Rule Library
Sigma Rules
5 rules found for "Lace-Tempest"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest
Lace Tempest File Indicators
Detects PowerShell script file creation with specific names or suffixes which was seen being used often in PowerShell scripts by FIN7
WindowsFile Event
Nasreddine Bencherchali (Nextron Systems)Thu Nov 092023
Emerging Threathightest
Lace Tempest PowerShell Evidence Eraser
Detects a PowerShell script used by Lace Tempest APT to erase evidence from victim servers by exploiting CVE-2023-47246 as reported by SysAid Team
WindowsPowerShell Script
Nasreddine Bencherchali (Nextron Systems)Thu Nov 092023
Emerging Threathightest
Lace Tempest PowerShell Launcher
Detects a PowerShell script used by Lace Tempest APT to launch their malware loader by exploiting CVE-2023-47246 as reported by SysAid Team
WindowsPowerShell Script
Nasreddine Bencherchali (Nextron Systems)Thu Nov 092023
Emerging Threathightest
Lace Tempest Cobalt Strike Download
Detects specific command line execution used by Lace Tempest to download Cobalt Strike as reported by SysAid Team
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)Thu Nov 092023
Emerging Threathightest
Lace Tempest Malware Loader Execution
Detects execution of a specific binary based on filename and hash used by Lace Tempest to load additional malware as reported by SysAid Team
WindowsProcess Creation
Nasreddine Bencherchali (Nextron Systems)Thu Nov 092023