[New Rule] Google Sheets C2 Detection Review (Voldemort)

[terrancedejesus]

Description

Review detection coverage for C2 via Google Sheets from recent "Voldemort" campaign.

Target Ruleset

windows

Target Rule Type

Event Correlation (EQL)

Tested ECS Version

No response

Query

No response

New fields required in ECS/data sources for this rule?

No response

Related issues or PRs

Related: https://github.com/elastic/ia-trade-team/issues/271

References

https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort?utm_source=twitter&utm_medium=social_organic&utm_campaign=2024&utm_post_id=577aa726-abfa-4cc3-a049-463c2f14d12a

Redacted Example Data

No response