Onyx Sleet APT File Creation Indicators

Rule Info

Name
Onyx Sleet APT File Creation Indicators
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects file creation activity that is related to Onyx Sleet APT activity
Reference
https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/
Date
2023-10-24 00:00:00
Modified
None
Id
2fef4fd9-7206-40d1-b4f5-ad6441d0cd9b
Tags
attack.execution detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=2fef4fd9-7206-40d1-b4f5-ad6441d0cd9b

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4991 from @nasbench - Promote older rules status from `experimental` to `test`
2024-09-02
839f5636f
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Nasreddine Bencherchali
Merge PR #4505 from @nasbench - Add New Rules Related to Onyx & Dimaond Sleet APT Exploitation Activity
2023-10-28
fe3b8c4b7
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022