Merge pull request #123 from magicsword-io/biglistodriver

Cleanup on aisle 101
magicsword-io · Jul 31, 2023 · fb31efe · fb31efe
2 parents f5f7bae + 82ad1cd
commit fb31efe
Show file tree

Hide file tree

Showing 10 changed files with 368 additions and 456 deletions.
diff --git a/...13629878-55d1-4d2e-94dc-2f1ee4b75350.yaml → ...13629878-55d1-4d2e-94dc-2f1ee4b75350.yaml b/...13629878-55d1-4d2e-94dc-2f1ee4b75350.yaml → ...13629878-55d1-4d2e-94dc-2f1ee4b75350.yaml
@@ -184,5 +184,5 @@ MitreID: T1068
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
 Tags:
-- myfile.exe
+- mimikatz.sys
 Verified: 'TRUE'
diff --git a/...dcdb48ea-6e14-491d-8785-d15f5d61fb04.yaml → ...dcdb48ea-6e14-491d-8785-d15f5d61fb04.yaml b/...dcdb48ea-6e14-491d-8785-d15f5d61fb04.yaml → ...dcdb48ea-6e14-491d-8785-d15f5d61fb04.yaml
@@ -217,5 +217,5 @@ MitreID: T1068
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
 Tags:
-- d3
+- netfilter.sys
 Verified: 'TRUE'
diff --git a/yaml/04f580fd-a5de-4172-87b2-109ca6081eed.yaml b/yaml/04f580fd-a5de-4172-87b2-109ca6081eed.yaml
diff --git a/yaml/14556074-b235-4378-b356-f58721629d72.yaml b/yaml/14556074-b235-4378-b356-f58721629d72.yaml
@@ -1808,9 +1808,172 @@ KnownVulnerableSamples:
     - SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
       Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
       Version: 1
+- Authentihash:
+    MD5: 93936f2a18b6a8501653ef021972d628
+    SHA1: c08664c9293219c245006ff18ae75de42722ca60
+    SHA256: be25688313f29d7e62c996572825c33f3dcdda373ec235efe552aeb2219990bb
+  Company: ''
+  Copyright: ''
+  CreationTimestamp: '2013-08-17 16:23:52'
+  Date: ''
+  Description: ''
+  ExportedFunctions: ''
+  FileVersion: ''
+  Filename: ''
+  ImportedFunctions:
+  - RtlCompareMemory
+  - IoCreateSymbolicLink
+  - IoCreateDevice
+  - DbgPrint
+  - PsProcessType
+  - PsGetProcessImageFileName
+  - PsReferencePrimaryToken
+  - ZwOpenProcessTokenEx
+  - ZwSetInformationProcess
+  - ZwClose
+  - ZwDuplicateToken
+  - PsInitialSystemProcess
+  - ObOpenObjectByPointer
+  - IofCompleteRequest
+  - PsDereferencePrimaryToken
+  - ExAllocatePoolWithTag
+  - ExFreePoolWithTag
+  - IoEnumerateRegisteredFiltersList
+  - ObfDereferenceObject
+  - MmGetSystemRoutineAddress
+  - CcMdlRead
+  - SeImpersonateClientEx
+  - PsSetCreateThreadNotifyRoutine
+  - PsSetLoadImageNotifyRoutine
+  - CmUnRegisterCallback
+  - KeBugCheckEx
+  - _vsnwprintf
+  - IoDeleteDevice
+  - RtlInitUnicodeString
+  - NtBuildNumber
+  - PsGetProcessId
+  - IoDeleteSymbolicLink
+  - PsGetVersion
+  - ExAllocatePoolWithQuotaTag
+  - ZwQuerySystemInformation
+  - RtlUnwindEx
+  - FltGetFilterInformation
+  - FltEnumerateInstances
+  - FltEnumerateFilters
+  - FltObjectDereference
+  - FltGetVolumeFromInstance
+  Imports:
+  - ntoskrnl.exe
+  - FLTMGR.SYS
+  InternalName: ''
+  MD5: 84763d8ca9fe5c3bff9667b2adf667de
+  MachineType: AMD64
+  MagicHeader: 50 45 0 0
+  OriginalFilename: ''
+  PDBPath: ''
+  Product: ''
+  ProductVersion: ''
+  Publisher: ''
+  RichPEHeaderHash:
+    MD5: 6931e969068f58678830e6bb4ee1ae49
+    SHA1: bd694fda9f3f6b6a24e205b6027faf20b7d02b7a
+    SHA256: 0ba61ea701b8a9e1bae7234e761b74c12b4262a3798d4525ce4b626affb6fc9a
+  SHA1: 8b9dd4c001f17e7835fdaf0d87a2f3e026557e84
+  SHA256: 2c14bea0d85c9cad5c5f5c8d0e5442f6deb9e93fe3ad8ea5e8e147821c6f9304
+  Sections:
+    .data:
+      Entropy: 1.4269125817182893
+      Virtual Size: '0x2b8'
+    .pdata:
+      Entropy: 3.9170697014365152
+      Virtual Size: '0x1f8'
+    .rdata:
+      Entropy: 4.063554093583363
+      Virtual Size: '0x940'
+    .reloc:
+      Entropy: 2.8064493688417227
+      Virtual Size: '0xa4'
+    .text:
+      Entropy: 6.097853212616491
+      Virtual Size: '0x37f6'
+    INIT:
+      Entropy: 5.100311543493838
+      Virtual Size: '0x5cc'
+    PAGE:
+      Entropy: 6.079756252073022
+      Virtual Size: '0x28b'
+  Signature: ''
+  Signatures:
+  - Certificates:
+    - IsCertificateAuthority: true
+      SerialNumber: 0400000000012019c19066
+      Signature: 5df6cb2b0d0140849f857a43706ae0c5e7aa0600d76713c9089131654f14a8a905dc389e6aa0300abd8dc78028ee4245ca94f3de5845a9803204f5595c6a70003927944df5b44634e81c5331b2b35416e9cc42abd5d959301cfb462725b88723b1e8758824831ec876377b01494548a4ede25dd27c9ca2dc2dba105a126265abae00c710343bcb72bd14240cdcc37627b4a7fee15829f20e169f91391d89a6e60f1c878ce258ac927e243eaaec14e73a33348bc63bac83ab0f14627aba1a2d4d4b1bc530f00b92797d3c78e0f8e6d215965999392b3061e8b8f8c0a1e9221411787dc4dc89bec0bb94e172aeebb540404fef171e585ed0a88996ac9228e9babf
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      Subject: OU=Timestamping CA, O=GlobalSign, CN=GlobalSign Timestamping CA
+      TBS:
+        MD5: 42023b9487cafe46c1b6a49c369a362e
+        SHA1: 7c7b524d269334b9f073c32e888e09544c6acd98
+        SHA256: b7126567833f3daa4085ff41e73112daad3d1e3808a942c1936520e2d6c46c78
+      ValidFrom: '2009-03-18 11:00:00'
+      ValidTo: '2028-01-28 12:00:00'
+      Version: 3
+    - IsCertificateAuthority: true
+      SerialNumber: 0400000000012f4ee1355c
+      Signature: 225cc5dd3df40b70d8e3f5e7c58e0901bbb196365c5a07adc7a8444951257aae0da4193b929ccfb94226bb3b6c97e7c7ce116d6891da8d6df1534d54388c61f3c8827669be81320b31c36cc99e200a582ff048fe7e4807aad743589473540431a9780d3b8cb070c13d7ed7bd2f2ac3e2f58f0c90dc6ba5c8be685e5d6df878d2be49951e15780891fb34c8be84adbce0c6dd18dbf3caf07bc2143c18b803ba953e211e3f60697a7f6a039e8d4af9f0282c30845eec267242b16dcb64c3128cd6844b67417cb103177809e3ada8b6962da47e80034f88f7c16b5a4615cd2c198bd8709ce52d49886072a8a4195270435edad64603b0680e24ef4af60b2524ef24
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      Subject: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+      TBS:
+        MD5: f6a9e8eb8784f3f694b4e353c08a0ff5
+        SHA1: 589a7d4df869395601ba7538a65afae8c4616385
+        SHA256: cbdc9a0ad785d0c2013211746b42234e18bdc7d54a7a260647badc1c9e712ed4
+      ValidFrom: '2011-04-13 10:00:00'
+      ValidTo: '2019-04-13 10:00:00'
+      Version: 3
+    - IsCertificateAuthority: false
+      SerialNumber: 01000000000125b0b4cc01
+      Signature: bc89ecfee63655935c79d4117a86808f17b693b26d9b91a1561811c655eaf608edad9b9ef52b81c8bbdd607b1b47991e6d403e1d80c213d58e04052fdbe7ae529e688472a1e54a603cf89bd52f46d8c3b2b79353ac9b6c432424d1f1fce9562e3411581843eaefff34746ca0c06c7fad031969881e9560cabbbd0cbb76efc724b081c63831cf36ad0c38b89020849b2e8f28b99ff6ca9427cdac396157e0e3955a9c769230f5dea6973d721c2a6032a8334d8635338a5cf3a4fdf7062ce16b4b30f5cbd34362f841b9de7d20cb058c8e2cf65f35fd338d42896508362ca389f45a858bb0b97bdb6ccba1f8d20e1bbb977cd12779be9d7c3be6a75634d8c991a9
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      Subject: C=BE, O=GlobalSign NV, CN=GlobalSign Time Stamping Authority
+      TBS:
+        MD5: e3369c8e5aec0504b3a50455f615d9f9
+        SHA1: 13c244a894b40ecd18aaf97c362f20385bd005a7
+        SHA256: 26da721a670c72836926032fee6920118bfb9bff89cc8d0ce30d9452c33f2532
+      ValidFrom: '2009-12-21 09:32:56'
+      ValidTo: '2020-12-22 09:32:56'
+      Version: 3
+    - IsCertificateAuthority: false
+      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+      Signature: 7fb3e0f79a942f494fd6e5cd42f04eea33420dc8c6285b79807d4e8cd45ec65fa9a5abcf516482827302f51cc924e484461c67d6b3338ebbaf39129dda0b6d617a25bad53f7ed4af3c934bed8d683091e72b93668d6623670d9cc6d8f4999e896ec6c707d5acaddcae899be3ae42945efbd9e60a36bfb49e6fef09179f02c5c49059c159c2ccaf2e9e171dcd0476dfbffbb7f3a4d59a36ef9e7931aaab9c9821527e6081c2a57ce78863caaf81cb50537956191320b48053552b3ee2bc64878ae903105a8a4d4a85bf235040d02215601143aa9a304eeb5058354f9195069ceb08cdf1f07ec0575b64b0d1840947df070c3c65571226da895da14ac6ae5bd3b8
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      Subject: C=FR, CN=Benjamin Delpy
+      TBS:
+        MD5: ee0a53dda8301d1e78bd5487f1d49bf4
+        SHA1: 5538f8cd492c2ec8d581f3665d2b4217c86fa19a
+        SHA256: a39725e610e1a556e7bdfad56f59d24a5278073378a5d9880e14395bbd808deb
+      ValidFrom: '2011-06-28 09:46:16'
+      ValidTo: '2014-06-28 09:46:16'
+      Version: 3
+    - IsCertificateAuthority: true
+      SerialNumber: 610b7f6b000000000019
+      Signature: 13c56c5e077f3c57ff9b315f3fbd955425c679f92c31034d64694b56d95b976f7cf3f0d024657538639813701613f7a701f1c623e085866c0bf080945a75e87ce41e92b473bfc1b3a7b00bd31884cbcc09a35c9c4f3eb03a9c2d1bc404ef9737966fe5ecbaac6ab3d4e23cdf8b25e7acbc624531dda40a72e41bf8784301ccba3914de5d90aed85acf5eca46815133d5a60e5867d3d8665888169beeb11acaad91138421da9a6e20efda007428bac95ff34d5dc3da25692554ea44bcc39b29331cd63c961f8781c553d72a2733d42e197c08586ddb4e1999a9ea5ff39a9d8c513a5a5cbd2fa908359b54a7db351a521633343aa380046afdb4838cad90cf0c3a6596ec334e1826b849bbeb8192ff134d324b23c733e7b6716b15f69c80e6bcb76cbe41d5033a7133150050743b0e5df996aaed903eab134c809926bc38a5eb0236891db620be83ab10f8199ed76379d4aeb12f6136f94a4ba833c70e7241f9f1b1907eae46efde397b75a0411459041d42bc4788b8130e05fa1df0808dff70c677d84bdc460e231a72d5bfdefeaaae69583cfc5c46e4d5819a8b6e6559771a32a590a6b6649364fd0753c9a0de28ad2a6cc638d181ce98f54019e92c1743a4265fd3443053e41d02baa40a2f16dd7a60275242bbad98372897e4b8d27911e3108c48d5305d0a0c52def588ea8d1a2d67c9f4801484b7850cd16628a5c66f2461
+      SignatureAlgorithmOID: 1.2.840.113549.1.1.5
+      Subject: C=BE, O=GlobalSign nv,sa, OU=Root CA, CN=GlobalSign Root CA
+      TBS:
+        MD5: 4798d55be7663a75649cda4dedc686ef
+        SHA1: 0f1ab2937b245d9466ea6f9bf056a5942e3989cf
+        SHA256: ef14ea05bb066ee9f4188196dd69cd769b283ac4d7555db52f5e76922d3456e1
+      ValidFrom: '2006-05-23 17:00:51'
+      ValidTo: '2016-05-23 17:10:51'
+      Version: 3
+    CertificatesInfo: ''
+    Signer:
+    - Issuer: C=BE, O=GlobalSign nv,sa, CN=GlobalSign CodeSigning CA , G2
+      SerialNumber: 112169417a1c3ef46a301f99385f50680fa0
+      Version: 1
+    SignerInfo: '' 
 MitreID: T1068
 Resources:
 - https://gist.github.com/mgraeber-rc/1bde6a2a83237f17b463d051d32e802c
 Tags:
 - mimikatz.sys
-Verified: 'TRUE'
+Verified: 'TRUE'