Skip to content

Instantly share code, notes, and snippets.

@Phrozyn
Created December 13, 2021 21:30
Show Gist options
  • Save Phrozyn/d06e0a6406a849af0267e63f1232c1fc to your computer and use it in GitHub Desktop.
Save Phrozyn/d06e0a6406a849af0267e63f1232c1fc to your computer and use it in GitHub Desktop.
{
"sigma": {
"level": "low",
"text": "",
"falsepositives": [
"backups to gdrive, etc. filtering will be necessary"
],
"status": "testing"
},
"release_date": "2020-04-23T09:17:18.000Z",
"description": "Detects file names that may be used for collection shuch as short zip documents, dump files, password files, etc",
"siem_type": "sigma",
"is_verified": true,
"case": {
"name": "Static demo case",
"id": "staticshowsigma"
},
"tags": {
"actor": [
"APT15",
"APT16",
"APT30"
],
"product": [],
"sigma_type": null,
"event_id": [],
"author": [
"Alexander Podobulkin"
],
"service": [],
"custom": null,
"technique": [
{
"name": "Data Staged",
"tactics": [
"collection"
],
"id": "T1074"
},
{
"name": "Data Transfer Size Limits",
"tactics": [
"exfiltration"
],
"id": "T1030"
},
{
"name": "Data from Information Repositories",
"tactics": [
"collection"
],
"id": "T1213"
},
{
"name": "Disk Structure Wipe",
"tactics": [
"impact"
],
"id": "T1561.002"
},
{
"name": "Disk Wipe",
"tactics": [
"impact"
],
"id": "T1561"
}
],
"logsource": [],
"category": [],
"tool": [
"Agent Tesla",
"Astaroth",
"Backdoor.Oldrea"
]
}
},
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment