security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1649 from leegengyu/patch-9

Browse Source 
Update win_apt_apt29_thinktanks.yml - Links
This commit is contained in:
Florian Roth
2021-07-07 18:10:27 +02:00
committed by GitHub
parent 8fd5a761a2 1adac5b036
commit 25dec8a17b
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/win_apt_apt29_thinktanks.yml
+3 -2
View File
@@ -1,8 +1,9 @@
title: APT29
id: 033fe7d6-66d1-4240-ac6b-28908009c71f
description: This method detects a suspicious powershell command line combination as used by APT29 in a campaign against US think tanks
description: This method detects a suspicious PowerShell command line combination as used by APT29 in a campaign against U.S. think tanks.
references:
- https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
- https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/
- https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html
tags:
- attack.execution
- attack.g0016