This past week Microsoft MSRT push contains detections/removals for several widely used APT tools. The coalition (led by Novetta) that brought about the inclusions of these tools in this month MSRT, are encouraging enterprises to push/execute this month MSRT update. Some of malware included in this month MSRT update have a preliminary report posted here. If you are using either Snort or Sourcefire, the ruleID's to detect some of the threat/family in this month MSRT release are listed below and can be downloaded from Snort or from Sourcefire VRT subscription. Derusbi -- 20080 [1] http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 486 Posts ISC Handler Oct 19th 2014 |
Thread locked Subscribe |
Oct 19th 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!