Skip to content

v3.16.0
Compare
Choose a tag to compare
@josehelps josehelps released this 04 Mar 20:11
· 0 commits to d40aa601ee69d206c1cc9e128303377bdc0dc1c9 since this release
v3.16.0
8a9cb79
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Analytic Stories

  • Silver Sparrow
  • HAFNIUM Group

New Detections

  • Cobalt Strike Named Pipes
  • Suspicious DLLHost no Command Line Arguments
  • Suspicious GPUpdate no Command Line Arguments
  • Suspicious SearchProtocolHost no Command Line Arguments
  • Suspicious PlistBuddy Usage
  • Suspicious SQLite3 LSAQuarantine Behavior
  • Suspicious Curl Network Connection
  • Ryuk Wake on LAN Command
  • Suspicious Scheduled Task from Public Directory
  • Fodhelper UAC Bypass
  • Eventvwr UAC Bypass
  • Any PowerShell DownloadString
  • Any PowerShell DownloadFile
  • Unified Messaging Service Spawning a Process
  • Suspicious Unified Messaging Service File Writes
  • Nishang PowershellTCPOneLine
  • W3WP Spawning Shells

Updated Analytic Stories

  • Cobalt Strike
  • Suspicious MSHTA Activity

Updated Detections

  • NTdsutil Export NTDS
  • Suspicious MSBuild Path
  • Suspicious MSBuild Rename
  • Suspicious Microsoft Workflow Compiler Rename
  • Detect Regsvr32 Application Control Bypass
  • Windows DisableAntiSpyware Registry
Assets 3
Loading