Lace Tempest Cobalt Strike Download

Rule Info

Name
Lace Tempest Cobalt Strike Download
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects specific command line execution used by Lace Tempest to download Cobalt Strike as reported by SysAid Team
Reference
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
Date
2023-11-09 00:00:00
Modified
None
Id
aa5b0a40-ed88-46aa-9fdc-0337b379ca9d
Tags
attack.execution detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=aa5b0a40-ed88-46aa-9fdc-0337b379ca9d

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #5027 from @nasbench - Promote older rules status from `experimental` to `test`
2024-10-01
08c52c367
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Nasreddine Bencherchali
Merge PR #4555 from @nasbench - New ET Rules Related To Lace Tempest / SysAid CVE-2023-47246 Exploitation
2023-11-10
c13b568bd
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022