IT disaster recovery, cloud computing and information security news

CISA gives details of a tool it has developed for detecting post-compromise threat activity

The US Cybersecurity & Infrastructure Security Agency (CSIA) has published details of the CHIRP indicators of compromise (IOC) detection tool which it is making freely available. In alert ‘AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool’ CISA gives an overview of the CHIRP (CISA Hunt and Incident Response Program) tool, which scans for signs of APT compromise within an on-premises environment.

CHIRP is a command-line executable with a dynamic plugin and indicator system to search for signs of compromise. CHIRP has plugins to search through event logs and registry keys and run YARA rules to scan for signs of APT tactics, techniques, and procedures. CHIRP also has a YAML file that contains a list of IOCs that CISA associates with the malware and APT activity detailed in CISA Alerts AA20-352A and AA21-008A.

CHIRP is freely available on the CISA GitHub Repository and CISA will continue to release plugins and IOC packages for new threats as they develop.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.