Lace Tempest Malware Loader Execution

Rule Info

Name
Lace Tempest Malware Loader Execution
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of a specific binary based on filename and hash used by Lace Tempest to load additional malware as reported by SysAid Team
Reference
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
Date
2023-11-09 00:00:00
Modified
None
Id
745ea50b-9673-4ba7-9426-cb45cf4a8e6d
Tags
attack.execution detection.emerging_threats DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=745ea50b-9673-4ba7-9426-cb45cf4a8e6d

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4555 from @nasbench - New ET Rules Related To Lace Tempest / SysAid CVE-2023-47246 Exploitation
2023-11-10
c13b568bd
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022