{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":355611968,"defaultBranch":"master","name":"signature-base","ownerLogin":"ruppde","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2021-04-07T16:25:59.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/46819580?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1718026442.0","currentOid":""},"activityList":{"items":[{"before":"6b8e2a00e5aafcfcfc767f3f53ae986cf81f968a","after":"9eec1e4384a9765b7edfbb4afe02dd29e72012a0","ref":"refs/heads/fix-fps-in-Suspicious_Size_taskhost_exe","pushedAt":"2024-06-10T13:34:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix fp in Suspicious_Size_taskhost_exe\n\nalready fixed internally","shortMessageHtmlLink":"fix fp in Suspicious_Size_taskhost_exe"}},{"before":null,"after":"6b8e2a00e5aafcfcfc767f3f53ae986cf81f968a","ref":"refs/heads/fix-fps-in-Suspicious_Size_taskhost_exe","pushedAt":"2024-06-10T13:34:02.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge pull request #321 from ForensicITGuy/yara-x-regex-compatibility-update\n\nUpdate RegEx Patterns for YARA-X Compatibility","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2317344942\" data-permission-text=\"Title is private\" data-url=\"https://github.com/Neo23x0/signature-base/issues/321\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/Neo23x0/signature-base/pull/321/hovercard\" href=\"https://github.com/Neo23x0/signature-base/pull/321\">Neo23x0#321</a> from ForensicITGuy/yara-x-regex-compat…"}},{"before":"007d9ddee386f68aca3a3aac5e1514782f02ed2d","after":"7aa23ca0982cbceb126166870457f80656d4d8fe","ref":"refs/heads/master","pushedAt":"2024-06-03T17:34:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix fp in Suspicious_Size_firefox_exe\n\nalready done internally","shortMessageHtmlLink":"fix fp in Suspicious_Size_firefox_exe"}},{"before":"88b7d2a036aa1f628e9ccdd58eacf990dee58785","after":"007d9ddee386f68aca3a3aac5e1514782f02ed2d","ref":"refs/heads/master","pushedAt":"2024-05-13T17:00:02.000Z","pushType":"push","commitsCount":9,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Create apt_cisco_asa_line_dancer_apr24.yar","shortMessageHtmlLink":"Create apt_cisco_asa_line_dancer_apr24.yar"}},{"before":"bf8b00df32c6f1d1af9cb41ce2a99be9cc7ecbe5","after":"88b7d2a036aa1f628e9ccdd58eacf990dee58785","ref":"refs/heads/master","pushedAt":"2024-04-15T07:49:08.000Z","pushType":"push","commitsCount":13,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update configured_vulns_ext_vars.yar\n\nremove commands which are only dangerous if not followed by specific file or if using wildcards","shortMessageHtmlLink":"Update configured_vulns_ext_vars.yar"}},{"before":"1c1ff0640d0353143d1483d47099efde0572cca1","after":"bf8b00df32c6f1d1af9cb41ce2a99be9cc7ecbe5","ref":"refs/heads/master","pushedAt":"2024-03-30T11:41:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update bkdr_xz_util_cve_2024_3094.yar\n\nadd 2 more hashes","shortMessageHtmlLink":"Update bkdr_xz_util_cve_2024_3094.yar"}},{"before":"eb917bc1f49e9f51074c5f139abbd2db9748e575","after":"1c1ff0640d0353143d1483d47099efde0572cca1","ref":"refs/heads/master","pushedAt":"2024-03-30T11:32:03.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update bkdr_xz_util_cve_2024_3094.yar\n\nfix shifted hex","shortMessageHtmlLink":"Update bkdr_xz_util_cve_2024_3094.yar"}},{"before":"cd7651d2ccf4158a35a8d1cc0441928f7d92818f","after":"eb917bc1f49e9f51074c5f139abbd2db9748e575","ref":"refs/heads/master","pushedAt":"2024-03-30T11:27:16.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge branch 'master' of https://github.com/Neo23x0/signature-base","shortMessageHtmlLink":"Merge branch 'master' of <a href=\"https://github.com/Neo23x0/signature-base\">https://github.com/Neo23x0/signature-base</a>"}},{"before":null,"after":"e75e1df5fcaeba28cdaf8fb3f3718053e75e1409","ref":"refs/heads/fix-gen-webshell","pushedAt":"2024-03-11T09:58:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix some regex and add *.swp to .gitignore","shortMessageHtmlLink":"fix some regex and add *.swp to .gitignore"}},{"before":"8f43991154d559f2b9a71e302a866c40d9859a03","after":"cd7651d2ccf4158a35a8d1cc0441928f7d92818f","ref":"refs/heads/master","pushedAt":"2024-03-11T09:41:15.000Z","pushType":"push","commitsCount":47,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix: hash value","shortMessageHtmlLink":"fix: hash value"}},{"before":"458c6d1446bae1b704a960ef112287733a039ce0","after":"8f43991154d559f2b9a71e302a866c40d9859a03","ref":"refs/heads/master","pushedAt":"2024-02-23T08:49:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update gen_webshells.yar\n\nfix https://github.com/Neo23x0/signature-base/issues/309","shortMessageHtmlLink":"Update gen_webshells.yar"}},{"before":"911aca5df55761dec49b4340728fa2d36c6e72e3","after":"458c6d1446bae1b704a960ef112287733a039ce0","ref":"refs/heads/master","pushedAt":"2023-12-19T20:25:29.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update gen_github_net_redteam_tools_guids.yar\n\n+ HKTL_NET_GUID_SharpShareFinder\n+ HKTL_NET_GUID_POSTDump","shortMessageHtmlLink":"Update gen_github_net_redteam_tools_guids.yar"}},{"before":"bcd497df4af1600ed47a265d9df9e46dfb3b9b04","after":"911aca5df55761dec49b4340728fa2d36c6e72e3","ref":"refs/heads/master","pushedAt":"2023-12-06T18:12:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update gen_github_net_redteam_tools_guids.yar\n\n3 more rules","shortMessageHtmlLink":"Update gen_github_net_redteam_tools_guids.yar"}},{"before":null,"after":"7dc4dbb37bb959fd2e8b9b67ee1ec5727b74edee","ref":"refs/heads/regex-fix-gen_webshells","pushedAt":"2023-12-03T07:52:13.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update gen_webshells.yar\n\nperformance fix regexes","shortMessageHtmlLink":"Update gen_webshells.yar"}},{"before":"4c954452fc6a15da79c4978fffe5b40b2e8b13a1","after":"bcd497df4af1600ed47a265d9df9e46dfb3b9b04","ref":"refs/heads/master","pushedAt":"2023-12-03T07:38:17.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge branch 'Neo23x0:master' into master","shortMessageHtmlLink":"Merge branch 'Neo23x0:master' into master"}},{"before":"8f6a4c4415445e6f52534b15eec1d657db36d83a","after":"4c954452fc6a15da79c4978fffe5b40b2e8b13a1","ref":"refs/heads/master","pushedAt":"2023-11-30T17:45:12.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge branch 'master' of https://github.com/ruppde/signature-base","shortMessageHtmlLink":"Merge branch 'master' of <a href=\"https://github.com/ruppde/signature-base\">https://github.com/ruppde/signature-base</a>"}},{"before":"2bf29e3880bf7e5f4733fcdea8f6db2c5baf1214","after":"8f6a4c4415445e6f52534b15eec1d657db36d83a","ref":"refs/heads/master","pushedAt":"2023-11-30T17:43:23.000Z","pushType":"push","commitsCount":40,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix: FPs and meta values","shortMessageHtmlLink":"fix: FPs and meta values"}},{"before":"1e90ec68f70b1c4df0d50ffdbf5c586177cf6849","after":"2bf29e3880bf7e5f4733fcdea8f6db2c5baf1214","ref":"refs/heads/master","pushedAt":"2023-10-05T06:46:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"fix: missing opening brackets","shortMessageHtmlLink":"fix: missing opening brackets"}},{"before":"2e756517384a9ad090643897ccfd9450f6688822","after":"1e90ec68f70b1c4df0d50ffdbf5c586177cf6849","ref":"refs/heads/master","pushedAt":"2023-10-05T06:43:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"Update yara_mixed_ext_vars.yar","shortMessageHtmlLink":"Update yara_mixed_ext_vars.yar"}},{"before":"0e96d86cbd4661f2b995512ad2b733fdeb402487","after":"2e756517384a9ad090643897ccfd9450f6688822","ref":"refs/heads/master","pushedAt":"2023-10-04T18:55:33.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge branch 'master' of https://github.com/ruppde/signature-base","shortMessageHtmlLink":"Merge branch 'master' of <a href=\"https://github.com/ruppde/signature-base\">https://github.com/ruppde/signature-base</a>"}},{"before":"b1a41dc10983f24816251d702b865d619a4e1f50","after":"0e96d86cbd4661f2b995512ad2b733fdeb402487","ref":"refs/heads/master","pushedAt":"2023-10-03T22:01:52.000Z","pushType":"push","commitsCount":9,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge branch 'Neo23x0:master' into master","shortMessageHtmlLink":"Merge branch 'Neo23x0:master' into master"}},{"before":"e36e80afbf14c95fe6360845e40eadb7499aff43","after":"b1a41dc10983f24816251d702b865d619a4e1f50","ref":"refs/heads/master","pushedAt":"2023-09-18T15:25:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Update gen_webshells.yar\n\n- add http_response_code(404) to WEBSHELL_PHP_Generic_Callback\n- fix https://github.com/NextronSystems/thor-lite/issues/30","shortMessageHtmlLink":"Update gen_webshells.yar"}},{"before":"435d67c96e32347a82a14951aab432b84b615441","after":"e36e80afbf14c95fe6360845e40eadb7499aff43","ref":"refs/heads/master","pushedAt":"2023-09-18T15:03:11.000Z","pushType":"push","commitsCount":13,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Merge pull request #288 from Neo23x0/Neo23x0-patch-4\n\nUpdate gen_vcruntime140_dll_sideloading.yar","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1899341306\" data-permission-text=\"Title is private\" data-url=\"https://github.com/Neo23x0/signature-base/issues/288\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/Neo23x0/signature-base/pull/288/hovercard\" href=\"https://github.com/Neo23x0/signature-base/pull/288\">Neo23x0#288</a> from Neo23x0/Neo23x0-patch-4"}},{"before":"2e6e1c932d2a96314f13d0331f39496dd059862d","after":"435d67c96e32347a82a14951aab432b84b615441","ref":"refs/heads/master","pushedAt":"2023-09-13T21:07:10.000Z","pushType":"push","commitsCount":46,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"some fixes","shortMessageHtmlLink":"some fixes"}},{"before":"9a734de5d9c4446b5e7c5364864b388a544f2ddb","after":"2e6e1c932d2a96314f13d0331f39496dd059862d","ref":"refs/heads/master","pushedAt":"2023-07-21T07:35:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"fix: wording in rule name > forcible","shortMessageHtmlLink":"fix: wording in rule name &gt; forcible"}},{"before":"0c875f03e6c49aa68da26786d93858eab0b1de12","after":"9a734de5d9c4446b5e7c5364864b388a544f2ddb","ref":"refs/heads/master","pushedAt":"2023-07-21T07:32:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"adjust indentation","shortMessageHtmlLink":"adjust indentation"}},{"before":"6b7cb019d1cbe85a1a128b65b917d4b3282634cc","after":"0c875f03e6c49aa68da26786d93858eab0b1de12","ref":"refs/heads/master","pushedAt":"2023-07-21T07:31:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Neo23x0","name":"Florian Roth","path":"/Neo23x0","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2851492?s=80&v=4"},"commit":{"message":"add score","shortMessageHtmlLink":"add score"}},{"before":"edd4165415dbdd1b622f4a2a379427968a750425","after":"6b7cb019d1cbe85a1a128b65b917d4b3282634cc","ref":"refs/heads/master","pushedAt":"2023-07-20T20:04:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"Create vuln_keepass_brute_forceable.yar\n\nDetects KeePass .kdbx password stores, which could be brute forced to steal the credentials. With AES-KDF and less than 65536 iterations the cracking speed with a single GPU is 20k/s, for the old default of 6.000 iterations it's 200k/s. Best remediation is to change the key derivative function to Argon2d and delete all older versions of the .kdbx","shortMessageHtmlLink":"Create vuln_keepass_brute_forceable.yar"}},{"before":"60ecfbe9f1bbab86e9222da5729ffac7b2cd7c7c","after":"edd4165415dbdd1b622f4a2a379427968a750425","ref":"refs/heads/master","pushedAt":"2023-07-20T18:34:58.002Z","pushType":"push","commitsCount":22,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix: rule prone to FPs","shortMessageHtmlLink":"fix: rule prone to FPs"}},{"before":"60ecfbe9f1bbab86e9222da5729ffac7b2cd7c7c","after":"edd4165415dbdd1b622f4a2a379427968a750425","ref":"refs/heads/master","pushedAt":"2023-07-20T18:34:58.000Z","pushType":"push","commitsCount":22,"pusher":{"login":"ruppde","name":"Arnim Rupp","path":"/ruppde","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/46819580?s=80&v=4"},"commit":{"message":"fix: rule prone to FPs","shortMessageHtmlLink":"fix: rule prone to FPs"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEYSjwYgA","startCursor":null,"endCursor":null}},"title":"Activity · ruppde/signature-base"}