diff options
author | Marcel Caspar <Clevero@users.noreply.github.com> | 2019-10-15 22:44:43 +0200 |
---|---|---|
committer | Felix Bauer <jack@ai4me.de> | 2019-10-15 22:44:43 +0200 |
commit | db5478c085defab0b64ae0828b9c3a82bb658afe (patch) | |
tree | c9e41ee9f614b13ce94fed999a273228e1ba5838 | |
parent | b3d21e8b689b5fe59335cfff99414d92d45aadb9 (diff) |
add some more default bad signatures to ruleset.conf.sample (#103)
* add more default bad signatures
They have been tested a few days on our side with less traffic but I think those are worse enough and don't need to be largely tested
-rw-r--r-- | ruleset.conf.sample | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ruleset.conf.sample b/ruleset.conf.sample index 84d1cae..51057c8 100644 --- a/ruleset.conf.sample +++ b/ruleset.conf.sample @@ -141,6 +141,9 @@ signature.40 : Suspicious Javascript actions signature.41 : Tries to detect analysis programs from within the browser signature.42 : Tries to locate whether any sniffers are installed signature.43 : Wscript.exe initiated network communications indicative of a script based payload download +signature.44 : The process powershell.exe wrote an executable file to disk +signature.45 : Creates a suspicious Powershell process +signature.46 : Appends a new file extension or content to .* files indicative of a ransomware file encryption process #[cuckoo_score] # defaults: |