Emerging Threats
Actor2023, 2019
EquationGroup
3Rules
4References
2Folders
2023-06-01Latest
Summary
EquationGroup is tracked here as a threat actor, intrusion set, or campaign with 3 Sigma detections spanning 2023, 2019. Coverage centers on dns, proxy, windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
Potential Operation Triangulation C2 Beaconing Activity - DNS
Detects potential beaconing activity to domains used in 0day attacks on iOS devices and revealed by Kaspersky and the FSB
dns
TA0011 · Command and ControlG0020 · Equationdetection.emerging-threats
Florian Roth (Nextron Systems)Thu Jun 012023
Emerging Threathightest
Potential Operation Triangulation C2 Beaconing Activity - Proxy
Detects potential beaconing activity to domains used in 0day attacks on iOS devices and revealed by Kaspersky and the FSB
Proxy Log
TA0011 · Command and ControlG0020 · Equationdetection.emerging-threats
Florian Roth (Nextron Systems)Thu Jun 012023
Emerging Threatcriticalstable
Equation Group DLL_U Export Function Load
Detects a specific export function name used by one of EquationGroup tools
WindowsProcess Creation
G0020 · EquationTA0005 · StealthT1218.011 · Rundll32detection.emerging-threats
Florian Roth (Nextron Systems)Mon Mar 042019
References