Known Threats Pack

Document created by RSA Information Design and Development Employee on Oct 18, 2019Last modified by RSA Information Design and Development Employee on Feb 14, 2020
Version 6Show Document
  • View in full screen mode

Many cyber threats have already been identified, and RSA NetWitness has been actively delivering content related to these identified threats. The content required to hunt these threats are in the form of different resource types such as feeds, parsers, application rules and so on.

The RSA NetWitness Known Threats Pack enables analysts to deploy all the content required to identify and hunt known threats efficiently. The Known Threats pack contains a set of content specific to known identified threats such as malware, crimeware, RAT campaigns, and so on. When the pack is deployed, all the content with dependencies is automatically deployed. Analysts can then efficiently hunt previously known threats and keep track of known malicious IPs, domains and potentially compromised systems on the network.

The Known Threats pack contains the following content:

  • Report: Malware Activity Report
  • Feeds:

    • Malware Domain List
    • Malware IP List
    • RSA FirstWatch APT Threat Domains
    • RSA FirstWatch APT Threat IPs
    • RSA FirstWatch Command and Control Domains
    • RSA FirstWatch Command and Control IPs
    • RSA FirstWatch Criminal VPN Entry IPs
    • RSA FirstWatch Criminal VPN Exit IPs
    • RSA FirstWatch Criminal SOCKS node IPs
    • RSA FirstWatch SSL Blacklist
    • RSA FraudAction Domains
    • RSA FraudAction IPs
    • Third Party IOC Domains
    • Third Party IOC IPs
  • Application Rules:

    • Bozok RAT Acquisition
    • Cerber Ransomare
    • Cmstar Malware
    • CryptoLocker Beaconing
    • CryptoShield Ransomware
    • Cybergate RAT Download
    • Daserf Malware
    • Dreambot Malware
    • Dyzap Malware
    • HttpBrowser Malware
    • KeyBase Keylogger
    • Locky Malware
    • Mirage Malware
    • NetTraveler Malware
    • php botnet beaconing w
    • RIG Exploit Kit
    • SchoolBell Malware
    • Taidoor Malware
    • tdss rootkit variant beaconing
    • Tendrit Malware
    • Trojan BLT
    • tsone dorkbot beaconing
  • ESA Rules:

    • Cerber Ransomware
    • CyberGate RAT Download
    • jRAT Download
    • RIG Exploit Kit
  • Lua Parsers:

    • apt_artifacts
    • china_chopper
    • CustomTCP
    • Derusbi_Server_Handshake
    • duqu_lua
    • ghost
    • GlassRAT Trojan
    • htran_lua
    • JSON-RPC
    • Mitozhan
    • MSU_rat
    • Packers
    • plugx
    • Poison_Ivy
    • pvid
    • shadyrat_lua
    • struts_exploit
    • supercmd

Previous Topic:Bundles
You are here
Table of Contents > RSA NetWitness Platform Content > Bundles > Known Threats Pack