New Analysis Cockpit 3.5

New Baselining Views Over the course of the last 18 months we reviewed most of our detections regarding their success in real world scenarios. In this context “success” means, that the detection uncovered malicious activity in the wild and at the same time...

Antivirus Event Analysis Cheat Sheet v1.9.0

We’ve updated our Antivirus Event Analysis Cheat Sheet to version 1.9.0.  It includes updates in almost all sections add special indicators for all kinds of Microsoft Exchange exploitation activity (ProxyLogon, ProxyShell etc.) moves Ransomware indicators to...

Reasons Why to Use THOR instead of THOR Lite

We have received reports from customers that were approached by service providers that offered compromise assessments with our scanner THOR. Subsequently, it appeared, however, that these providers used THOR Lite in their engagements and, when asked about this, argued...

Scan for HAFNIUM Exploitation Evidence with THOR Lite

Since we’ve heard from partners and friends about many non-profit organisations affected by the Exchange server vulnerability, we’ve decided to transfer many detection rules from our commercial scanner into the free community version. If you haven’t...

STIXv2 Support in SPARK

SPARK Version 1.17.0 adds extensive STIXv2 support.This allows you to easily extend SPARK’s signature bases with IOCs from any sandbox, analysis or threat intel platforms that support STIXv2 export by placing the exported *.json files in the ./custom-signatures...
VALHALLA YARA Rule Feed

VALHALLA YARA Rule Feed

YARA Rule Feed Features Web Frontend API Client Whitepaper VALHALLA boosts your detection capabilities with the power of thousands of hand-crafted high-quality YARA rules. Our team curates more than 15,000 quality tested YARA rules in 8 different categories: APT, Hack...
WordPress Cookie Plugin by Real Cookie Banner