Skip to content

v3.57.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Jan 23:24
· 6114 commits to develop since this release
v3.57.0
b3ebd4b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Story

  • Chaos Ransomware
  • LockBit Ransomware

New Analytics

  • Detect suspicious DNS TXT records using pretrained model in DSDL
  • Windows Boot or Logon Autostart Execution In Startup Folder
  • Windows Modify Registry Default Icon Setting
  • Windows Phishing PDF File Executes URL Link
  • Windows Replication Through Removable Media
  • Windows User Execution Malicious URL Shortcut File
  • Windows Vulnerable Driver Loaded
  • Linux Ngrok Reverse Proxy Usage
  • Windows Server Software Component GACUtil Install to GAC
  • Windows PowerShell Add Module to Global Assembly Cache
  • Windows Credential Dumping LSASS Memory Createdump

Updated Analytics

  • Known Services Killed by Ransomware
  • Windows DLL Search Order Hijacking Hunt
  • Windows DLL Search Order Hijacking Hunt Sysmon
  • ProxyShell ProxyNotShell Behavior Detected (correlation)

Other Updates

  • Added 3 new playbook files: Dynamic Identifier Reputation Analysis, PhishTank URL Reputation Analysis, VirusTotal v3 Identifier Reputation Analysis from phantomcyber/playbooks to security_content
  • Added onenote.exe to several detection analytics related to Office Products
Assets 7
Loading