
Rule Info
Name
Lace Tempest PowerShell Launcher
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects a PowerShell script used by Lace Tempest APT to launch their malware loader by exploiting CVE-2023-47246 as reported by SysAid Team
Reference
Date
2023-11-09 00:00:00
Modified
None
Id
37dc5463-f7e3-4f61-ad76-ba59cd02a651
Tags
attack.execution attack.t1059.001 detection.emerging-threats
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Nasreddine Bencherchali
Merge PR #4555 from @nasbench - New ET Rules Related To Lace Tempest / SysAid CVE-2023-47246 Exploitation
2023-11-10