Skip to content

Releases: Neo23x0/Fenrir

Fenrir 0.9.0 - Log4Shell Release

13 Dec 12:22
be14bef
Compare
Choose a tag to compare

A special Fenrir release that includes indicators

  • of a compromise (see IOC files)
  • of vulnerable log4j versions (hash list by @mubix)

Screenshot 2021-12-13 at 13 04 01

Screenshot 2021-12-13 at 13 05 11

Screenshot 2021-12-13 at 13 14 33

Screenshot 2021-12-13 at 12 08 04

Screenshot 2021-12-13 at 13 06 31

FENRIR 0.8.0 - Sandworm Centreon Edition

16 Feb 13:08
Compare
Choose a tag to compare

This Fenrir Release of version 0.8.0 contains indicators of compromise and strings found in malware mentioned in CERTFR report on Sandworm activity

Screenshot 2021-02-16 at 13 56 51
Screenshot 2021-02-16 at 13 57 01
Screenshot 2021-02-16 at 13 57 07

Screenshot 2021-02-16 at 13 56 38

Screenshot 2021-02-16 at 14 04 33
Screenshot 2021-02-16 at 14 05 12

FENRIR 0.7.2 - Sandworm Exim Attacks Release

28 May 18:16
Compare
Choose a tag to compare

Detects exim exploit attempts, malicious scripts and forensic artefacts on host compromised by Sandworm group

Rules and IOCs are based on samples derived from this report: NSA Cyber Report

Screenshot 2020-05-28 at 20 08 48

FENRIR 0.7 - Academic Attack Release

16 May 11:13
Compare
Choose a tag to compare

FENRIR 0.5 - Energetic Bear Release

23 Apr 11:11
Compare
Choose a tag to compare
  • Prepared to detect the IOC reported by Kaspersky in recent Energetic Bear report

https://securelist.com/energetic-bear-crouching-yeti/85345/

screen shot 2018-04-23 at 13 07 33

I used pretty specific strings extracted from the WSO shells for the string match detection:

screen shot 2018-04-23 at 13 02 16
screen shot 2018-04-23 at 13 02 31

FENRIR 0.5

02 Nov 13:04
Compare
Choose a tag to compare
  • passed intense beta testing
  • detection modules: hashes, file names, strings, c2, hot time frame file creation
  • "find" directory walk
  • logging: syslog, file, command line