Fenrir 0.9.0 - Log4Shell Release

A special Fenrir release that includes indicators

• of a compromise (see IOC files)
• of vulnerable log4j versions (hash list by @mubix)

FENRIR 0.8.0 - Sandworm Centreon Edition

This Fenrir Release of version 0.8.0 contains indicators of compromise and strings found in malware mentioned in CERTFR report on Sandworm activity

FENRIR 0.7.2 - Sandworm Exim Attacks Release

Detects exim exploit attempts, malicious scripts and forensic artefacts on host compromised by Sandworm group

Rules and IOCs are based on samples derived from this report: NSA Cyber Report

FENRIR 0.7 - Academic Attack Release

• detects IOCs used in attacks on academic data centers
  https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/

FENRIR 0.5 - Energetic Bear Release

• Prepared to detect the IOC reported by Kaspersky in recent Energetic Bear report

https://securelist.com/energetic-bear-crouching-yeti/85345/

I used pretty specific strings extracted from the WSO shells for the string match detection:

FENRIR 0.5

• passed intense beta testing
• detection modules: hashes, file names, strings, c2, hot time frame file creation
• "find" directory walk
• logging: syslog, file, command line