PUA - GoodSync Execution

Rule Info

Name
PUA - GoodSync Execution
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects execution of PUA - GoodSync, which is a legitimate tool used for file synchronization and backup, which adversaries can abuse for data exfiltration. GoodSync is a popular file synchronization and backup software that can be used to transfer files between systems and is very common application in many organizations. If you don't usually use GoodSync on your enterprise, this warrants further investigation as it could be a sign of data exfiltration.
Reference
https://www.goodsync.com/
Date
2025-04-08 00:00:00
Modified
None
Id
566568db-d1fe-48b4-9f1d-06db953e756b
Tags
attack.exfiltration attack.t1567
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022