
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
SOC_Prime_WannaCry_Ransomware_Worm_Detector_1.4.arb


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Aleks,
As checked , the update on 1.4 , included latest IOC's. If i am installing this .arb , my previous customized configuration on same rule , will need to do it again right ?
--SUBIN--


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Can you please give , only latest IOC's list . So this will be helpful for us to update the corresponding Active lists.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Subin,
Just added hostnames of known wannacry sites. Created one more list "WannaCry Hostnames" and added condition to Rule. And yes, your filters and conditions will be reset to default. You can backup your conditions and actions to another new rule and after upgrade copy back to rules in updated package.
See screenshot what has changed:
HostName,C2Source,Comments
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com,,Kill-switch domains
www.ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com,,Kill-switch domains
57g7spgrzlojinas.onion,,C2 server
76jdd2ir2embyv47.onion,,C2 server
cwwnhwhlz52ma.onion,,C2 server
gx7ekbenv2riucmf.onion,,C2 server
sqjolphimrr7jqw6.onion,,C2 server
xxlvbrloxvriy2c5.onion,,C2 server


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I have just editted and added host names in above mentioned Rule

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Alex,
This is very helpful to play with our resources for tracing wannacry. I have just modified the filters, defined our exceptions. It is going well.. I will look forward to hearing any updates from you.
Thank you too much!
Tugce

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content