GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fireeye → Sunburst_countermeasures

fireeye / Sunburst_countermeasures

Licence: other

Labels

yara

Projects that are alternatives of or similar to Sunburst countermeasures

yara-rules
Yara rules written by me, for free use.
Stars: ✭ 13 (-97.5%)
Mutual labels:  yara
Yara Rules
Repository of YARA rules made by McAfee ATR Team
Stars: ✭ 283 (-45.47%)
Mutual labels:  yara
Strelka
Real-time, container-based file scanning at enterprise scale
Stars: ✭ 387 (-25.43%)
Mutual labels:  yara
yarasploit
YaraSploit is a collection of Yara rules generated from Metasploit framework shellcodes.
Stars: ✭ 31 (-94.03%)
Mutual labels:  yara
Reversinglabs Yara Rules
ReversingLabs YARA Rules
Stars: ✭ 280 (-46.05%)
Mutual labels:  yara
Hamburglar
Hamburglar -- collect useful information from urls, directories, and files
Stars: ✭ 321 (-38.15%)
Mutual labels:  yara
YaraSyntax
YARA package for Sublime Text
Stars: ✭ 15 (-97.11%)
Mutual labels:  yara
Yara
The pattern matching swiss knife
Stars: ✭ 5,209 (+903.66%)
Mutual labels:  yara
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (-45.09%)
Mutual labels:  yara
Yara Python
The Python interface for YARA
Stars: ✭ 368 (-29.09%)
Mutual labels:  yara
freki
🐺 Malware analysis platform
Stars: ✭ 327 (-36.99%)
Mutual labels:  yara
Mquery
YARA malware query accelerator (web frontend)
Stars: ✭ 264 (-49.13%)
Mutual labels:  yara
Icewater
16,432 Free Yara rules created by
Stars: ✭ 324 (-37.57%)
Mutual labels:  yara
MeltingPot
A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
Stars: ✭ 23 (-95.57%)
Mutual labels:  yara
Threatingestor
Extract and aggregate threat intelligence.
Stars: ✭ 439 (-15.41%)
Mutual labels:  yara
static file analysis
Analysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (-93.45%)
Mutual labels:  yara
Python Iocextract
Defanged Indicator of Compromise (IOC) Extractor.
Stars: ✭ 300 (-42.2%)
Mutual labels:  yara
Multiscanner
Modular file scanning/analysis framework
Stars: ✭ 494 (-4.82%)
Mutual labels:  yara
Peframe
PEframe is a open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
Stars: ✭ 472 (-9.06%)
Mutual labels:  yara
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (-32.18%)
Mutual labels:  yara
View All Similar Projects ➔

FireEye Mandiant SunBurst Countermeasures

These rules are provided freely to the community without warranty.

In this GitHub repository you will find rules in multiple languages:

  • Snort
  • Yara
  • IOC
  • ClamAV

The rules are categorized and labeled into two release states:

  • Production: rules that are expected to perform with minimal tuning.
  • Supplemental: rules that are known to require further environment-specific tuning and tweaking to perform, and are often used for hunting workflows.

Please check back to this GitHub for updates to these rules.

FireEye customers can refer to the FireEye Community (community.fireeye.com) for information on how FireEye products detect these threats.

The entire risk as to quality and performance of these rules is with the users.

Please review the FireEye blog for additional details on this threat.

Please note: COSMICGALE and SUPERNOVA signatures and indicators are confirmed to detect malicious files and activity, however they have not been directly associated with the current UNC2452 Solarwinds compromise.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].