FireEye has released countermeasures to help detect when their tools that have been stolen are being used. Are these countermeasures being added to InsightIDR?
1 Like
Hi Scott,
Thanks for reaching out and pointing that out.
It is always sad to hear when evil strikes but rest assured that our Threat Intel/Detection team has looked carefully at those countermeasures (https://github.com/fireeye/red_team_tool_countermeasures) and is working on adding them to our detection definition platform.
1 Like
Hi Scott,
The following additional detections have been added to IDR in response to the FireEye breach reporting. Additional will be added as we test them:
- Attacker Tool - FireEye Stolen Tools (Note: 101 hashes of stolen tools)
- Attacker Tool - ADPassHunt
- Attacker Tool - SafetyDump
- Attacker Tool - GadgetToJScript
- Attacker Tool - SharPersist
- Attacker Tool - SafetyKatz
- Attacker Tool - SharpView
- Attacker Tool - Rural Bishop
- Attacker Tool - Rubeus
- Attacker Tool - Direct HTTP Tunnel
- Attacker Tool - Seatbelt
- Attacker Tool - Inveigh
- Attacker Tool - SharpZeroLogon
- Attacker Tool - SharpHound
- Attacker Tool - SafetyKatz
Regards