Cloudflared Tunnel Connections Cleanup

Rule Info

Name
Cloudflared Tunnel Connections Cleanup
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of the "cloudflared" tool with the tunnel "cleanup" flag in order to cleanup tunnel connections.
Reference
https://github.com/cloudflare/cloudflared
Date
2023-05-17 00:00:00
Modified
2023-12-21 00:00:00
Id
7050bba1-1aed-454e-8f73-3f46f09ce56a
Tags
attack.command_and_control attack.t1102 attack.t1090 attack.t1572 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=7050bba1-1aed-454e-8f73-3f46f09ce56a

Rule History

Author
Title
Date
Commit
Sajid Nawaz Khan
Merge PR #4628 from @ssnkhan - New: Detect Creation of Cloudflared Quick Tunnels
2023-12-21
d88e55651
BlueTeamOps
feat: add new rules related to cloudflared usage (#4243)
2023-05-18
7b90c00a4
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022