Emerging Threats
Actor2023
Cozy Bear
3Rules
1References
1Folders
2023-12-18Latest
Summary
Cozy Bear is tracked here as a threat actor, intrusion set, or campaign with 3 Sigma detections spanning 2023. Coverage centers on windows / image_load, windows / security, windows / taskscheduler.
Related Detections
Search this threatEmerging Threatmediumtest
DLL Names Used By SVR For GraphicalProton Backdoor
Hunts known SVR-specific DLL names.
WindowsImage Load (DLL)
TA0005 · StealthTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL+1
CISAMon Dec 182023
Emerging Threathightest
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor
Hunts for known SVR-specific scheduled task names
Windowssecurity
TA0003 · Persistencedetection.emerging-threats
CISAMon Dec 182023
Emerging Threathightest
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - Task Scheduler
Hunts for known SVR-specific scheduled task names
Windowstaskscheduler
TA0003 · Persistencedetection.emerging-threats
CISAMon Dec 182023
References