b066e64b75469f90fb22cb0918af1e44edb29e7ab38206"
score = 80
quality = 85
@@ -386938,8 +387350,8 @@ rule SIGNATURE_BASE_Sofacy_Fysbis_ELF_Backdoor_Gen2 : FILE
date = "2016-02-13"
modified = "2023-12-05"
reference = "http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"
- source_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/yara/apt_sofacy_fysbis.yar#L37-L55"
- license_url = "https://github.com/Neo23x0/signature-base/blob/6a18e50cdc09a14f850d17e6ae9c1f05f5ed9ba6/LICENSE"
+ source_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/yara/apt_sofacy_fysbis.yar#L37-L55"
+ license_url = "https://github.com/Neo23x0/signature-base/blob/63ed72f6a9032086f706578a6688d3072787612c/LICENSE"
logic_hash = "1d50a789e9c43fce27f3ad390cbdd9533c61e4f263cec1aa1abfba6545e55c57"
score = 80
quality = 85