Releases: Neo23x0/Fenrir
Releases · Neo23x0/Fenrir
Fenrir 0.9.0 - Log4Shell Release
FENRIR 0.8.0 - Sandworm Centreon Edition
This Fenrir Release of version 0.8.0 contains indicators of compromise and strings found in malware mentioned in CERTFR report on Sandworm activity
FENRIR 0.7.2 - Sandworm Exim Attacks Release
Detects exim exploit attempts, malicious scripts and forensic artefacts on host compromised by Sandworm group
Rules and IOCs are based on samples derived from this report: NSA Cyber Report
FENRIR 0.7 - Academic Attack Release
- detects IOCs used in attacks on academic data centers
https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/
FENRIR 0.5 - Energetic Bear Release
- Prepared to detect the IOC reported by Kaspersky in recent Energetic Bear report
https://securelist.com/energetic-bear-crouching-yeti/85345/
I used pretty specific strings extracted from the WSO shells for the string match detection:
FENRIR 0.5
- passed intense beta testing
- detection modules: hashes, file names, strings, c2, hot time frame file creation
- "find" directory walk
- logging: syslog, file, command line