FBI report on Russian APT Grizzly Steppe

DHS and FBI released a Joint Analysis Report on December 29th, 2016 regarding malicious activity against the 2016 U.S. Presidential Election cycle, Democratic National Committee (DNC), the US Government and others. This grouping of malicious activity is dubbed 'Grizzly Steppe' and was perpetrated by two Russian intelligence hacker groups. Are you compromised? The IOC list can help by searching your SIEM like Splunk or ELK. But how can you leverage the Yara signature included? Hipara is here to help! Deploy the following rule to your endpoints for protection against this cyber threat!

rule PASTOOLPHPWEBKIT
{ meta: description = "PAS TOOL PHP WEB KIT FOUND" strings: $php = "de'.'code'/ $strreplace = "(strreplace(" $md5 = ".substr(md5(strrev(" $gzinflate = "gzinflate" $cookie = "_COOKIE" $isset = "isset" condition: (filesize > 20KB and filesize < 22KB) and #cookie == 2 and #isset == 3 and all of them }

Email sales@hipara.org for a trial!

Brett Cunningham

Read more posts by this author.

Subscribe to Hipara Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!