- HashesMD5, SHA1 and SHA256.
- File Namesstring.
- Stringsgrep in files.
- C2 server
- Hot Time Frame.
The main features of Fenrir are:
- No installation required.
- It's a Bash script.
- Common feature extraction tools are used.
- It is intended to work on any Linux / Unix / OSX with Bash.
- Minimum footprint.
- Exclusions speed up the scanning process.
Fenrir is 3o tool after THOR and LOKI. THOR is a fully equipped scanner APT with many modules and export types for corporate customers. LOKI is one It's free IOC scanner using YARA. Still being tested.
In practice Fenrir:
- Reads the files
- Controls C2 servers for lsof result.
- Checks for specific file extensions.
- Check the file names that match IOC files.
- Checks for specific strings in archives.
- Checks for hash values.
How useful was this post?
Average rating / 5. Vote count: