FireEye Mandiant SunBurst Countermeasures
These rules are provided freely to the community without warranty. In this GitHub repository you will find rules in multiple languages: Snort Yara IOC ClamAV The rules are categorized and labeled into two release states: Production: rules that are expected to perform with minimal tuning. Supplemental: rules that are known to require further environment-specific tuning and tweaking to perform, and are often used for hunting workflows. Please check back to this GitHub for updates to these rules. FireEye customers can refer to the FireEye Community (community.fireeye.com) for information on how FireEye products detect these threats. The entire risk as to quality and performance of these rules is with the users. Please review the FireEye blog for additional details on this threat. Please note: COSMICGALE and SUPERNOVA signatures and indicators are confirmed to detect malicious files and activity, however they have not been directly associated with the current UNC2452 Solarwinds compromise. The entire risk as to quality and performance of these rules is with the users. Please review the FireEye blog for additional details on this threat. Please note: COSMICGALE and SUPERNOVA signatures and indicators are confirmed to detect malicious files and activity, however they have not been directly associated with the current UNC2452 Solarwinds compromise.
FEATURES
SIMILAR TOOLS
API for querying domain security information, categorization, and related data.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
YARA signature and IOC database for LOKI and THOR Lite scanners with high quality rules and IOCs.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
Zero Day Live is a threat intelligence platform that provides early detection of malware and zero-day vulnerabilities through a proprietary sensor network processing over 1 billion data points.
Check the reputation of an IP address to identify potential threats.
Repository of Yara signatures for detecting targeted attacks on civil society organizations
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.