I’ve created and released a Zeek package, zeek-notice-telegram. I’ll walk you through a simple example so you can write your own action.
Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” Here's how Corelight Sensors can detect the ChaChi RAT.
Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” Here's how Corelight Sensors can detect the ChaChi RAT.
In this blog we aim to provide a little insight into part of the lifecycle of Corelight Lab’s response to a critical HTTP vulnerability.
This package runs on Corelight Sensors and provides network traffic analysis (NTA) inferences on live RDP traffic.
This blog will introduce a method of detecting the Pingback malware in which attackers often hide their communications in ping message payloads.
A very interesting Linux-based command-and-control (C2) malware was described by the research team at Intezer. Here are a few points about this...
Learn how you can use Zeek to detect this level of cunning evasion tactics in your own retrospective hunts and forensic investigations.
FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform.