Hi Aleks,

As checked , the update on 1.4 , included latest IOC's. If i am installing this .arb , my previous customized configuration on same rule , will need to do it again right ?

--SUBIN--

Can you please give , only latest IOC's list . So this will be helpful for us to update the corresponding Active lists.

Hi Subin,

Just added hostnames of known wannacry sites. Created one more list "WannaCry Hostnames" and added condition to Rule. And yes, your filters and conditions will be reset to default. You can backup your conditions and actions to another new rule and after upgrade copy back to rules in updated package.

See screenshot what has changed:

HostName,C2Source,Comments

www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com,,Kill-switch domains

www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com,,Kill-switch domains

57g7spgrzlojinas.onion,,C2 server

76jdd2ir2embyv47.onion,,C2 server

cwwnhwhlz52ma.onion,,C2 server

gx7ekbenv2riucmf.onion,,C2 server

sqjolphimrr7jqw6.onion,,C2 server

xxlvbrloxvriy2c5.onion,,C2 server

I have just editted and added host names in above mentioned Rule

Hi Alex,

This is very helpful to play with our resources for tracing wannacry. I have just modified the filters, defined our exceptions. It is going well.. I will look forward to hearing any updates from you.

Thank you too much!

Tugce

Hi Tugce,

Thank you for your feedback. I really appreciate it

In case you have any questions please look on description of rules here: