security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge PR #4601 from @StevenD33 - Add ATT&CK Group Tag For Some Emerging Threats Rules

Browse Source 
update: Exchange Exploitation Used by HAFNIUM - Add related ATT&CK group tag
update: Potential Operation Triangulation C2 Beaconing Activity - DNS - Add related ATT&CK group tag
update : Potential Operation Triangulation C2 Beaconing Activity - Proxy - Add related ATT&CK group tag
update : Potential POWERTRASH Script Execution - Add related ATT&CK group tag
update : Potential APT FIN7 Related PowerShell Script Created - Add related ATT&CK group tag
update : Potential APT FIN7 POWERHOLD Execution - Add related ATT&CK group tag
update : Potential APT Mustang Panda Activity Against Australian Gov - Add related ATT&CK group tag
update : Potential APT FIN7 Reconnaissance/POWERTRASH Related Activity - Add related ATT&CK group tag
This commit is contained in:
Steven
2023-11-28 10:51:24 +01:00
committed by GitHub
parent 1faea2ba9b
commit 31aee7ffd8
10 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules-emerging-threats/2021/TA/HAFNIUM/proc_creation_win_apt_hafnium.yml
+1
View File
@@ -15,6 +15,7 @@ tags:
- attack.persistence
- attack.t1546
- attack.t1053
- attack.g0125
- detection.emerging_threats
logsource:
category: process_creation
rules-emerging-threats/2021/TA/HAFNIUM/web_exchange_exploitation_hafnium.yml
+1
View File
@@ -11,6 +11,7 @@ modified: 2023/01/02
tags:
- attack.initial_access
- attack.t1190
- attack.g0125
- detection.emerging_threats
logsource:
category: webserver
rules-emerging-threats/2023/TA/EquationGroup/net_dns_apt_equation_group_triangulation_c2_coms.yml
+1
View File
@@ -12,6 +12,7 @@ author: Florian Roth (Nextron Systems)
date: 2023/06/01
tags:
- attack.command_and_control
- attack.g0020
- detection.emerging_threats
logsource:
category: dns
rules-emerging-threats/2023/TA/EquationGroup/proxy_apt_equation_group_triangulation_c2_coms.yml
+1
View File
@@ -12,6 +12,7 @@ author: Florian Roth (Nextron Systems)
date: 2023/06/01
tags:
- attack.command_and_control
- attack.g0020
- detection.emerging_threats
logsource:
category: proxy
rules-emerging-threats/2023/TA/FIN7/file_event_win_apt_fin7_powershell_scripts_naming_convention.yml
+1
View File
@@ -8,6 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/05/04
tags:
- attack.execution
- attack.g0046
- detection.emerging_threats
logsource:
category: file_event
rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powerhold.yml
+1
View File
@@ -9,6 +9,7 @@ date: 2023/05/04
tags:
- attack.execution
- attack.t1059.001
- attack.g0046
- detection.emerging_threats
logsource:
product: windows
rules-emerging-threats/2023/TA/FIN7/posh_ps_apt_fin7_powertrash_execution.yml
+1
View File
@@ -9,6 +9,7 @@ date: 2023/05/04
tags:
- attack.execution
- attack.t1059.001
- attack.g0046
- detection.emerging_threats
logsource:
product: windows
rules-emerging-threats/2023/TA/FIN7/proc_creation_win_apt_fin7_powertrash_lateral_movement.yml
+1
View File
@@ -10,6 +10,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/05/04
tags:
- attack.execution
- attack.g0046
- detection.emerging_threats
logsource:
category: process_creation
rules-emerging-threats/2023/TA/Lazarus/image_load_apt_lazarus_side_load_activity.yml
+1
View File
@@ -12,6 +12,7 @@ tags:
- attack.privilege_escalation
- attack.t1574.001
- attack.t1574.002
- attack.g0032
- detection.emerging_threats
logsource:
product: windows
rules-emerging-threats/2023/TA/Mustang-Panda-Australia-Campaign/proc_creation_win_apt_mustang_panda_indicators.yml
+1
View File
@@ -8,6 +8,7 @@ author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/05/15
tags:
- attack.execution
- attack.g0129
- detection.emerging_threats
logsource:
category: process_creation