Indicators of Compromises (IOC) of our various investigations
Python Makefile
Latest commit eb6180e Feb 21, 2017 Matthieu Faou committed with marc-etienne Fix RTM Run registry value name
Permalink
Failed to load latest commit information.
animalfarm Animal Farm (Dino) yara rules Aug 17, 2015
groundbait Fix two formatting typos in Groundbait readme May 18, 2016
keydnap Add Keydnap README and yara rule Jul 6, 2016
moose Added updated Suricata and Snort rules for Linux/Moose. Nov 2, 2016
mumblehard Add the other U-A pattern to Mumblehard's IoC Apr 6, 2016
potao Operation Potao: added Emerging Threats snort rules Aug 7, 2015
rakos Add Linux/Rakos IoCs Dec 20, 2016
rtm Fix RTM Run registry value name Feb 21, 2017
sednit Part 3 IoCs Oct 27, 2016
telebots MISP JSON export of TeleBots added Dec 13, 2016
windigo Add comment about OpenSSH 6.8 breaking the Ebury "-G" IoC Dec 14, 2015
LICENSE LICENSE file year bump May 27, 2015
Makefile
README.adoc Linux/Moose IOCs May 26, 2015

README.adoc

Malware Indicators of Compromise

Copyright © ESET 2014, 2015

Here are indicators of compromise (IOCs) of our various investigations. We are doing this to help the broader security community fight malware wherever it might be.

  • .yar files are Yara rules

  • .rules files are Snort rules

If you would like to contribute improved versions please send us a pull request.

If you’ve found false positives give us the details in an issue report and we’ll try to improve our IOCs.

These are licensed under the permissive BSD two-clause license. You are allowed to modify these and keep the changes to yourself even though it would be rude to do so.