eset / malware-ioc Goto Github PK
View Code? Open in Web Editor NEWIndicators of Compromises (IOC) of our various investigations
Home Page: https://www.welivesecurity.com
License: BSD 2-Clause "Simplified" License
Indicators of Compromises (IOC) of our various investigations
Home Page: https://www.welivesecurity.com
License: BSD 2-Clause "Simplified" License
Hello could you upload yara rules of Dino malware?
thanks indeed
Linux/Adware.Adstantinko.B
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
MD5: 762ae30efb7c40101ab33a297598f928
SHA1: e0969297f21ce3b3905ace756c427c9695cb9054
Hi there,
Why is our software being flagged as malware?
Matches rule skip20_sqllang_hook
by Mathieu Tartare <[email protected]>
from ruleset skip20_sqllang_hook
at https://github.com/eset/malware-ioc
YARA rule to detect if a sqllang.dll version is targeted by skip-2.0. Each byte pattern corresponds to a function hooked by skip-2.0. If $1_0 or $1_1 match, it is probably targeted as it corresponds to the hook responsible for bypassing the authentication.
https://github.com/ConcealNetwork/conceal-desktop
Could you please assist?
Thank you
I know it might not be as popuar as before, but what happened to the MISP files added with the IOCs?
I was very happy to see you were using that format to share the IOC of the campaigns, but on the last few there are no files like that. Did you stop using MSIP?
Thanks
Hi Team,
Could you share a MISP ready file for your repo so users could just import the IOCs to their MISP?
Thanks!
looks like one of the lines under 'c2 domains' is:PolyglotDuke
I presume this is a mistaken inclusion?
(since it's not a domain)
https://github.com/eset/malware-ioc/tree/master/dukes#cc-domains
Can't call method "f" on an undefined value at windigo_signatures.pl line 224.
This is perl 5, version 24, subversion 1 (v5.24.1) built for x86_64-linux-gnu-thread-multi
Linux wordpress-vm 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux
(this standart VM from template Word-Press-by-Bitnami from Google Cloud)
This work has rightly gone viral, and at least one person not understanding the "$/#" prompt convention has received a false "System infected" result: http://www.raspberrypi.org/phpBB3/viewtopic.php?p=522156#p522156
I hesitate to suggest a solution to this problem, because obviously none is perfect. But perhaps omitting the "$" on non-root commands would be safer than including it.
Any reason the https://github.com/eset/malware-ioc/tree/master/blacklotus do not have the three signed, legit yet vulnerable UEFI drivers?
hvloader.efi
bootmgr.efi
bootmgfw.efi
for AMD and Intel?
This link gives a 404 page. Is either a dead or misconfigured link.
I found one of the malware samples having an entry of https://gitlab.com/jhondeer123/test/raw/master/test.py .Please let me know if we can add this on the repo so that i could make a pull request.
If this are under bsd license I think it makes sense to include them in the alienvault otx, or ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.