sunburst_countermeasures
sunburst_countermeasures copied to clipboard
mandiant
All snort rules I've taken a look so far use a wrong first match for `content:"T "; offset:2; depth:3; ` that is separately matched to the actual "GET /..." URLs....
regarding "The additional XOR operation forces malware analysts to develop custom tools to brute force the hash preimage." in https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html: the main reason for hashing the strings was probably to...
From Redline Support: The IOCs that you downloaded from FireEye's GitHub site is OpenIOC version 1.1. Redline currently only supports the OpenIOC version 1.0 standard. OpenIOC 3.2.0 supports OpenIOC version...
ClamAV seems to experience issues when reading the ruleset from `APT_Dropper_Raw64_TEARDROP_1.yar` on Ubuntu 18.04.5 LTS. All other Yara rulesets work without issues. ``` $ clamscan -ir -d APT_Dropper_Raw64_TEARDROP_1.yar / LibClamAV...
background: https://twitter.com/a_tweeter_user/status/1339927755299958784
Hi Can we add the links to the Beacon Decoder located here: https://github.com/RedDrip7/SunBurst_DGA_Decode With passive DNS data here: https://github.com/bambenek/research/tree/main/sunburst Br Marc edit: beacon...not bacon...
a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
I am trying to add this detection in Cisco FireAMP. I am getting an error messsage "Content invalid characters in signature". Unsure if this is a syntax issue or a...
