I hereby claim:
- I am bartblaze on github.
- I am bartblaze (https://keybase.io/bartblaze) on keybase.
- I have a public key whose fingerprint is 7EAD A284 6FB8 F8CC 6218 A102 5368 25C0 B1B3 27DE
To claim this, I am signing this object:
Bart P bartblaze
bartblaze
/ Monero_Compromise.yar
Last active
January 8, 2020 21:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Monero_Compromise | |
| { | |
| meta: | |
| description = "Identifies compromised Monero binaries." | |
| author = "@bartblaze" | |
| date = "2019-11" | |
| tlp = "White" | |
| reference = "https://bartblaze.blogspot.com/2019/11/monero-project-compromised.html" | |
| strings: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule Generic_Phishing_PDF | |
| { | |
| meta: | |
| description = "Identifies generic phishing PDFs." | |
| author = "@bartblaze" | |
| date = "2019-03" | |
| tlp = "White" | |
| reference = "https://bartblaze.blogspot.com/2019/03/analysing-massive-office-365-phishing.html" | |
| strings: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "None " 00000000---- 1f79cdf72aefac53c5425aa0f6b80cf25b0a974136d7faaf7f293a16675ad666 | |
| "None " 00000000---- 57b4b1dcc4985c91e8177256278bee6949e21d38938d2970e8612689fe02c343 | |
| "None " 00000000---- 85bc1c0ec15b7fa1d796fd2a7e62302c8b93a3f2fd6ff1696bb5fd065e1ba64d | |
| "None " 00000000---- 9359d6cc647dd89fe76171759d2a69fb68d6402b2148c248c18aa470fad94e32 | |
| "None " 00000000---- 9a27da58bc51eba08b8a41c44f0710afbe316ef1bcb7752f7cfa7830a66ff512 | |
| "None " 00000000---- a13858f23b629315a90c21a95a22986fdf7c0a2103a5aa63521e4de7b9690e50 | |
| "None " 00000000---- bbbd0e39e6cefdfe3838ce5b130e97cd1caf980bff8648de366c2e32a62cc289 | |
| "None " 007ec7af-1e93-4e4a-8cb0-1b933fb3a83b 1e44b486943e955feda91620837165f0f4ca1513e01cdce0ff3484ba76ca783b | |
| ce9cdbc4-ca4c-4746-835f-47ba9cb2e902 008919f8-0ec3-4c2e-a7a8-e73f82c7638e b43ab11020b98ea40b90b0df25d80ae035569632116ef2098aebdb6b2fe6eb25 | |
| "None " 009b7e63-6cd9-469d-937f-6eb045d983e8 fbb7696496c4795431942bb94db81d85f721a2e972469810ccf25df49d566965 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00000000-0000-0000-0000-000000000000 cdbc7917-b4ea-4d92-a0d8-26692ef9c92c 0328b36f82a3b82c7d8b0c8a0d7c3dce8d9154c236cab5c221d2858194b10bec | |
| 00000000-0000-0000-0000-000000000000 ebc0ae68-6d2d-4b68-be46-4fb3117e32de 03da6d7946eeebb627b716c10db4ea936d041cce1158c5fa423803e6910fcb82 | |
| 00000000-0000-0000-0000-000000000000 63081f17-fe10-4604-a90f-a0fcde503a2a 0d2456a9c7f8a38be9e13ea63d033545dfc393809125fc1a145606b9b6328943 | |
| 00000000-0000-0000-0000-000000000000 71600230-7dc7-4471-96e1-39ec18bafc6d 609b63e9c8a1bac54e630a14da5740d1c8648d0acfab386d67789db94944e703 | |
| 00000000-0000-0000-0000-000000000000 efe485f4-071a-429e-9d3f-22a834f46793 672e8c06b4aaa4c4fbeb0611cd679d8941d740d3a829379c49d8e9880e01b75f | |
| 00000000-0000-0000-0000-000000000000 a3697b43-a7d7-4b5b-9d6d-12967b1379fd 7a8fb2ee10c917a52d9f8f2b75522dd232ebc925439ab284869b4e5ba5f11015 | |
| 00000000-0000-0000-0000-000000000000 81f407bf-8903-4fdb-ae1b-17ccad33ef3e 7c511918158bb920ecd685463bb5d87c1324e633b071ad7d507009a5a8a15f0d | |
| 00000000-0000-0000-0000-000000000000 55d5ee9f-33fc- |