Skip to content

v3.23.0
Compare
Choose a tag to compare
@josehelps josehelps released this 10 Jun 18:47
v3.23.0
5216a10
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Story

  • Meterpreter
  • Revil Ransomware

New Detections

  • Excessive number of taskhost processes
  • Revil Registry Entry
  • Revil Common Exec Parameter
  • Modification Of Wallpaper
  • Wbemprox COM Object Execution
  • Known Services Killed by Ransomware
  • Delete ShadowCopy With PowerShell
  • Conti Common Exec parameter
  • Revil Ransomware
  • Excessive Usage of NSLOOKUP App
  • CMD Echo Pipe - Escalation
  • Detect AzureHound File Modifications
  • Detect SharpHound Command-Line Arguments
  • Detect SharpHound File Modifications
  • Detect SharpHound Usage
  • Detect Renamed Psexec
  • Detect Renamed 7-Zip
  • Detect Renamed WinRAR
  • Detect AzureHound Command-Line Arguments

Updated Analytic Stories

  • Ransomware
  • Windows Discovery Techniques

Updated Lookups

(Thank you Vatsal Jagani)

  • ransomware_extensions_lookup
  • ransomware_notes_lookup
Assets 3
Loading