The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CHIRP searches for IOCs associated with malicious activity detailed in AA20-008A and AA21-352A that has spilled into an enterprise environment. CISA advises organizations to use CHIP to analyze their environment when they want to: examine Windows event logs for artifacts associated with this activity;.Examine Windows Registry for evidence of intrusion; and.Apply YARA rules to detect malware, backdoors, or implants.
Source: https://www.bleepingcomputer.com/news/security/cisa-releases-new-solarwinds-malicious-activity-detection-tool/