Lace Tempest PowerShell Evidence Eraser

Rule Info

Name
Lace Tempest PowerShell Evidence Eraser
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects a PowerShell script used by Lace Tempest APT to erase evidence from victim servers by exploiting CVE-2023-47246 as reported by SysAid Team
Date
2023-11-09 00:00:00
Modified
None
Id
b377ddab-502d-4519-9e8c-5590033d2d70
Tags
attack.execution attack.t1059.001 detection.emerging_threats DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4555 from @nasbench - New ET Rules Related To Lace Tempest / SysAid CVE-2023-47246 Exploitation
2023-11-10