Password Protected Compressed File Extraction Via 7Zip

Rule Info

Name
Password Protected Compressed File Extraction Via 7Zip
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects usage of 7zip utilities (7z.exe, 7za.exe and 7zr.exe) to extract password protected zip files.
Reference
https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/
Date
2023-03-10 00:00:00
Modified
None
Id
b717b8fd-6467-4d7d-b3d3-27f9a463af77
Tags
attack.collection attack.t1560.001 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b717b8fd-6467-4d7d-b3d3-27f9a463af77

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4700 from @nasbench - Promote older rules status from `experimental` to `test`
2024-02-01
367ebd939
Wagga
Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields
2023-10-28
8bf328219
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
Nasreddine Bencherchali
fix: add missing modifier
2023-03-11
1743ce90e
Nasreddine Bencherchali
feat: more updates
2023-03-10
991c824f9
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022