FireEye Red Team Tool Countermeasures (rules for a Snort)
-
FireEye Red Team Tool Countermeasures
These rules are provided freely to the community without warranty.
In this GitHub repository you will find rules in multiple languages:
Snort
Yara
ClamAV
HXIOC
The rules are categorized and labeled into two release states:Production: rules that are expected to perform with minimal tuning.
Supplemental: rules that are known to require further environment-specific tuning and tweaking to perform, and are often used for hunting workflows.
Please check back to this GitHub for updates to these rules.FireEye customers can refer to the FireEye Community (community.fireeye.com) for information on how FireEye products detect these threats.
The entire risk as to quality and performance of these rules is with the users.
https://github.com/fireeye/red_team_tool_countermeasurs
——
P.S. If You do not know about FireEye / Solar Wind / Microsoft / US Nuclear Agency BIG HACK from Russian side, read:«The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.»
FireEye
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.htmlArsTechnica
https://arstechnica.com/information-technology/2020/12/solarwinds-hackers-have-a-clever-way-to-bypass-multi-factor-authentication/ZdNet
https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/CISA
https://www.bleepingcomputer.com/news/security/cisa-hackers-breached-us-govt-using-more-than-solarwinds-backdoor/Reuters
https://www.reuters.com/article/global-cyber-microsoft-int/exclusive-microsoft-breached-in-suspected-russian-hack-using-solarwinds-sources-familiar-idUSKBN28R3BWPolitico
https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855