New Analytic Story
- Insider Threat
- VMware Server Side Injection and Privilege Escalation
- F5 BIG-IP Vulnerability CVE-2022-1388
Updated Analytic Story
- Industroyer2
- Windows Drivers
New Analytics
- VMware Server Side Template Injection Hunt
- VMware Workspace ONE Freemarker Server-side Template Injection
- Windows Driver Load Non-Standard Path
- Windows Service Create Kernel Mode Driver
- Windows System File on Disk
- F5 BIG-IP iControl REST Vulnerability CVE-2022-1388
- Linux Adding Crontab Using List Parameter
- Linux Deleting Critical Directory Using RM Command
- Linux Disable Services
- Linux High Frequency Of File Deletion In Boot Folder
- Linux Shred Overwrite Command
- Linux Stop Services
- Windows Hidden Schedule Task Settings
- Windows Linked Policies In ADSI Discovery
- Windows Processes Killed By Industroyer2 Malware
- Windows Root Domain linked policies Discovery
Updated Analytics
- AWS Create Policy Version to allow all resources
- Schtasks scheduling job on remote system
- Linux Account Manipulation Of SSH Config and Keys
- Cobalt Strike Named Pipes
- Linux deletion Of SSH Hash Conf
BA updates
- Windows Rundll32 Comsvcs Memory Dump (regex update)
Other Updates
- Updated mitre map layer version to 4.3 to match the new navigator.
- Fixed a contentctl bug to generate correct tranforms.conf and collections.conf for kvstore based lookups
- Fixed a bug on the research site to render links correctly.
- Removed all binaries from
bin/directory in the ESCU package