Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / Neo23x0/signature-base issues and pull requests
#325 - gen_anydesk_compromised_cert_feb23 is bullshit in case of older binary
Issue -
State: closed - Opened by lhpitn 17 days ago
- 6 comments
#324 - fix fp in Suspicious_Size_taskhost_exe
Pull Request -
State: open - Opened by ruppde 3 months ago
#323 - fix fp in Suspicious_Size_firefox_exe
Pull Request -
State: open - Opened by ruppde 4 months ago
#322 - Undefined identifier "owner" in yara_mixed_ext_vars.yar line 391
Issue -
State: open - Opened by vitusb 4 months ago
#321 - Update RegEx Patterns for YARA-X Compatibility
Pull Request -
State: closed - Opened by ForensicITGuy 4 months ago
- 2 comments
#320 - Update vuln_paloalto_cve_2024_3400_apr24.yar
Pull Request -
State: open - Opened by mgreen27 4 months ago
#319 - False positive Trojan:Script/Phonzy.A!ml
Issue -
State: open - Opened by groupecraft 5 months ago
#318 - Update configured_vulns_ext_vars.yar
Pull Request -
State: closed - Opened by ruppde 5 months ago
#317 - False Positive in Rule WEBSHELL_PHP_Dynamic_Big
Issue -
State: open - Opened by gotmls 5 months ago
- 3 comments
#316 - fix: more generic FPs
Pull Request -
State: closed - Opened by phantinuss 6 months ago
#315 - feat: EXT_SUSP_GObfuscate_May21 modification
Pull Request -
State: closed - Opened by pH-T 6 months ago
#314 - Update bkdr_xz_util_cve_2024_3094.yar
Pull Request -
State: closed - Opened by ruppde 6 months ago
#313 - Added rule detecting backdoored liblzma
Pull Request -
State: closed - Opened by 3c7 6 months ago
- 1 comment
#312 - fix some regex and add *.swp to .gitignore
Pull Request -
State: closed - Opened by ruppde 6 months ago
#311 - Update LICENSE
Pull Request -
State: open - Opened by Neo23x0 7 months ago
#310 - Create MacOS_RustDoor_Malware.yar
Pull Request -
State: closed - Opened by raid-sailor 7 months ago
#309 - False positive for the WEBSHELL_PHP_Dynamic_Big rule
Issue -
State: closed - Opened by vsushkov 7 months ago
- 2 comments
#308 - False positive with getgo readme
Pull Request -
State: closed - Opened by Fryyyyy 8 months ago
- 1 comment
#307 - feat: new rules related to Peach Sandstorm APT
Pull Request -
State: closed - Opened by X-Junior 8 months ago
#306 - Inserting new unpacked IcedID detection signature - crime_icedid.yar file
Pull Request -
State: closed - Opened by Icaro-Cesar 8 months ago
#305 - Invalid MD5 entry
Issue -
State: closed - Opened by SkewedZeppelin 9 months ago
- 1 comment
#304 - fix: FP with Windows server 2k8
Pull Request -
State: closed - Opened by phantinuss 9 months ago
#303 - gen_mal_3cx_compromise_mar23.yar
Issue -
State: open - Opened by DYarizadeh 9 months ago
- 1 comment
#302 - Create mal_fake_document_software.yar
Pull Request -
State: closed - Opened by cod3nym 9 months ago
#301 - refactor: change uuid to id
Pull Request -
State: closed - Opened by Neo23x0 10 months ago
#300 - UUID inserts
Pull Request -
State: closed - Opened by Neo23x0 10 months ago
#299 - feat: UUIDs generate with yara-uuid-generator
Pull Request -
State: closed - Opened by Neo23x0 10 months ago
#298 - Update gen_webshells.yar
Pull Request -
State: closed - Opened by ruppde 10 months ago
#297 - Update gen_github_net_redteam_tools_guids.yar
Pull Request -
State: closed - Opened by ruppde 10 months ago
- 4 comments
#296 - fix: Remove Rule with to many FPs
Pull Request -
State: closed - Opened by humpalum 11 months ago
#295 - fix: variable in condition
Pull Request -
State: closed - Opened by phantinuss 11 months ago
- 1 comment
#294 - fix: FP with WhatsApp default location
Pull Request -
State: closed - Opened by phantinuss 11 months ago
#293 - How to fix undefinied idenfier filename in Linux
Issue -
State: closed - Opened by HydraDragonAntivirus 11 months ago
- 5 comments
#292 - fix: FP found in customer Env
Pull Request -
State: closed - Opened by humpalum 11 months ago
#291 - False Positive Notice - Trojan Characteristics (WhatsApp)
Issue -
State: closed - Opened by Esky580 12 months ago
- 1 comment
#290 - fix: FPs found in testing env
Pull Request -
State: closed - Opened by phantinuss 12 months ago
#289 - Update gen_webshells.yar
Pull Request -
State: closed - Opened by ruppde about 1 year ago
#288 - Update gen_vcruntime140_dll_sideloading.yar
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#287 - Update gen_vcruntime140_dll_sideloading.yar
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#286 - fix: missing pe
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#285 - Create exploit_cve_2023_38146.yar
Pull Request -
State: closed - Opened by MHaggis about 1 year ago
#284 - Add gen_vcruntime140_dll_sideloading.yar
Pull Request -
State: closed - Opened by cod3nym about 1 year ago
#283 - fix missing "end of comment"
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#282 - False Positive?
Issue -
State: closed - Opened by derpeste about 1 year ago
- 1 comment
#281 - Update mal_ducktail_compromised_certs_jun23.yar
Pull Request -
State: closed - Opened by dr4k0nia about 1 year ago
#280 - Fix the YARA assembly workflow
Pull Request -
State: closed - Opened by 0xThiebaut about 1 year ago
#279 - Update expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#278 - changes to old rules
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#277 - another Citrix netscaler rule (ext vars)
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#276 - Update airbnb_binaryalert.yar
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#275 - Turla IOCs
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#274 - Citrix Netscaler filename IOCs
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#273 - Create expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#272 - False positive in hacktool_windows_mimikatz_modules rule?
Issue -
State: open - Opened by jcrg-rj about 1 year ago
#271 - Generic JSP Webshell false negative
Issue -
State: open - Opened by orapic about 1 year ago
- 1 comment
#270 - Rename vuln_keepass_brute_forceable.yar to vuln_keepass_brute_forcibl…
Pull Request -
State: closed - Opened by Neo23x0 about 1 year ago
#269 - Create vuln_keepass_brute_forceable.yar
Pull Request -
State: closed - Opened by ruppde about 1 year ago
#268 - Update certificates for ducktail rule
Pull Request -
State: closed - Opened by dr4k0nia about 1 year ago
#267 - fix: FP found in testing
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#266 - Update mal_ducktail_compromised_certs_jun23.yar
Pull Request -
State: closed - Opened by dr4k0nia about 1 year ago
#265 - fix: FPs found in testing
Pull Request -
State: closed - Opened by phantinuss about 1 year ago
#264 - feat: add new rule related to moveit exploitation
Pull Request -
State: closed - Opened by nasbench over 1 year ago
- 2 comments
#263 - fix: FPs found in testing environment
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#262 - Yar file detected as suspicious file in Window
Issue -
State: open - Opened by knowpage over 1 year ago
#261 - Create susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar
Pull Request -
State: closed - Opened by X-Junior over 1 year ago
#260 - fix: FP with THORs representation of multivalue registry keys
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#259 - Suggestion: remove due to regular FPs
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#258 - fix: FPs found in customer env
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#257 - Update gen_github_net_redteam_tools_guids.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#256 - Create apt_lazarus_gopuram.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#255 - Update gen_webshells.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
- 2 comments
#254 - Update thor-hacktools.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#253 - Update c2-iocs.txt
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#252 - Added IPM.Appointment to TNEF rule
Pull Request -
State: closed - Opened by 3c7 over 1 year ago
#251 - Update gen_imphash_detection.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#250 - Create gen_malware_by_imphash_and_rich_pe_header_hash.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
- 1 comment
#249 - expl_outlook_cve_2023_23397.yar syntax error
Issue -
State: open - Opened by celevra over 1 year ago
- 3 comments
#248 - Update expl_outlook_cve_2023_23397.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
- 1 comment
#247 - Update gen_github_net_redteam_tools_guids.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#246 - How to run this
Issue -
State: open - Opened by HackersBun over 1 year ago
- 2 comments
#245 - [CVE-2023-23397] Add rule variant for SMTP/EML files
Pull Request -
State: closed - Opened by 3c7 over 1 year ago
#244 - Update expl_outlook_cve_2023_23397.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#243 - Added Transport Neutral Encapsulation Format (TNEF) for CVE-2023-23397
Pull Request -
State: closed - Opened by 3c7 over 1 year ago
#242 - PR for ruppde commit f73abca
Pull Request -
State: closed - Opened by 3c7 over 1 year ago
#241 - Update expl_outlook_cve_2023_23397.yar
Pull Request -
State: closed - Opened by 3c7 over 1 year ago
- 1 comment
#240 - fix: add HTTP return code for unauthorized
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#239 - Find driver signed by suspicious company (see references)
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#238 - Update gen_mimikatz.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#237 - VT thor comments break on semicolon
Issue -
State: closed - Opened by ruppde over 1 year ago
- 1 comment
#236 - fix: remove FP hashes file
Pull Request -
State: closed - Opened by secDre4mer over 1 year ago
#235 - Yara rule for TinyShell
Pull Request -
State: closed - Opened by nfsec over 1 year ago
- 1 comment
#234 - new rules
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#233 - add HKTL_Python_sectools
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#232 - chore: change meta data file=type to tagging as FILE
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#231 - refactor: changes due to yaraQA
Pull Request -
State: closed - Opened by Gude5 over 1 year ago
#230 - improve runtime performance of rule in bulk scanning
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#229 - fix: FP with mitre json
Pull Request -
State: closed - Opened by phantinuss over 1 year ago
#227 - Update gen_github_net_redteam_tools_guids.yar
Pull Request -
State: closed - Opened by ruppde over 1 year ago
#223 - Create gen_web_filesize_anomalies.yar
Pull Request -
State: closed - Opened by blueteam0ps over 1 year ago
#179 - Update SocGholish js YARA based on new samples.
Pull Request -
State: closed - Opened by bodziurity over 2 years ago