├── .gitignore ├── README.md ├── community.pyproj ├── community.sln └── modules ├── machinemanagers └── .gitignore ├── processing └── .gitignore ├── reporting └── .gitignore └── signatures ├── andromeda_apis.py ├── antianalysis_detectfile.py ├── antianalysis_detectreg.py ├── antiav_avast_libs.py ├── antiav_bitdefender_libs.py ├── antiav_detectfile.py ├── antiav_detectreg.py ├── antiav_servicestop.py ├── antiav_srp.py ├── antidbg_devices.py ├── antidbg_windows.py ├── antiemu_wine.py ├── antiemu_wine_func.py ├── antisandbox_cuckoo.py ├── antisandbox_joe_anubis_files.py ├── antisandbox_mouse_hook.py ├── antisandbox_productid.py ├── antisandbox_sboxie_libs.py ├── antisandbox_sboxie_mutex.py ├── antisandbox_sboxie_objects.py ├── antisandbox_sleep.py ├── antisandbox_sunbelt_files.py ├── antisandbox_sunbelt_libs.py ├── antisandbox_suspend.py ├── antisandbox_unhook.py ├── antivirus_virustotal.py ├── antivm_dirobjects.py ├── antivm_generic_bios.py ├── antivm_generic_cpu.py ├── antivm_generic_disk.py ├── antivm_generic_disk_setupapi.py ├── antivm_generic_diskreg.py ├── antivm_generic_scsi.py ├── antivm_generic_services.py ├── antivm_generic_system.py ├── antivm_vbox_acpi.py ├── antivm_vbox_devices.py ├── antivm_vbox_files.py ├── antivm_vbox_keys.py ├── antivm_vbox_libs.py ├── antivm_vbox_provname.py ├── antivm_vbox_window.py ├── antivm_vmware_devices.py ├── antivm_vmware_events.py ├── antivm_vmware_files.py ├── antivm_vmware_keys.py ├── antivm_vmware_libs.py ├── antivm_vmware_mutexes.py ├── antivm_vpc_files.py ├── antivm_vpc_keys.py ├── antivm_vpc_mutex.py ├── bad_certs.py ├── bad_ssl_certs.py ├── banker_cridex.py ├── banker_geodo.py ├── banker_prinimalka.py ├── banker_spyeye_mutex.py ├── banker_zeus_mutex.py ├── banker_zeus_p2p.py ├── banker_zeus_url.py ├── betabot_apis.py ├── bitcoin_opencl.py ├── bootkit.py ├── bot_athenahttp.py ├── bot_dirtjumper.py ├── bot_drive.py ├── bot_drive2.py ├── bot_madness.py ├── bot_russkill.py ├── browser_addon.py ├── browser_bho.py ├── browser_proxy.py ├── browser_scanbox.py ├── browser_security.py ├── browser_startpage.py ├── bypass_firewall.py ├── carberp_mutex.py ├── chimera_apis.py ├── clickfraud_cookies.py ├── clickfraud_volume.py ├── copies_self.py ├── creates_largekey.py ├── creates_nullvalue.py ├── critical_process.py ├── cryptowall_apis.py ├── darkcomet_regkeys.py ├── dead_link.py ├── debugs_self.py ├── deepfreeze_mutex.py ├── deletes_self.py ├── deletes_shadowcopies.py ├── dep_bypass.py ├── dep_disable.py ├── disables_browserwarn.py ├── disables_spdy.py ├── disables_sysrestore.py ├── disables_uac.py ├── disables_wer.py ├── disables_wfp.py ├── disables_windowsupdate.py ├── downloader_cabby.py ├── dridex_apis.py ├── driver_load.py ├── dropper.py ├── dyre_apis.py ├── ek_angler.py ├── ek_gondad.py ├── ek_heapsray.py ├── ek_javaapplet.py ├── ek_neutrino.py ├── ek_nuclear.py ├── ek_rig.py ├── ek_silverlight.py ├── ek_virtualcheck.py ├── encrypted_ioc.py ├── exec_crash.py ├── generic_phish.py ├── hawkeye_apis.py ├── infostealer_bitcoin.py ├── infostealer_browser.py ├── infostealer_ftp.py ├── infostealer_im.py ├── infostealer_keylog.py ├── infostealer_mail.py ├── injection_createremotethread.py ├── injection_explorer.py ├── injection_needextension.py ├── injection_runpe.py ├── injection_rwx.py ├── internet_dropper.py ├── js_phish.py ├── kazybot_apis.py ├── kibex_apis.py ├── kraken_mutex.py ├── locker_regedit.py ├── locker_taskmgr.py ├── martians_ie.py ├── mimics_agent.py ├── mimics_filename.py ├── mimics_filetime.py ├── mimics_icon.py ├── modifies_certs.py ├── modifies_hostsfile.py ├── modifies_seccenter.py ├── modifies_uac_notify.py ├── multiple_ua.py ├── network_anomaly.py ├── network_bind.py ├── network_cnc_http.py ├── network_dga.py ├── network_http.py ├── network_icmp.py ├── network_irc.py ├── network_smtp.py ├── network_tor.py ├── network_tor_service.py ├── network_torgateway.py ├── office_dl_write_exe.py ├── office_macro.py ├── office_security.py ├── office_suspicious.py ├── origin_langid.py ├── origin_resource_langid.py ├── packer_armadillo_mutex.py ├── packer_armadillo_regkey.py ├── packer_entropy.py ├── packer_themida.py ├── packer_upx.py ├── packer_vmprotect.py ├── pdf_annot_urls.py ├── pdf_eof.py ├── pdf_page.py ├── persistence_ads.py ├── persistence_autorun.py ├── persistence_service.py ├── polymorphic.py ├── pony_apis.py ├── powershell_command.py ├── prevents_safeboot.py ├── process_interest.py ├── process_needed.py ├── procmem_yara.py ├── ransomware_fileextensions.py ├── ransomware_files.py ├── ransomware_recyclebin.py ├── rat_beebus_mutex.py ├── rat_fynloski_mutex.py ├── rat_pcclient.py ├── rat_plugx_mutex.py ├── rat_poisonivy.py ├── rat_spynet.py ├── rat_xtreme_mutex.py ├── reads_self.py ├── recon_beacon.py ├── recon_checkip.py ├── recon_fingerprint.py ├── recon_programs.py ├── recon_systeminfo.py ├── removes_zoneid_ads.py ├── secure_login_phish.py ├── setsautoconfigurl.py ├── shifu_apis.py ├── sniffer_winpcap.py ├── spoofs_procname.py ├── spreading_autoruninf.py ├── stack_pivot.py ├── static_authenticode.py ├── static_java.py ├── static_pe_anomaly.py ├── static_rat_config.py ├── static_versioninfo_anomaly.py ├── stealth_childproc.py ├── stealth_file.py ├── stealth_hiddenreg.py ├── stealth_hidenotifications.py ├── stealth_network.py ├── stealth_timelimit.py ├── stealth_webhistory.py ├── stealth_window.py ├── suricata_alert.py ├── targeted_flame.py ├── tinba_apis.py ├── trojan_fleercivet_mutex.py ├── upatre_apis.py ├── vawtrak_apis.py ├── vawtrak_dll_apis.py ├── virus.py ├── volatility_sig.py ├── webmail_phish.py └── whois_create.py /.gitignore: -------------------------------------------------------------------------------- 1 | community.v12.suo 2 | UpgradeLog.htm 3 | 4 | # Ignore Python byte code 5 | *.pyc 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/README.md -------------------------------------------------------------------------------- /community.pyproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/community.pyproj -------------------------------------------------------------------------------- /community.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/community.sln -------------------------------------------------------------------------------- /modules/machinemanagers/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/processing/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/reporting/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/signatures/andromeda_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/andromeda_apis.py -------------------------------------------------------------------------------- /modules/signatures/antianalysis_detectfile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antianalysis_detectfile.py -------------------------------------------------------------------------------- /modules/signatures/antianalysis_detectreg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antianalysis_detectreg.py -------------------------------------------------------------------------------- /modules/signatures/antiav_avast_libs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiav_avast_libs.py -------------------------------------------------------------------------------- /modules/signatures/antiav_bitdefender_libs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiav_bitdefender_libs.py -------------------------------------------------------------------------------- /modules/signatures/antiav_detectfile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiav_detectfile.py -------------------------------------------------------------------------------- /modules/signatures/antiav_detectreg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiav_detectreg.py -------------------------------------------------------------------------------- /modules/signatures/antiav_servicestop.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiav_servicestop.py -------------------------------------------------------------------------------- /modules/signatures/antiav_srp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiav_srp.py -------------------------------------------------------------------------------- /modules/signatures/antidbg_devices.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antidbg_devices.py -------------------------------------------------------------------------------- /modules/signatures/antidbg_windows.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antidbg_windows.py -------------------------------------------------------------------------------- /modules/signatures/antiemu_wine.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiemu_wine.py -------------------------------------------------------------------------------- /modules/signatures/antiemu_wine_func.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antiemu_wine_func.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_cuckoo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_cuckoo.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_joe_anubis_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_joe_anubis_files.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_mouse_hook.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_mouse_hook.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_productid.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_productid.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_sboxie_libs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_sboxie_libs.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_sboxie_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_sboxie_mutex.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_sboxie_objects.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_sboxie_objects.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_sleep.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_sleep.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_sunbelt_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_sunbelt_files.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_sunbelt_libs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_sunbelt_libs.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_suspend.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_suspend.py -------------------------------------------------------------------------------- /modules/signatures/antisandbox_unhook.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antisandbox_unhook.py -------------------------------------------------------------------------------- /modules/signatures/antivirus_virustotal.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivirus_virustotal.py -------------------------------------------------------------------------------- /modules/signatures/antivm_dirobjects.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_dirobjects.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_bios.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_bios.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_cpu.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_cpu.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_disk.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_disk.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_disk_setupapi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_disk_setupapi.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_diskreg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_diskreg.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_scsi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_scsi.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_services.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_services.py -------------------------------------------------------------------------------- /modules/signatures/antivm_generic_system.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_generic_system.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_acpi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_acpi.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_devices.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_devices.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_files.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_keys.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_keys.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_libs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_libs.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_provname.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_provname.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vbox_window.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vbox_window.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vmware_devices.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vmware_devices.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vmware_events.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vmware_events.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vmware_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vmware_files.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vmware_keys.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vmware_keys.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vmware_libs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vmware_libs.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vmware_mutexes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vmware_mutexes.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vpc_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vpc_files.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vpc_keys.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vpc_keys.py -------------------------------------------------------------------------------- /modules/signatures/antivm_vpc_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/antivm_vpc_mutex.py -------------------------------------------------------------------------------- /modules/signatures/bad_certs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bad_certs.py -------------------------------------------------------------------------------- /modules/signatures/bad_ssl_certs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bad_ssl_certs.py -------------------------------------------------------------------------------- /modules/signatures/banker_cridex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_cridex.py -------------------------------------------------------------------------------- /modules/signatures/banker_geodo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_geodo.py -------------------------------------------------------------------------------- /modules/signatures/banker_prinimalka.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_prinimalka.py -------------------------------------------------------------------------------- /modules/signatures/banker_spyeye_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_spyeye_mutex.py -------------------------------------------------------------------------------- /modules/signatures/banker_zeus_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_zeus_mutex.py -------------------------------------------------------------------------------- /modules/signatures/banker_zeus_p2p.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_zeus_p2p.py -------------------------------------------------------------------------------- /modules/signatures/banker_zeus_url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/banker_zeus_url.py -------------------------------------------------------------------------------- /modules/signatures/betabot_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/betabot_apis.py -------------------------------------------------------------------------------- /modules/signatures/bitcoin_opencl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bitcoin_opencl.py -------------------------------------------------------------------------------- /modules/signatures/bootkit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bootkit.py -------------------------------------------------------------------------------- /modules/signatures/bot_athenahttp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bot_athenahttp.py -------------------------------------------------------------------------------- /modules/signatures/bot_dirtjumper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bot_dirtjumper.py -------------------------------------------------------------------------------- /modules/signatures/bot_drive.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bot_drive.py -------------------------------------------------------------------------------- /modules/signatures/bot_drive2.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bot_drive2.py -------------------------------------------------------------------------------- /modules/signatures/bot_madness.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bot_madness.py -------------------------------------------------------------------------------- /modules/signatures/bot_russkill.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bot_russkill.py -------------------------------------------------------------------------------- /modules/signatures/browser_addon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/browser_addon.py -------------------------------------------------------------------------------- /modules/signatures/browser_bho.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/browser_bho.py -------------------------------------------------------------------------------- /modules/signatures/browser_proxy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/browser_proxy.py -------------------------------------------------------------------------------- /modules/signatures/browser_scanbox.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/browser_scanbox.py -------------------------------------------------------------------------------- /modules/signatures/browser_security.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/browser_security.py -------------------------------------------------------------------------------- /modules/signatures/browser_startpage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/browser_startpage.py -------------------------------------------------------------------------------- /modules/signatures/bypass_firewall.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/bypass_firewall.py -------------------------------------------------------------------------------- /modules/signatures/carberp_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/carberp_mutex.py -------------------------------------------------------------------------------- /modules/signatures/chimera_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/chimera_apis.py -------------------------------------------------------------------------------- /modules/signatures/clickfraud_cookies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/clickfraud_cookies.py -------------------------------------------------------------------------------- /modules/signatures/clickfraud_volume.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/clickfraud_volume.py -------------------------------------------------------------------------------- /modules/signatures/copies_self.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/copies_self.py -------------------------------------------------------------------------------- /modules/signatures/creates_largekey.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/creates_largekey.py -------------------------------------------------------------------------------- /modules/signatures/creates_nullvalue.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/creates_nullvalue.py -------------------------------------------------------------------------------- /modules/signatures/critical_process.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/critical_process.py -------------------------------------------------------------------------------- /modules/signatures/cryptowall_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/cryptowall_apis.py -------------------------------------------------------------------------------- /modules/signatures/darkcomet_regkeys.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/darkcomet_regkeys.py -------------------------------------------------------------------------------- /modules/signatures/dead_link.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/dead_link.py -------------------------------------------------------------------------------- /modules/signatures/debugs_self.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/debugs_self.py -------------------------------------------------------------------------------- /modules/signatures/deepfreeze_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/deepfreeze_mutex.py -------------------------------------------------------------------------------- /modules/signatures/deletes_self.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/deletes_self.py -------------------------------------------------------------------------------- /modules/signatures/deletes_shadowcopies.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/deletes_shadowcopies.py -------------------------------------------------------------------------------- /modules/signatures/dep_bypass.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/dep_bypass.py -------------------------------------------------------------------------------- /modules/signatures/dep_disable.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/dep_disable.py -------------------------------------------------------------------------------- /modules/signatures/disables_browserwarn.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_browserwarn.py -------------------------------------------------------------------------------- /modules/signatures/disables_spdy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_spdy.py -------------------------------------------------------------------------------- /modules/signatures/disables_sysrestore.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_sysrestore.py -------------------------------------------------------------------------------- /modules/signatures/disables_uac.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_uac.py -------------------------------------------------------------------------------- /modules/signatures/disables_wer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_wer.py -------------------------------------------------------------------------------- /modules/signatures/disables_wfp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_wfp.py -------------------------------------------------------------------------------- /modules/signatures/disables_windowsupdate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/disables_windowsupdate.py -------------------------------------------------------------------------------- /modules/signatures/downloader_cabby.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/downloader_cabby.py -------------------------------------------------------------------------------- /modules/signatures/dridex_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/dridex_apis.py -------------------------------------------------------------------------------- /modules/signatures/driver_load.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/driver_load.py -------------------------------------------------------------------------------- /modules/signatures/dropper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/dropper.py -------------------------------------------------------------------------------- /modules/signatures/dyre_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/dyre_apis.py -------------------------------------------------------------------------------- /modules/signatures/ek_angler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_angler.py -------------------------------------------------------------------------------- /modules/signatures/ek_gondad.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_gondad.py -------------------------------------------------------------------------------- /modules/signatures/ek_heapsray.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_heapsray.py -------------------------------------------------------------------------------- /modules/signatures/ek_javaapplet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_javaapplet.py -------------------------------------------------------------------------------- /modules/signatures/ek_neutrino.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_neutrino.py -------------------------------------------------------------------------------- /modules/signatures/ek_nuclear.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_nuclear.py -------------------------------------------------------------------------------- /modules/signatures/ek_rig.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_rig.py -------------------------------------------------------------------------------- /modules/signatures/ek_silverlight.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_silverlight.py -------------------------------------------------------------------------------- /modules/signatures/ek_virtualcheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ek_virtualcheck.py -------------------------------------------------------------------------------- /modules/signatures/encrypted_ioc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/encrypted_ioc.py -------------------------------------------------------------------------------- /modules/signatures/exec_crash.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/exec_crash.py -------------------------------------------------------------------------------- /modules/signatures/generic_phish.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/generic_phish.py -------------------------------------------------------------------------------- /modules/signatures/hawkeye_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/hawkeye_apis.py -------------------------------------------------------------------------------- /modules/signatures/infostealer_bitcoin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/infostealer_bitcoin.py -------------------------------------------------------------------------------- /modules/signatures/infostealer_browser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/infostealer_browser.py -------------------------------------------------------------------------------- /modules/signatures/infostealer_ftp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/infostealer_ftp.py -------------------------------------------------------------------------------- /modules/signatures/infostealer_im.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/infostealer_im.py -------------------------------------------------------------------------------- /modules/signatures/infostealer_keylog.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/infostealer_keylog.py -------------------------------------------------------------------------------- /modules/signatures/infostealer_mail.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/infostealer_mail.py -------------------------------------------------------------------------------- /modules/signatures/injection_createremotethread.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/injection_createremotethread.py -------------------------------------------------------------------------------- /modules/signatures/injection_explorer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/injection_explorer.py -------------------------------------------------------------------------------- /modules/signatures/injection_needextension.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/injection_needextension.py -------------------------------------------------------------------------------- /modules/signatures/injection_runpe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/injection_runpe.py -------------------------------------------------------------------------------- /modules/signatures/injection_rwx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/injection_rwx.py -------------------------------------------------------------------------------- /modules/signatures/internet_dropper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/internet_dropper.py -------------------------------------------------------------------------------- /modules/signatures/js_phish.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/js_phish.py -------------------------------------------------------------------------------- /modules/signatures/kazybot_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/kazybot_apis.py -------------------------------------------------------------------------------- /modules/signatures/kibex_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/kibex_apis.py -------------------------------------------------------------------------------- /modules/signatures/kraken_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/kraken_mutex.py -------------------------------------------------------------------------------- /modules/signatures/locker_regedit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/locker_regedit.py -------------------------------------------------------------------------------- /modules/signatures/locker_taskmgr.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/locker_taskmgr.py -------------------------------------------------------------------------------- /modules/signatures/martians_ie.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/martians_ie.py -------------------------------------------------------------------------------- /modules/signatures/mimics_agent.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/mimics_agent.py -------------------------------------------------------------------------------- /modules/signatures/mimics_filename.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/mimics_filename.py -------------------------------------------------------------------------------- /modules/signatures/mimics_filetime.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/mimics_filetime.py -------------------------------------------------------------------------------- /modules/signatures/mimics_icon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/mimics_icon.py -------------------------------------------------------------------------------- /modules/signatures/modifies_certs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/modifies_certs.py -------------------------------------------------------------------------------- /modules/signatures/modifies_hostsfile.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/modifies_hostsfile.py -------------------------------------------------------------------------------- /modules/signatures/modifies_seccenter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/modifies_seccenter.py -------------------------------------------------------------------------------- /modules/signatures/modifies_uac_notify.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/modifies_uac_notify.py -------------------------------------------------------------------------------- /modules/signatures/multiple_ua.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/multiple_ua.py -------------------------------------------------------------------------------- /modules/signatures/network_anomaly.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_anomaly.py -------------------------------------------------------------------------------- /modules/signatures/network_bind.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_bind.py -------------------------------------------------------------------------------- /modules/signatures/network_cnc_http.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_cnc_http.py -------------------------------------------------------------------------------- /modules/signatures/network_dga.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_dga.py -------------------------------------------------------------------------------- /modules/signatures/network_http.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_http.py -------------------------------------------------------------------------------- /modules/signatures/network_icmp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_icmp.py -------------------------------------------------------------------------------- /modules/signatures/network_irc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_irc.py -------------------------------------------------------------------------------- /modules/signatures/network_smtp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_smtp.py -------------------------------------------------------------------------------- /modules/signatures/network_tor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_tor.py -------------------------------------------------------------------------------- /modules/signatures/network_tor_service.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_tor_service.py -------------------------------------------------------------------------------- /modules/signatures/network_torgateway.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/network_torgateway.py -------------------------------------------------------------------------------- /modules/signatures/office_dl_write_exe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/office_dl_write_exe.py -------------------------------------------------------------------------------- /modules/signatures/office_macro.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/office_macro.py -------------------------------------------------------------------------------- /modules/signatures/office_security.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/office_security.py -------------------------------------------------------------------------------- /modules/signatures/office_suspicious.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/office_suspicious.py -------------------------------------------------------------------------------- /modules/signatures/origin_langid.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/origin_langid.py -------------------------------------------------------------------------------- /modules/signatures/origin_resource_langid.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/origin_resource_langid.py -------------------------------------------------------------------------------- /modules/signatures/packer_armadillo_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/packer_armadillo_mutex.py -------------------------------------------------------------------------------- /modules/signatures/packer_armadillo_regkey.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/packer_armadillo_regkey.py -------------------------------------------------------------------------------- /modules/signatures/packer_entropy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/packer_entropy.py -------------------------------------------------------------------------------- /modules/signatures/packer_themida.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/packer_themida.py -------------------------------------------------------------------------------- /modules/signatures/packer_upx.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/packer_upx.py -------------------------------------------------------------------------------- /modules/signatures/packer_vmprotect.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/packer_vmprotect.py -------------------------------------------------------------------------------- /modules/signatures/pdf_annot_urls.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/pdf_annot_urls.py -------------------------------------------------------------------------------- /modules/signatures/pdf_eof.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/pdf_eof.py -------------------------------------------------------------------------------- /modules/signatures/pdf_page.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/pdf_page.py -------------------------------------------------------------------------------- /modules/signatures/persistence_ads.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/persistence_ads.py -------------------------------------------------------------------------------- /modules/signatures/persistence_autorun.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/persistence_autorun.py -------------------------------------------------------------------------------- /modules/signatures/persistence_service.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/persistence_service.py -------------------------------------------------------------------------------- /modules/signatures/polymorphic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/polymorphic.py -------------------------------------------------------------------------------- /modules/signatures/pony_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/pony_apis.py -------------------------------------------------------------------------------- /modules/signatures/powershell_command.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/powershell_command.py -------------------------------------------------------------------------------- /modules/signatures/prevents_safeboot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/prevents_safeboot.py -------------------------------------------------------------------------------- /modules/signatures/process_interest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/process_interest.py -------------------------------------------------------------------------------- /modules/signatures/process_needed.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/process_needed.py -------------------------------------------------------------------------------- /modules/signatures/procmem_yara.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/procmem_yara.py -------------------------------------------------------------------------------- /modules/signatures/ransomware_fileextensions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ransomware_fileextensions.py -------------------------------------------------------------------------------- /modules/signatures/ransomware_files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ransomware_files.py -------------------------------------------------------------------------------- /modules/signatures/ransomware_recyclebin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/ransomware_recyclebin.py -------------------------------------------------------------------------------- /modules/signatures/rat_beebus_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_beebus_mutex.py -------------------------------------------------------------------------------- /modules/signatures/rat_fynloski_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_fynloski_mutex.py -------------------------------------------------------------------------------- /modules/signatures/rat_pcclient.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_pcclient.py -------------------------------------------------------------------------------- /modules/signatures/rat_plugx_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_plugx_mutex.py -------------------------------------------------------------------------------- /modules/signatures/rat_poisonivy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_poisonivy.py -------------------------------------------------------------------------------- /modules/signatures/rat_spynet.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_spynet.py -------------------------------------------------------------------------------- /modules/signatures/rat_xtreme_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/rat_xtreme_mutex.py -------------------------------------------------------------------------------- /modules/signatures/reads_self.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/reads_self.py -------------------------------------------------------------------------------- /modules/signatures/recon_beacon.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/recon_beacon.py -------------------------------------------------------------------------------- /modules/signatures/recon_checkip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/recon_checkip.py -------------------------------------------------------------------------------- /modules/signatures/recon_fingerprint.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/recon_fingerprint.py -------------------------------------------------------------------------------- /modules/signatures/recon_programs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/recon_programs.py -------------------------------------------------------------------------------- /modules/signatures/recon_systeminfo.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/recon_systeminfo.py -------------------------------------------------------------------------------- /modules/signatures/removes_zoneid_ads.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/removes_zoneid_ads.py -------------------------------------------------------------------------------- /modules/signatures/secure_login_phish.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/secure_login_phish.py -------------------------------------------------------------------------------- /modules/signatures/setsautoconfigurl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/setsautoconfigurl.py -------------------------------------------------------------------------------- /modules/signatures/shifu_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/shifu_apis.py -------------------------------------------------------------------------------- /modules/signatures/sniffer_winpcap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/sniffer_winpcap.py -------------------------------------------------------------------------------- /modules/signatures/spoofs_procname.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/spoofs_procname.py -------------------------------------------------------------------------------- /modules/signatures/spreading_autoruninf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/spreading_autoruninf.py -------------------------------------------------------------------------------- /modules/signatures/stack_pivot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stack_pivot.py -------------------------------------------------------------------------------- /modules/signatures/static_authenticode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/static_authenticode.py -------------------------------------------------------------------------------- /modules/signatures/static_java.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/static_java.py -------------------------------------------------------------------------------- /modules/signatures/static_pe_anomaly.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/static_pe_anomaly.py -------------------------------------------------------------------------------- /modules/signatures/static_rat_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/static_rat_config.py -------------------------------------------------------------------------------- /modules/signatures/static_versioninfo_anomaly.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/static_versioninfo_anomaly.py -------------------------------------------------------------------------------- /modules/signatures/stealth_childproc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_childproc.py -------------------------------------------------------------------------------- /modules/signatures/stealth_file.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_file.py -------------------------------------------------------------------------------- /modules/signatures/stealth_hiddenreg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_hiddenreg.py -------------------------------------------------------------------------------- /modules/signatures/stealth_hidenotifications.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_hidenotifications.py -------------------------------------------------------------------------------- /modules/signatures/stealth_network.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_network.py -------------------------------------------------------------------------------- /modules/signatures/stealth_timelimit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_timelimit.py -------------------------------------------------------------------------------- /modules/signatures/stealth_webhistory.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_webhistory.py -------------------------------------------------------------------------------- /modules/signatures/stealth_window.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/stealth_window.py -------------------------------------------------------------------------------- /modules/signatures/suricata_alert.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/suricata_alert.py -------------------------------------------------------------------------------- /modules/signatures/targeted_flame.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/targeted_flame.py -------------------------------------------------------------------------------- /modules/signatures/tinba_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/tinba_apis.py -------------------------------------------------------------------------------- /modules/signatures/trojan_fleercivet_mutex.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/trojan_fleercivet_mutex.py -------------------------------------------------------------------------------- /modules/signatures/upatre_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/upatre_apis.py -------------------------------------------------------------------------------- /modules/signatures/vawtrak_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/vawtrak_apis.py -------------------------------------------------------------------------------- /modules/signatures/vawtrak_dll_apis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/vawtrak_dll_apis.py -------------------------------------------------------------------------------- /modules/signatures/virus.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/virus.py -------------------------------------------------------------------------------- /modules/signatures/volatility_sig.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/volatility_sig.py -------------------------------------------------------------------------------- /modules/signatures/webmail_phish.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/webmail_phish.py -------------------------------------------------------------------------------- /modules/signatures/whois_create.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/brad-sp/community-modified/HEAD/modules/signatures/whois_create.py --------------------------------------------------------------------------------