v3.23.0
New Analytic Story
- Meterpreter
- Revil Ransomware
New Detections
- Excessive number of taskhost processes
- Revil Registry Entry
- Revil Common Exec Parameter
- Modification Of Wallpaper
- Wbemprox COM Object Execution
- Known Services Killed by Ransomware
- Delete ShadowCopy With PowerShell
- Conti Common Exec parameter
- Revil Ransomware
- Excessive Usage of NSLOOKUP App
- CMD Echo Pipe - Escalation
- Detect AzureHound File Modifications
- Detect SharpHound Command-Line Arguments
- Detect SharpHound File Modifications
- Detect SharpHound Usage
- Detect Renamed Psexec
- Detect Renamed 7-Zip
- Detect Renamed WinRAR
- Detect AzureHound Command-Line Arguments
Updated Analytic Stories
- Ransomware
- Windows Discovery Techniques
Updated Lookups
(Thank you Vatsal Jagani)
- ransomware_extensions_lookup
- ransomware_notes_lookup