EternalRocks Worm Detector SIEM Use Case

London, UK ā€“ May 25, 2017 ā€“ SOC Prime, Inc. reports on public availability of SIEM use cases for EternalRocks detection. Based on the information gathered by Miroslav Stampar, expert of the Croatian Government CERT, we created EternalRocks Worm Detector for HPE ArcSight, IBM QRadar and Splunk. EternalRocks is the more sophisticated successor to the WannaCry ransomware worm that uses 7 exploits of the NSA in the SMB protocol published by Shadow Brokers: EternalBlue, Eternalchampion, Eternalromance, Eternalsynergy, Doublepulsar, Architouch and SMBtouch (while Wannacry uses only 2). This worm is used by attackers to set the stage for further attacks and supports code autoupdate. A complete analysis of EternalRocks is available at https://github.com/stamparm/EternalRocks/
Miroslav tracked the first samples of the worm until May 3, 2017.

We also continue to update WannaCry Ransomware Worm Detector. Our team constantly adds new network and host indicators of compromise (IOC’s) to help you timely detect this virus. Now Use Cases contain more than 570 IOC’s, and more than 230 companies around the world have already used them to protect themselves against WCry epidemic.

You can register in Security Management Assistance cloud and get EternalRocks Worm Detector and WannaCry Ransomware Worm Detector use cases free of charge. In addition we temporarily reduced the price of premium use cases DetectTor Advanced and Ransomware Hunter Advanced to just 1 point. These use cases leverage threat intelligence and behavior based correlation to help you with proactive detection of new ransomware families and threats that abuse anonymity of Tor network. Hopefully we can make cyberspace a little bit safer together.

You can start working with S.M.A cloud and get access to the Use Cases and analytics in 1 minute. Step-by-step video guide will help you to do this. It describes in detail all the features and principles of the 3 cloud service modules: Use Case Library, Health Check and Cyber ā€‹ā€‹Incidents Insight. This video is also available in our group on YouTube.

EternalRocks Worm Detector for ArcSight: https://ucl.socprime.com/use-case-library/info/409/
EternalRocks Worm Detector for QRadar: https://ucl.socprime.com/use-case-library/info/410/
EternalRocks Worm Detector for Splunk: https://ucl.socprime.com/use-case-library/info/411/

Ready to try out SOC Prime TDM? Sign up for free. Or join Threat Bounty Program to craft your own content and share it with the TDM community.