Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/emerging-threats/2021/malware/pingback/file_event_win_malware_pingback_backdoor/
Pingback Backdoor File Indicators | Detection.FYI
Detects the use of Pingback backdoor that creates ICMP tunnel for C2 as described in the trustwave report
indicators detection fyipingbackbackdoorfile
https://detection.fyi/sigmahq/sigma/emerging-threats/2023/ta/papercut-print-management-exploitation/proc_creation_win_papercut_print_management_exploitation_indicators/
PaperCut MF/NG Exploitation Related Indicators | Detection.FYI
Detects exploitation indicators related to PaperCut MF/NG Exploitation
indicators detection fyipapercutmfngexploitation
https://detection.fyi/sigmahq/sigma/emerging-threats/2023/ta/diamond-sleet/dns_query_win_apt_diamond_steel_indicators/
Diamond Sleet APT DNS Communication Indicators | Detection.FYI
Detects DNS queries related to Diamond Sleet APT activity
indicators detection fyidiamondsleetaptdns