Suspicious Non-Browser Network Communication With Telegram API

Rule Info

Name
Suspicious Non-Browser Network Communication With Telegram API
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects an a non-browser process interacting with the Telegram API which could indicate use of a covert C2
Reference
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/small-sieve/NCSC-MAR-Small-Sieve.pdf
Date
2023-05-19 00:00:00
Modified
None
Id
c3dbbc9f-ef1d-470a-a90a-d343448d5875
Tags
attack.command_and_control attack.t1102 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=c3dbbc9f-ef1d-470a-a90a-d343448d5875

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4791 from @nasbench - Promote older rules status from `experimental` to `test`
2024-04-01
a8e1ecd65
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
Nasreddine Bencherchali
feat: add new rules related to small sieve
2023-05-19
7b662b7c3
Nasreddine Bencherchali
fix: filter names and title
2023-05-09
231c2ecca
Nasreddine Bencherchali
fix: single list element
2023-05-09
91daec6d3
Nasreddine Bencherchali
fix: metadata update
2023-05-09
3767682f1
Gavin Knapp
Update net_connection_win_notion.yaml
2023-05-04
063bb57df
Gavin Knapp
Rename net_connection_win_notion.yml to net_connection_win_notion.yaml
2023-05-04
c11b69b8f
Gavin Knapp
Create net_connection_win_notion.yml
2023-05-03
401d71d9d
Nasreddine Bencherchali
fix: update hostname field
2023-04-19
08e3089c6
Nasreddine Bencherchali
feat: update browsers selections and filters
2023-04-18
4e7bb74d4
m4nbat
New rules added for LockBit and Reddit used for C2. (#4045)
2023-02-20
ae469ddef
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022