Password Protected Compressed File Extraction Via 7Zip

Rule Info

Tags
attack.collection DEMO attack.t1560.001
Modified
None
Author
Nasreddine Bencherchali (Nextron Systems)
Name
Password Protected Compressed File Extraction Via 7Zip
Description
Detects usage of 7zip utilities (7z.exe, 7za.exe and 7zr.exe) to extract password protected zip files.
Date
2023-03-10 00:00:00
Reference
https://blog.cyble.com/2022/06/07/bumblebee-loader-on-the-rise/
Id
b717b8fd-6467-4d7d-b3d3-27f9a463af77
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b717b8fd-6467-4d7d-b3d3-27f9a463af77

Rule History

Commit
Date
Author
Title
1743ce90e
2023-03-11
Nasreddine Bencherchali
fix: add missing modifier
991c824f9
2023-03-10
Nasreddine Bencherchali
feat: more updates
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022