Created
December 13, 2021 21:30
-
-
Save Phrozyn/d06e0a6406a849af0267e63f1232c1fc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "sigma": { | |
| "level": "low", | |
| "text": "", | |
| "falsepositives": [ | |
| "backups to gdrive, etc. filtering will be necessary" | |
| ], | |
| "status": "testing" | |
| }, | |
| "release_date": "2020-04-23T09:17:18.000Z", | |
| "description": "Detects file names that may be used for collection shuch as short zip documents, dump files, password files, etc", | |
| "siem_type": "sigma", | |
| "is_verified": true, | |
| "case": { | |
| "name": "Static demo case", | |
| "id": "staticshowsigma" | |
| }, | |
| "tags": { | |
| "actor": [ | |
| "APT15", | |
| "APT16", | |
| "APT30" | |
| ], | |
| "product": [], | |
| "sigma_type": null, | |
| "event_id": [], | |
| "author": [ | |
| "Alexander Podobulkin" | |
| ], | |
| "service": [], | |
| "custom": null, | |
| "technique": [ | |
| { | |
| "name": "Data Staged", | |
| "tactics": [ | |
| "collection" | |
| ], | |
| "id": "T1074" | |
| }, | |
| { | |
| "name": "Data Transfer Size Limits", | |
| "tactics": [ | |
| "exfiltration" | |
| ], | |
| "id": "T1030" | |
| }, | |
| { | |
| "name": "Data from Information Repositories", | |
| "tactics": [ | |
| "collection" | |
| ], | |
| "id": "T1213" | |
| }, | |
| { | |
| "name": "Disk Structure Wipe", | |
| "tactics": [ | |
| "impact" | |
| ], | |
| "id": "T1561.002" | |
| }, | |
| { | |
| "name": "Disk Wipe", | |
| "tactics": [ | |
| "impact" | |
| ], | |
| "id": "T1561" | |
| } | |
| ], | |
| "logsource": [], | |
| "category": [], | |
| "tool": [ | |
| "Agent Tesla", | |
| "Astaroth", | |
| "Backdoor.Oldrea" | |
| ] | |
| } | |
| }, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment