HackTool - SecurityXploded Execution

 1title: HackTool - SecurityXploded Execution
 2id: 7679d464-4f74-45e2-9e01-ac66c5eb041a
 3status: stable
 4description: Detects the execution of SecurityXploded Tools
 5references:
 6    - https://securityxploded.com/
 7    - https://web.archive.org/web/20200601000524/https://cyberx-labs.com/blog/gangnam-industrial-style-apt-campaign-targets-korean-industrial-companies/
 8author: Florian Roth (Nextron Systems)
 9date: 2018-12-19
10modified: 2023-02-04
11tags:
12    - attack.credential-access
13    - attack.t1555
14logsource:
15    category: process_creation
16    product: windows
17detection:
18    selection:
19        - Company: SecurityXploded
20        - Image|endswith: 'PasswordDump.exe'
21        - OriginalFileName|endswith: 'PasswordDump.exe'
22    condition: selection
23falsepositives:
24    - Unlikely
25level: critical

References

• SecurityXploded is an Infosec Research Organization offering 200+ FREE Security/Password Recovery Tools, latest Research Articles and FREE Training on Reversing/Malware Analysis

  
  Read More

• Gangnam Industrial Style: APT Campaign Targets Korean Industrial Companies - CyberX

  

  Section 52, CyberX’s threat intelligence team, has uncovered an ongoing industrial cyberespionage campaign targeting hundreds of manufacturing and other industrial firms primarily located in South Korea. The campaign steals passwords and documents which could be used in a number of ways, including stealing trade secrets and intellectual property, performing cyber reconnaissance for future attacks, and […]

  
  Read More

Related rules

• Dump Credentials from Windows Credential Manager With PowerShell
• Enumerate Credentials from Windows Credential Manager With PowerShell
• Suspicious Serv-U Process Pattern
• AADInternals PowerShell Cmdlets Execution - ProccessCreation
• AADInternals PowerShell Cmdlets Execution - PsScript