add some more default bad signatures to ruleset.conf.sample (#103)

* add more default bad signatures They have been tested a few days on our side with less traffic but I think those are worse enough and don't need to be largely tested
author: Marcel Caspar <Clevero@users.noreply.github.com> 2019-10-15 22:44:43 +0200
committer: Felix Bauer <jack@ai4me.de> 2019-10-15 22:44:43 +0200
commit: db5478c085defab0b64ae0828b9c3a82bb658afe (patch)
tree: c9e41ee9f614b13ce94fed999a273228e1ba5838
parent: b3d21e8b689b5fe59335cfff99414d92d45aadb9 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ruleset.conf.sample b/ruleset.conf.sample
index 84d1cae..51057c8 100644
--- a/ruleset.conf.sample
+++ b/ruleset.conf.sample
@@ -141,6 +141,9 @@ signature.40 : Suspicious Javascript actions
 signature.41 : Tries to detect analysis programs from within the browser
 signature.42 : Tries to locate whether any sniffers are installed
 signature.43 : Wscript.exe initiated network communications indicative of a script based payload download
+signature.44 : The process powershell.exe wrote an executable file to disk
+signature.45 : Creates a suspicious Powershell process
+signature.46 : Appends a new file extension or content to .* files indicative of a ransomware file encryption process
 
 #[cuckoo_score]
 # defaults:
author	Marcel Caspar <Clevero@users.noreply.github.com>	2019-10-15 22:44:43 +0200
committer	Felix Bauer <jack@ai4me.de>	2019-10-15 22:44:43 +0200
commit	db5478c085defab0b64ae0828b9c3a82bb658afe (patch)
tree	c9e41ee9f614b13ce94fed999a273228e1ba5838
parent	b3d21e8b689b5fe59335cfff99414d92d45aadb9 (diff)