Phoenix
Sigma IntelligenceBeta
Emerging Threats
Actor2023

Diamond Sleet

6Rules
1References
1Folders
2023-10-24Latest
Summary

Diamond Sleet is tracked here as a threat actor, intrusion set, or campaign with 6 Sigma detections spanning 2023. Coverage centers on windows / dns_query, windows / file_event, windows / image_load +3.

Related Detections
Search this threat
Emerging Threathightest

Diamond Sleet APT DLL Sideloading Indicators

Detects DLL sideloading activity seen used by Diamond Sleet APT

WindowsImage Load (DLL)
TA0005 · StealthTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL+1
Nasreddine Bencherchali (Nextron Systems)Tue Oct 242023
Emerging Threathightest

Diamond Sleet APT DNS Communication Indicators

Detects DNS queries related to Diamond Sleet APT activity

WindowsDNS Query
TA0011 · Command and Controldetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Tue Oct 242023
Emerging Threathightest

Diamond Sleet APT File Creation Indicators

Detects file creation activity that is related to Diamond Sleet APT activity

WindowsFile Event
TA0002 · Executiondetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Tue Oct 242023
Emerging Threathightest

Diamond Sleet APT Process Activity Indicators

Detects process creation activity indicators related to Diamond Sleet APT

WindowsProcess Creation
TA0002 · Executiondetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Tue Oct 242023
Emerging Threatcriticaltest

Diamond Sleet APT Scheduled Task Creation

Detects registry event related to the creation of a scheduled task used by Diamond Sleet APT during exploitation of Team City CVE-2023-42793 vulnerability

Windowssecurity
TA0002 · ExecutionTA0004 · Privilege EscalationTA0003 · PersistenceT1053.005 · Scheduled Task+1
Nasreddine Bencherchali (Nextron Systems)Tue Oct 242023
Emerging Threathightest

Diamond Sleet APT Scheduled Task Creation - Registry

Detects registry event related to the creation of a scheduled task used by Diamond Sleet APT during exploitation of Team City CVE-2023-42793 vulnerability

WindowsRegistry Event
TA0005 · StealthT1685 · Disable or Modify Toolsdetection.emerging-threats
Nasreddine Bencherchali (Nextron Systems)Tue Oct 242023
References
1
Resolving title…
microsoft.com