NetWitness Community

jarerrat · ‎2020-06-12

First of all I have an RSA netwitness product and I've no malware analysis. So now I've got a news about SNAKE Ransomeware And I need to protect it.

News : Honda investigates possible ransomware attack, networks impacted - Bangkok, Thailand | i-secure Co, Ltd.

Now I've the IOC is

File name: nmon.exe

Hash

MD5: ed3c05bde9f0ea0f1321355b03ac42d0

SHA-1: e2e14949d0cbc14cd3893da035cc13b509e70a18

SHA-256: d4da69e424241c291c173c8b3756639c654432706e7def5025a649730868c4a1

File type: Win32 EXE

Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit

File size: 3.78 MB (3965952 bytes)

Ref: VirusTotal

File name: nmon.exe
MD5: 7ddb09db3fb9b01fa931c2a1a41e13e1

SHA-1: 8941f55d8f9842cb4cbd5215adf3345afd16e6cb

SHA-256: edef8b955468236c6323e9019abb10c324c27b4f5667bc3f85f3a097b2e5159a

File type: Win32 EXE

Magic: PE32 executable for MS Windows (console) Intel 80386 32-bit

File size: 3.78 MB (3965440 bytes)

Ref : VirusTotal

How can I put this information (Hash, Filetype, Name) into my RSA Netwitness for protect this ransomware

I try to figure this out but not work. I've no idea about this. I'm not sure I can put it in the decoder or the Rules

Please guide me how to do this I'll help me a lot in the future Thank you.

EricaChalfin · ‎2020-06-12

Jarernpong Rattanawin‌,

Welcome to RSA Link!

I've moved your question to the RSA NetWitness Platform space where it will be seen by the product's support engineers, other customers and partners. Please bookmark this page and use it when you have product-specific questions.

Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question. From there, scroll to @RSA NetWitness Platform‌ and click Ask A Question. That way your question will appear in the correct space.

Regards,

Erica

NetWitness Community

How can I put the Malware information to my RSA Netwitness