TKCERT / winnti-suricata-luaLinks
Suricata rules to detect Winnti communication
☆15Updated 7 years ago
Alternatives and similar repositories for winnti-suricata-lua
Users that are interested in winnti-suricata-lua are comparing it to the libraries listed below
Sorting:
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Updated 5 years ago
- ☆41Updated 2 years ago
- A Yara Lua output script for Suricata☆20Updated 6 years ago
- A collection of Indicators of Compromise (IoCs), most aligning with samples derived from the signatures in the YARA-Signatures repo☆30Updated 5 years ago
- Create Suricata and Snort DNS signatures given a single domain or list of domains in a file.☆18Updated 7 years ago
- This repository contains tools used by 401trg.☆20Updated 4 years ago
- Crack your macros like the math pros.☆33Updated 8 years ago
- YETI (Your Everyday Threat Intelligence) Integration to Elastic Stack☆16Updated 4 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- Malware samples observed in the wild from time to time☆12Updated 6 years ago
- Bro integration with osquery☆15Updated 2 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- Detect kerberos attacks in pcap files☆29Updated 9 years ago
- Bro PCAP Processing and Tagging API☆28Updated 7 years ago
- Steezy - Ghetto Yara Generation☆15Updated 2 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- A golang implementation of a prefetch parser.☆20Updated 3 weeks ago
- Tracking APT IOCs☆25Updated 4 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 7 years ago
- Generate bulk YARA rules from YAML input☆22Updated 5 years ago
- Collect autorun records from running system☆60Updated 3 years ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Updated 7 years ago
- Old home of LimaCharlie, open source EDR☆31Updated last year
- event shipper for Carbon Black Defense notifications☆10Updated 2 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Updated 9 years ago
- ☆12Updated 7 years ago
- Presentation materials for talks I've given.☆20Updated 5 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Proofpoint - Emerging Threats - Threat Research tools + publicly shared intel and documentation☆77Updated 2 months ago
- Yara Ruleset for scanning Linux servers for shells, spamming, phishing and other webserver baddies☆102Updated 4 years ago