Blog

Filter: Month: November 2018 - Clear Filter

STIXv2 Support in SPARK

by Florian Roth | Nov 12, 2018

SPARK Version 1.17.0 adds extensive STIXv2 support.This allows you to easily extend SPARK's signature bases with IOCs from any sandbox, analysis or threat intel platforms that support STIXv2 export by placing the exported [cci]*.json[/cci] files in the...

Short Tutorial: How to Create a YARA Rule for a Compromised Certificate

by Florian Roth | Nov 1, 2018

Working in incident response or malware analysis, you may have come across compromised and sometimes revoked certificates used to sign malware of different types. Often threat groups use stolen certificates to sign their malware. I'd like to show you an easy way to...

GDPR Cookie Consent with Real Cookie Banner