TropicTrooper Campaign November 2018
Detects TropicTrooper activity, an actor who targeted high-profile organizations in the energy and food and beverage sectors in Asia
Sigma rule (View on GitHub)
1title: TropicTrooper Campaign November 2018
2id: 8c7090c3-e0a0-4944-bd08-08c3a0cecf79
3status: stable
4description: Detects TropicTrooper activity, an actor who targeted high-profile organizations in the energy and food and beverage sectors in Asia
5references:
6 - https://www.microsoft.com/en-us/security/blog/2018/11/28/windows-defender-atp-device-risk-score-exposes-new-cyberattack-drives-conditional-access-to-protect-networks/
7author: '@41thexplorer, Microsoft Defender ATP'
8date: 2019-11-12
9modified: 2020-08-27
10tags:
11 - attack.execution
12 - attack.t1059.001
13 - detection.emerging-threats
14logsource:
15 category: process_creation
16 product: windows
17detection:
18 selection:
19 CommandLine|contains: 'abCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCc'
20 condition: selection
21level: high
References
-
Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) team uncovered a new cyberattack that targeted several high-profile organizations in the energy and food and beverage sectors in Asia.
Read More
Related rules
- Exploited CVE-2020-10189 Zoho ManageEngine
- Greenbug Espionage Group Indicators
- MERCURY APT Activity
- Operation Wocao Activity
- Operation Wocao Activity - Security