Neo23x0/signature-base

Issues

• Help

  #328 opened 20 days ago by tmorganPDC
  0

• gen_anydesk_compromised_cert_feb23 is bullshit in case of older binary

  #325 opened 3 months ago by lhpitn
  6

• Undefined identifier "owner" in yara_mixed_ext_vars.yar line 391

  #322 opened 6 months ago by vitusb
  0

• False Positive in Rule WEBSHELL_PHP_Dynamic_Big

  #317 opened 7 months ago by gotmls
  3

• False positive Trojan:Script/Phonzy.A!ml

  #319 opened 7 months ago by groupecraft
  0

• False positive for the WEBSHELL_PHP_Dynamic_Big rule

  #309 opened 9 months ago by vsushkov
  2

• Invalid MD5 entry

  #305 opened a year ago by SkewedZeppelin
  1

• gen_mal_3cx_compromise_mar23.yar

  #303 opened a year ago by DYarizadeh
  1

• How to fix undefinied idenfier filename in Linux

  #293 opened a year ago by HydraDragonAntivirus
  5

• False Positive Notice - Trojan Characteristics (WhatsApp)

  #291 opened a year ago by Esky580
  1

• False Positive?

  #282 opened a year ago by derpeste
  1

• Generic JSP Webshell false negative

  #271 opened a year ago by orapic
  1

• False positive in hacktool_windows_mimikatz_modules rule?

  #272 opened a year ago by jcrg-rj
  0

• Yar file detected as suspicious file in Window

  #262 opened a year ago by knowpage
  0

• VT thor comments break on semicolon

  #237 opened 2 years ago by ruppde
  1

• How to run this

  #246 opened 2 years ago by HackersBun
  2

• expl_outlook_cve_2023_23397.yar syntax error

  #249 opened 2 years ago by celevra
  3

• False positive with Wordpress_Config_Webshell_Preprend rule in thor-webshells.yar

  #228 opened 2 years ago by CyberCr33p
  0

• false positive domains in "US-CERT TA17-293A"

  #226 opened 2 years ago by marcuskbr
  1

• Wrong file ending?

  #225 opened 2 years ago by zagge-cgeo
  2

• Backdoor:PHP/Dirtelti:HA in thor-webshells.yar ?

  #217 opened 2 years ago by bekuno
  5

• Reporting false positive: Synology Drive Client

  #214 opened 2 years ago by NikGnuel
  2

• ascore instead of score in f5 rule

  #198 opened 2 years ago by petiepooo
  1

• note

  #212 opened 2 years ago by daveaitel
  1

• Update/increase max filesize in Suspicious_Size_explorer_exe rule?

  #207 opened 2 years ago by khalavak
  2

• False Positive from Vim package

  #210 opened 2 years ago by Fryyyyy
  1

• get-otx-iocs.py: TypeError: a bytes-like object is required, not 'str'

  #94 opened 2 years ago by SergeyDrachuk
  2

• False Positives for Asus LightningService.exe and AsPowerBar.exe

  #135 opened 2 years ago by russdan
  2

• SUSP_Reversed_Base64_Encoded_EXE

  #148 opened 2 years ago by y0d4a
  1

• thor lite folder and url shortcut

  #150 opened 2 years ago by JayDee168
  1

• ProxyShell webshell YARA rules - compiling error

  #156 opened 2 years ago by santhuj93
  1

• Tetris YARA Rule - Includes simple rule

  #172 opened 2 years ago by SasquatchSecurity
  1

• Non-Acunetix file FP for rule CN_Honker_Acunetix_Web_Vulnerability_Scanner_8_x_Enterprise_Edition_KeyGen

  #177 opened 2 years ago by caliskanfurkan
  0

• False Positive: foo.txt file

  #182 opened 2 years ago by annagustav
  0

• False positive: /usr/share/locale/zh_TW/LC_MESSAGES/libuser.mo

  #194 opened 2 years ago by Fryyyyy
  0

• False Positives: APT_DarkHydrus_Jul18_4

  #195 opened 2 years ago by ForensicITGuy
  1

• False positive legitimate kernel32.dll and pcasvc.dll

  #187 opened 2 years ago by st3l1n
  3

• False Positives for some Norton 360 files

  #181 opened 3 years ago by GerardVIE
  1

• False Positive - aviatnetworks.com

  #169 opened 3 years ago by upcboy
  0

• Switch to Detection Rule License (DRL 1.0)

  #147 opened 3 years ago by Neo23x0
  0

• false positive

  #115 opened 4 years ago by MandiYang
  1

• False Positive: APT_NK_Methodology_Artificial_UserAgent_IE_Win7

  #116 opened 4 years ago by afcyrus
  1

• False Positive: For retail software at www.my-software.co.uk

  #122 opened 4 years ago by tmancey
  1

• False Positive for plugin Thrive WordPress

  #144 opened 4 years ago by rafaelarcanjo
  2

• rule "HKTL_Meterpreter_inMemory": duplicated string identifier "$xx1"

  #146 opened 4 years ago by eredi93
  0

• Wrong CVE for Hafnium?

  #133 opened 4 years ago by trtracer
  1

• crime_dearcry_ransom.yar string s5 is there twice

  #129 opened 4 years ago by LeanVel
  1

• No update

  #124 opened 4 years ago by EstherMoellman
  2

• Logging detection

  #127 opened 4 years ago by acoral2
  0

• False Positive: sosreport files

  #96 opened 4 years ago by steezermcfresh
  0