Skip to content

v3.53.0
Compare
Choose a tag to compare
@github-actions github-actions released this 15 Nov 20:57
· 7305 commits to develop since this release
v3.53.0
1b3e1e5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

New Analytic Story

Updated Analytic Story

  • IcedID
  • Remcos
  • Qakbot
  • Azorult

New Analytics

  • SSL Certificates with Punycode
  • Windows App Layer Protocol Qakbot NamedPipe
  • Zeek x509 Certificate with Punycode

Updated Analytics

  • Attempted Credential Dump From Registry via Reg exe
  • AWS Detect Users with KMS keys performing encryption S3 (thank you Antony Bowesman)
  • AWS ECR Container Upload Outside Business Hours (thank you Antony Bowesman)
  • BITSAdmin Download File
  • BITS Job Persistence
  • Common Ransomware Extensions (thank you Steven Dick)
  • Creation of Shadow Copy
  • Detect Rare Executables (thank you Antony Bowesman)
  • Dump LSASS via procdump
  • Executables Or Script Creation In Suspicious Path
  • Kubernetes AWS detect suspicious kubectl calls (thank you Antony Bowesman)
  • O365 Disable MFA (thank you Jamie Windley)
  • Office Document Executing Macro Code
  • Office Product Spawn CMD Process
  • Office Product Spawning Windows Script Host
  • Process Creating LNK file in Suspicious Location
  • RunDLL Loading DLL By Ordinal
  • Suspicious Process File Path

Other updates

  • The name for a few analytics tests were updated #2455
  • Added a CI check to validate NIST and CIS20 tags #2390
Assets 7
Loading