Lotus Blossom Continues ASEAN Targeting
February 13, 2018
During the last weeks of January (2018), nation state actors from Lotus Blossom conducted a...
Malspam delivers GandCrab ransomware 2-7-2017
February 8, 2018
Malspam was observed on February 7th 2017 delivering GandCrab ransomware. GandCrab is a new...
Multi-Column Matching with Lua
February 8, 2018
Here's an interesting problem that came from a partner of ours this week. How do you map...
Winds of Winter - MalSpam Delivers Adwind RAT 2-1-2018
February 5, 2018
On February 1st 2018, malspam delivered a malicious RTF document that tries to exploit Microsoft...
Proxy configuration validation for Netwitness
January 29, 2018
Suppose, the proxy details configured using SA Cfg: HTTP Proxy Settings Panel document. However,...
App Rules - Escaping your slashes
January 25, 2018
After spending some time writing application rules for detecting Powershell, lateral movement and...
A New Hancitor Campaign
January 25, 2018
This week RSA FirstWatch observed a new malspam campaign delivering Hancitor malware. Hancitor is a...
Necurs Delivers DRIDEX 1-22-2018
January 23, 2018
During the week following the Orthodox New Year (January 14, 2018), the Necurs botnet re-emerged on...
Meltdown / Spectre patch validation with NetWitness for Endpoint
January 23, 2018
Vulnerabilities give headaches to security teams. RSA aims to improve the user experience and...
Interpreting Regex for IP range
January 23, 2018
This document outlines the procedure to interpret the regex used for IP range in EPL syntax. {1,3}...