Thor - Reg. CISA's report We have a Sigma rule that would've detected that renamed procdump since 2019 & we use a similar YARA rule since 2014 in @thor_scanner That's the detection logic that I like most - it allows you to detect threats 7 years in the future https://t.co/EqYwPjSMgo https://t.co/wM2LBJy3mw

11:48pm PDT - April 22nd, 2021

Reg. CISA's report We have a Sigma rule that would've detected that renamed procdump since 2019 & we use a similar YARA rule since 2014 in @thor_scanner That's the detection logic that I like most - it allows you to detect threats 7 years in the future https://t.co/EqYwPjSMgo https://t.co/wM2LBJy3mw

6 retweets 2 likes -

Florian Roth (@cyb3rops)