[New Rule] APT SolarWinds Backdoor - Execution and Evasion Rules - Githubissues

elastic / detection-rules

https://www.elastic.co/guide/en/security/current/detection-engine-overview.html

Other

1.96k stars 498 forks source link

[New Rule] APT SolarWinds Backdoor - Execution and Evasion Rules #721

Closed Samirbous closed 3 years ago

Samirbous commented 3 years ago

Description

Three behavior rules to detect execution of SUNBURST backdoor as reported by FireEye here.
Two exfiltration related rules as reported here.

Required Info

Eventing Sources:
Target Operating Systems:
Platforms
Target ECS Version: x.x.x
New fields required in ECS for this?
Related issues or PRs

Optional Info

References:

Example Data

Samirbous commented 3 years ago

closed by this https://github.com/elastic/detection-rules/pull/722