AnsweredAssumed Answered

How can I put the Malware information to my RSA Netwitness

Question asked by Jarernpong Rattanawin on Jun 12, 2020
Latest reply on Jun 12, 2020 by Erica Chalfin

First of all I have an RSA netwitness product and I've no malware analysis. So now I've got a news about SNAKE Ransomeware And I need to protect it.

News : Honda investigates possible ransomware attack, networks impacted - Bangkok, Thailand | i-secure Co, Ltd. 

 

Now I've the IOC is 

File name: nmon.exe

Hash

MD5: ed3c05bde9f0ea0f1321355b03ac42d0

SHA-1: e2e14949d0cbc14cd3893da035cc13b509e70a18

SHA-256: d4da69e424241c291c173c8b3756639c654432706e7def5025a649730868c4a1

File type: Win32 EXE

Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit

File size: 3.78 MB (3965952 bytes)

Ref: VirusTotal 

 

File name: nmon.exe
MD5: 7ddb09db3fb9b01fa931c2a1a41e13e1

SHA-1: 8941f55d8f9842cb4cbd5215adf3345afd16e6cb

SHA-256: edef8b955468236c6323e9019abb10c324c27b4f5667bc3f85f3a097b2e5159a

File type: Win32 EXE

Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit

File size: 3.78 MB (3965440 bytes)

Ref : VirusTotal 

 

How can I put this information (Hash, Filetype, Name) into my RSA Netwitness for protect this ransomware

I try to figure this out but not work. I've no idea about this. I'm not sure I can put it in the decoder or the Rules

 

Please guide me how to do this I'll help me a lot in the future Thank you.

Outcomes