Tap Driver Installation

calendar Apr 21, 2023 · attack.exfiltration attack.t1048  ·
Share on: linkedin copy

Well-known TAP software installation. Possible preparation for data exfiltration using tunnelling techniques

Sigma rule (View on GitHub)

 1title: Tap Driver Installation
 2id: 8bd47424-53e9-41ea-8a6a-a1f97b1bb0eb
 3related:
 4    - id: 8e4cf0e5-aa5d-4dc3-beff-dc26917744a9
 5      type: derived
 6description: Well-known TAP software installation. Possible preparation for data exfiltration using tunnelling techniques
 7status: unsupported
 8author: Daniil Yugoslavskiy, Ian Davis, oscd.community
 9date: 2019/10/24
10modified: 2021/09/21
11tags:
12    - attack.exfiltration
13    - attack.t1048
14logsource:
15    product: windows
16    category: driver_load
17detection:
18    selection:
19        ImagePath|contains: 'tap0901'
20    condition: selection
21falsepositives:
22    - Legitimate OpenVPN TAP insntallation
23level: medium

Related rules

to-top