Burnt by SolarWinds attack? US releases tool for post-compromise detection

CISA says CHIRP currently looks for:

  • The presence of malware identified by security researchers as TEARDROP and RAINDROP;
  • Credential dumping certificate pulls;
  • Certain persistence mechanisms identified as associated with this campaign;
  • System, network, and M365 enumeration; and
  • Known observable indicators of lateral movement.

CHIRP is available on GitHub as a compiled executable or as a Python script.

FireEye in January also released a free tool on GitHub called Azure AD Investigator.

Burnt by SolarWinds attack? US releases tool for post-compromise detection | ZDNet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s