Microsoft Teams Sensitive File Access By Uncommon Applications

Rule Info

Name
Microsoft Teams Sensitive File Access By Uncommon Applications
Author
@SerkinValery
Description
Detects file access attempts to sensitive Microsoft teams files (leveldb, cookies) by an uncommon process.
Reference
https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/
Date
2024-07-22 00:00:00
Modified
None
Id
65744385-8541-44a6-8630-ffc824d7d4cc
Tags
attack.credential-access attack.t1528 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=65744385-8541-44a6-8630-ffc824d7d4cc

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Mohamed Ashraf
Merge PR #4934 from @X-Junior - Update and add new `file_access` rules
2024-07-31
65d76a30a
fornotes
Merge PR #4920 from @fornotes - Update `file_access` based rules
2024-07-22
b53c9bd2f
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022