Rule Info
Name
Microsoft Teams Sensitive File Access By Uncommon Applications
Author
@SerkinValery
Description
Detects file access attempts to sensitive Microsoft teams files (leveldb, cookies) by an uncommon process.
Date
2024-07-22 00:00:00
Modified
None
Id
65744385-8541-44a6-8630-ffc824d7d4cc
Tags
attack.credential-access attack.t1528 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Mohamed Ashraf
Merge PR #4934 from @X-Junior - Update and add new `file_access` rules
2024-07-31