Content Update

Blog Post created by Michael Sconzo

on Dec 14, 2016

Like • Show 2 Likes2
Comment • 2

Here's the latest in Content Updates. They enable expanded malware detection as well as add additional features for DNS traffic analysis and analysis around domains.

Application Rule Updates

Dyzap - Related Blog post
Update of Cerber Ransomware rule

ESA Rule Updates

Update of Cerber Ransomware rule

Feed Updates

Cerber Ransomware
Popcorn Time Ransomware

Parser Updates

DNS_lua
- File detection in DNS traffic
- Base64 and Base36 TXT record detection
TLD_lua options file
- Ability to set local domains and TLDs for identification to whitelist the domains/TLDs from the logic that looks for suspicious domain structure.

Outcomes

2 Comments

Eric Partington Dec 15, 2016 9:46 AM
- Cerber Ransomware
- Popcorn Time Ransomware
which feeds have these been populated into ?
Like • Show 0 Likes0
Actions
- Michael Sconzo @ Eric Partington on Dec 15, 2016 11:53 AM
  Good question, C2-Domains and C2-IPs.
  Like • Show 0 Likes0
  Actions