Thanks to visit codestin.com
Credit goes to github.com

Skip to content

v3.34.0
Compare
Choose a tag to compare
@github-actions github-actions released this 26 Jan 22:56
· 13735 commits to develop since this release
v3.34.0
3058c7f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

New Analytic Story

  • WhisperGate

New Analytics

  • Excessive File Deletion In WinDefender Folder
  • Suspicious Process With Discord DNS Query
  • Ping Sleep Batch Command
  • Powershell Remove Windows Defender Directory
  • Windows InstallUtil in Non Standard Path
  • Windows DotNet Binary in Non Standard Path
  • Windows NirSoft AdvancedRun
  • Windows NirSoft Utilities

Updated Analytics

  • Executables Or Script Creation In Suspicious Path
  • Process Deleting Its Process File Path
  • Suspicious Process File Path
  • Windows Defender Exclusion Registry Entry
  • CMD Carry Out String Command Parameter
  • Impacket Lateral Movement Commandline Parameters
  • Malicious PowerShell Process - Encoded Command
  • Suspicious Process DNS Query Known Abuse Web Services

BA Updates

  • Added 4688 datasets for BA detections:
    WBAdmin Delete System Backups
    BCDEdit Failure Recovery Modification
    DNS Exfiltration Using Nslookup App
    Fsutil Zeroing File

Other updates

  • Updated lookups/ransomware_extensions.csv and lookups/ransomware_notes.csv lookups (Thanks to @VatsalJagani)
  • Playbook versions updated to keep them in sync in https://github.com/phantomcyber/playbooks
  • Adding risk_severity to BA detections.
  • Fixed minor bugs in generate.py for the BA package.

Contributors

VatsalJagani
Assets 6
Loading