Suspicious File Download From IP Via Curl.EXE

Rule Info

Name
Suspicious File Download From IP Via Curl.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potentially suspicious file downloads directly from IP addresses using curl.exe
Reference
https://labs.withsecure.com/publications/fin7-target-veeam-servers
Date
2023-07-27 00:00:00
Modified
None
Id
5cb299fc-5fb1-4d07-b989-0644c68b6043
Tags
attack.execution
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=5cb299fc-5fb1-4d07-b989-0644c68b6043

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4867 from @nasbench - Promote older rules status from `experimental` to `test`
2024-06-03
d84959e50
Nasreddine Bencherchali
Merge PR #4491 from @nasbench - Rule Updates & Fixes
2023-10-23
edf0ff5cc
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-07-31
e69daf27a
Nasreddine Bencherchali
feat: update curl & wget rules
2023-07-27
1d10fd8d5
Nasreddine Bencherchali
feat: rules update
2023-07-26
b20e7b449
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-05-09
bbf1e5451
Nasreddine Bencherchali
fix: fp found in testing
2023-05-05
6f659d1c1
Nasreddine Bencherchali
feat: updates and new rules related to fin7
2023-05-05
24ed6be06
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022