MITRE ATT&CK Analyzer version 3.1.0 is out now.
Updated highlights include:
✅ Each detection now links to a MITRE ATT&CK Technique instead of Tactic only.
#Yara:
✅ Added coverage for various malware families mentioned in our latest reports.
✅ Enhanced detection of anomalies for various techniques such as masquerading, defense evasion, credentials access, suspicious PowerShell scripts, and more.
#Dynamo:
✅ Enhanced detection of HTML Smuggling technique for more Chromium-based browsers.
✅ Enhanced detection of suspicious Firewall rules, Scheduled tasks, and Services.
#incidentresponse #investigation #dfir
MITRE ATT&CK Analyzer version 2.5.0 from @binalyze is out now.
Update highlights:
✅Yara: Added detection for various malware families observed in recent reports.
✅Enhanced detection of various techniques used for obfuscation, masquerading, initial access, fileless malware execution and more.
✅Updated our ruleset that indicates vulnerable and malicious drivers which now covers over 1300 unique IOCs.
Dynamo:
✅Enhanced detection of HTML smuggling indicators.
✅Enhanced detection of various persistence techniques.
Binalyze MITRE ATT&CK Analyzer version 2.2.0 has just been released, and it comes packed with some fantastic updates!
In this latest release, we've made significant improvements to enhance your threat detection capabilities. Here are the key highlights:
Dynamo Enhancements:
✅ We've added detection for suspicious scheduled tasks executing suspicious utilities, extensions, or running from uncommon locations.
✅ New detection capabilities for suspicious registry persistence methods have been integrated.
✅ Our team has enhanced detection for the HTML smuggling technique, even when the file is no longer present.
✅ Various detections have been added to identify tactics used by malware targeting macOS and Linux.
Yara Updates:
✅ Detection for Cobalt Strike and Havoc framework has been updated to keep you ahead of evolving threats.
✅ We've revamped our detection capabilities to cover various techniques observed in the latest reports, including masquerading and obfuscated/encoded content.
These intelligence-driven updates are designed to give you confidence that you're always a step ahead of adversaries
#Cybersecurity #ThreatDetection #Binalyze #MITREATTACK #SecurityUpdates @EmreTinaztepe@binalyze@Cyb3rMonk@Computeus7@TwinTwin911
👉Added detection for various info stealers targeting macOS and other trending malware
👉Improved detection for various tools used by APT and ransomware groups for privilege escalation, credentials dumping, network tunneling & more.
https://t.co/RmlFMyW9Qf
#yara#DFIR
Binalyze AIR MITRE ATT&CK: Version 1.7.1 has landed!
👉Added detection for archives taking advantage of WinRar vulnerability tracked as CVE-2023-38831.
Continued...
👉Added detection for novel technique where Office document gets embedded into PDF file for defense evasion.
👉Added detection for various families and TTPs mentioned in the latest reports.
*Update applies to Windows, Linux and macOS.
https://t.co/ewrbhqYQJ3
AIR MITRE ATT&CK: Version 1.6.0 has landed!
👉Improved detection for Red Teaming and exploitation frameworks observed in latest reports, such as Brute Ratel and Metasploit.
Continued...
Binalyze Secures $19 Million in Series A Funding
Led by Molten Ventures with participation from Earlybird Digital East and OpenOcean, and new investors Cisco Investments, Citibank Ventures, and Deutsche Bank Ventures.
https://t.co/H7EYaYsyHV
#DFIR#News#Cybersecurity
👉Added detection for malware families mentioned in latest reports such as MacOS version of XLoader and HiatusRAT.
*Update applies to Windows, Linux and MacOS.
Sign up for your 14-day free trial now: https://t.co/Wvl5FLrE9B
#DFIR#Alert#DigitalForensics#IncidentResponse
MITRE ATT&CK: Version 1.5.1 is here!
👉Improved detection for privilege escalation tools such as Potato (Juicy Potato and similar) and others.
👉Improved detection for various pentesting frameworks and hacktools.
(continued)
👉Updated detection for various persistence and defense evasion techniques.
👉Added detection for anomalies, obfuscation techniques and malware families mentioned in recent reports.
*Update applies to Windows and Linux.
Sign up now: https://t.co/fXU1n6yUUY
#DFIR
MITRE ATT&CK: Version 1.4.0 is here!
👉Updated detection for indicators of various hacking tools used for discovery, lateral movement and privilege escalation.
👉Updated detection for packers often used in malicious executables.
Continued...
👉 Added/updated generic detection for various techniques including html smuggling, powershell and javascript obfuscation, initial access archives (ZIP, ISO) and more.
Free trial: https://t.co/2wOeRN6oNy
2/2
@binalyze 🏎️ moving fast!
@MITREattack Version 1.2.0 is live on AIR
👉 Added detection for compromised (stolen) certificates.
👉 Added detection for various #malware families mentioned in latest reports.
1/2
Collecting and parsing almost everything, running #Sigma, #YARA, and #Osquery, and displaying results in an interactive UI with MITRE ATT&CK mapping is finally possible!🔥
(More to come)
#DFIR#ThreatHunting
@MITREattack analyzer version 1.1.0 is live on @binalyze AIR:
👉 Added coverage for various malware families and campaigns mentioned in recent reports
1/3
👉 Added detection for various credential stealing, privilege escalation and exploitation hack tools as well as for some penetration testing frameworks
👉 Added detection for various anomalies that adversaries take advantage of in order to stay undetected
2/3
High-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM.
#DFIR#ThreatHunting#SOC https://t.co/4MsOucN8d2
We have published the YARA rule to detect Cisco CVE-2023-20178 Proof-of-concept exploit code. This is PoC for Arbitrary File Delete vulnerability in Cisco Secure Client (tested on 5.0.01242) and Cisco AnyConnect (tested on 4.10.06079).