Politics Technology cybersecurity
Florian Roth ⚡
Florian Roth ⚡

@cyb3rops

4 Tweets 18 reads Oct 26, 2019
Twitter
Yes, an old #Sigma rule that detect Office programs spawning processes in user folders would have detected #APT28's recent campaign agains Kazakhstan
Tweet by @MeltX0R
Dropper in Sandbox
app.any.run
Rule
github.com
Yes, an old #Sigma rule that detect Office programs spawning processes in user folders would have de...
Yes, an old #Sigma rule that detect Office programs spawning processes in user folders would have de...
Yes, an old #Sigma rule that detect Office programs spawning processes in user folders would have de...
github.com/Neo23x0/sigma/…
app.any.run/tasks/7d7fa4a0…
@MeltX0R Also check that User-Agent without 'AppleWebKit ..' used by the malware.
Netscape Navigator 5 (or alike) on Windows 10 shouldn't be that common.
Mozilla/5.0 (Windows NT 10.0; Win64; x64)
@MeltX0R Also check that User-Agent without 'AppleWebKit ..' used by the malware. Netscape Navigat...
@MeltX0R Also check that User-Agent without 'AppleWebKit ..' used by the malware. Netscape Navigat...
@MeltX0R Also check that User-Agent without 'AppleWebKit ..' used by the malware. Netscape Navigat...
@MeltX0R Also check that User-Agent without 'AppleWebKit ..' used by the malware. Netscape Navigat...
@MeltX0R Bam 💥
Added to proxy UA Sigma rule
#L53" target="_blank" rel="noopener" onclick="event.stopPropagation()">github.com
Providing immediate detection.
They cannot hide.
github.com/Neo23x0/sigma/…
@MeltX0R Looks similar to the UA used by CobaltStrike beacons and found in another Sigma rule in our repo
#L24" target="_blank" rel="noopener" onclick="event.stopPropagation()">github.com
@MeltX0R Looks similar to the UA used by CobaltStrike beacons and found in another Sigma rule in our...
github.com/Neo23x0/sigma/…

Categories

Politics Technology cybersecurity

Some tweets missing

Loading suggestions...