VERY IMPORTANT

"The following technical markers, SNORT and YARA rules come from ANSSI analyzes during the processing of a compromise campaign by the Sandworm operating mode affecting several French entities and targeting the Centreon monitoring software . This attack campaign is described in the report CERTFR-2021-CTI-004. They are provided for compromise research in historical logs, on systems, and in real-time network streams. Any detection based on these elements does not constitute proof of compromise but must be analyzed in order to remove the doubt. Several elements relate to tools shared by several attackers and their detection alone is not sufficient to link an incident to this attack campaign. ANSSI is interested in any incident discovered in connection with this campaign."