All Projects → Neo23x0 → Signature Base

Neo23x0 / Signature Base

Licence: other
Signature base for my scanner tools

Projects that are alternatives of or similar to Signature Base

Loki
Loki - Simple IOC and Incident Response Scanner
Stars: ✭ 2,217 (+82.92%)
Mutual labels:  hash, dfir, scanner, yara, signature, ioc
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (-63.78%)
Mutual labels:  dfir, threat-hunting, threat-intelligence, yara, ioc
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (-75.25%)
Mutual labels:  dfir, threat-intelligence, yara, ioc
Mthc
All-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-88.94%)
Mutual labels:  dfir, threat-hunting, threat-intelligence
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-86.63%)
Mutual labels:  threat-hunting, threat-intelligence, ioc
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-90.76%)
Mutual labels:  scanner, threat-hunting, threat-intelligence
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-94.55%)
Mutual labels:  scanner, threat-hunting, yara
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-81.52%)
Mutual labels:  dfir, threat-hunting, threat-intelligence
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-98.18%)
Mutual labels:  ioc, threat-hunting, threat-intelligence
Yobi
Yara Based Detection Engine for web browsers
Stars: ✭ 39 (-96.78%)
Mutual labels:  scanner, dfir, yara
MalwareHashDB
Malware hashes for open source projects.
Stars: ✭ 31 (-97.44%)
Mutual labels:  ioc, hash, threat-intelligence
Dnstwist
Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation
Stars: ✭ 3,124 (+157.76%)
Mutual labels:  scanner, threat-hunting, threat-intelligence
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+74.42%)
Mutual labels:  threat-hunting, threat-intelligence, ioc
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-91.34%)
Mutual labels:  threat-hunting, threat-intelligence, ioc
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+15.02%)
Mutual labels:  threat-hunting, yara, ioc
Analyzer
🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (-91.09%)
Mutual labels:  threat-intelligence, yara, ioc
yara-rules
Yara rules written by me, for free use.
Stars: ✭ 13 (-98.93%)
Mutual labels:  dfir, yara, threat-intelligence
Lw Yara
Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies
Stars: ✭ 78 (-93.56%)
Mutual labels:  dfir, yara, signature
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-70.05%)
Mutual labels:  threat-hunting, threat-intelligence, ioc
Ethereumjs Util
Project is in active development and has been moved to the EthereumJS monorepo.
Stars: ✭ 534 (-55.94%)
Mutual labels:  hash, signature

Build Status

Signature-Base

Signature-Base is the YARA signature and IOC database for our scanners LOKI and THOR Lite

Focus of Signature-Base

  1. High quality YARA rules and IOCs with minimal false positives
  2. Clear structure
  3. Consistent rule format

Directory Structure

  • iocs - Simple IOC files (CSV)
  • yara - YARA rules
  • threatintel - Threat Intel API Receiver (MISP, OTX)
  • misc - Other input files (not IOCs or signatures)

External Variables in YARA Rules

Using the YARA rules in a tool other than LOKI or THOR Lite will cause errors stating an undefined identifier. The rules that make use of external variables have been moved to the following 4 rule set files:

  • ./yara/generic_anomalies.yar
  • ./yara/general_cloaking.yar
  • ./yara/thor_inverse_matches.yar
  • ./yara/yara_mixed_ext_vars.yar

High Quality YARA Rules Feed

If you liked my rules, please check our commercial rule set and rule feed service, which contains better and 20 times the number of rules.

FAQs

How can I report false positives?

Use the issues section of this repository.

How can I provide a YARA rule or IOCs?

I accept pull requests. See this thread for some help on how to create such a request.

What are the differences between THOR Lite and LOKI?

See our comparison table here.

License

Creative Commons License

All signatures and IOC files in this repository, except the YARA rules created by 3rd parties, are licensed under the Creative Commons Attribution-NonCommercial 4.0 International License.

The license of this repository changed in August 2018. All forks or copies of this repository that were created before August 26th of 2018 are licensed under GPL 3.0. you can find the last GPL version in the release section.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].