Unmasking BitRAT's C2 over HTTPS
BitRAT hides its C2 over HTTPS, but a default SSL certificate gives it away. See how to detect it with Zeek, Suricata, and SIEM queries.
BitRAT hides its C2 over HTTPS, but a default SSL certificate gives it away. See how to detect it with Zeek, Suricata, and SIEM queries.
Learn how Corelight detects ScoutC2 malware using Zeek, SIEM queries, and Suricata rules for distinctive HTTP paths, methods, headers, and payload...
In recent months STRRAT has become one of the top malware families submitted to Any.Run. Here's how to detect it.
Hunt of the Month: Detecting AsyncRAT Malware Over HTTPS
Corelight announces the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework.
Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web...
Corelight Labs looks at three APT toolsets that have been linked to five threat actors, detecting each using relatively simple search logic.
In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.
In this post Corelight Labs reviewed a proof of concept exploit for this vulnerability and wrote a Zeek-based detection for it.