Blog

Filter: antivirus - Clear Filter

How to scan ESXi systems using THOR

How to scan ESXi systems using THOR

More and more often, adversaries target and exploit Internet-facing appliances or devices with exotic or restricted operating systems. Users ask if there is a way to run a compromise assessment scan on these systems with the YARA rules used in THOR. Following up on...

read more

Antivirus Event Analysis Cheat Sheet v1.12.0

We've updated our Antivirus Event Analysis Cheat Sheet to version 1.12.0. It includes updates in several sections New signatures for PUA like FRP and Adfind Signature strings have been sorted alphabetically (not shown in the screenshot below) You can download the new...

read more

Antivirus Event Analysis Cheat Sheet v1.10.0

We've updated our Antivirus Event Analysis Cheat Sheet to version 1.10.0. It includes updates in several sections add special identifiers for Sliver and Brute Ratel C4 framework implants many new tags for Virustotal assessments You can download the new version here....

read more

Antivirus Event Analysis Cheat Sheet v1.9.0

We've updated our Antivirus Event Analysis Cheat Sheet to version 1.9.0.  It includes updates in almost all sections add special indicators for all kinds of Microsoft Exchange exploitation activity (ProxyLogon, ProxyShell etc.) moves Ransomware indicators to highly...

read more

Antivirus Event Analysis Cheat Sheet v1.8.2

The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events in which a cleanup process has failed or something went wrong.  This...

read more

Analyze VMware ESX Systems with THOR Thunderstorm

Since the release of THOR Thunderstorm in the summer of 2020, our customers used it to analyse a variety of systems that are usually considered as "out of scope". In some cases the EULA prevents the installation of Antivirus scanners or EDR agents. In other cases the...

read more

Antivirus Event Analysis Cheat Sheet v1.7

We've just released an updated version of our Antivirus Event Analysis cheat sheet. You can download version 1.7 here.The major changes are:Updated AV signature listsSplit AV signature cells into two columns to save spaceFixed and added some directory namesExtended...

read more

Antivirus Event Analysis Cheat Sheet v1.4

Download the newest version of our Antivirus Event Analysis Cheat Sheet here. --- Update 09.09.18 10:30am CET Thanks to Markus Neis, I've updated version 1.4 and created a version 1.5 just a few hours after my tweet. You can download version 1.5 here.

read more

New Antivirus Event Analysis Cheat Sheet Version 1.2

Today we release a new version of our "Antivirus Event Analysis" Cheat Sheet that helps you with the analysis of Antivirus events by providing a clear decision matrix. We've updated many of the sections, added new VirusTotal online analysis checks and brought it in a...

read more

How to Fall Victim to Advanced Persistent Threats

During the last four years, I was engaged on incident response teams for several large advanced persistent threat (APT) cases involving different German corporations. In this time, we have developed methods and tools to detect compromised systems, while also planning...

read more
GDPR Cookie Consent with Real Cookie Banner