ioc[.]one - OSINT Cyber Threat Intelligence Database

Detection Engineering with SIGMA: Defend against APT targeting Japan

Show in Graph

Common Information

Type	Value
UUID	6d72b810-08e6-474d-9a20-dc4671282119
Fingerprint	e2fbcf4a1e1ede9f2d48ea14787bfbdd3c2cd487ca3a6f318754328097d533d0
Analysis status	DONE
Considered CTI value	1
Text language
Published	Jan. 24, 2023, 10:27 a.m.
Added to db	March 12, 2024, 8:12 p.m.
Last updated	Aug. 31, 2024, 5:24 a.m.
Headline	Detection Engineering with SIGMA: Defend against APT targeting Japan
Title	Detection Engineering with SIGMA: Defend against APT targeting Japan
Detected Hints/Tags/Attributes	49/2/110

Source URLs

	Redirection	Url
Details	Source	https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_workshop_sigma_jp.pdf

URL Provider

Details	Provider	Source level domain
Details	jpcert.or.jp	jsac.jpcert.or.jp

Attributes

Details	Type	#Events	Value
Details	Domain	11	detect-respond.blogspot.com
Details	Domain	3	support.virustotal.com
Details	Domain	4127	github.com
Details	Domain	7	7-zip.org
Details	Domain	1	sigmahq.github.io
Details	Domain	18	uncoder.io
Details	Domain	5	marketplace.visualstudio.com
Details	Domain	8	ericzimmerman.github.io
Details	Domain	8	index.md
Details	Domain	1	pc-windows-msvc.zip
Details	Domain	1	usage.md
Details	Domain	46	jsac.jpcert.or.jp
Details	Domain	403	securelist.com
Details	Domain	262	www.welivesecurity.com
Details	Domain	3	security.macnica.co.jp
Details	Domain	20	insight-jp.nttsecurity.com
Details	Domain	26	www.jpcert.or.jp
Details	Domain	71	blogs.jpcert.or.jp
Details	Domain	21	jfrog.com
Details	File	1	pain.html
Details	File	2125	cmd.exe
Details	File	3	ll.exe
Details	File	1208	powershell.exe
Details	File	1122	svchost.exe
Details	File	7	example.exe
Details	File	226	certutil.exe
Details	File	1	7z1604-x64.exe
Details	File	7	7zip.exe
Details	File	1018	rundll32.exe
Details	File	1	sigma_specification.html
Details	File	1	test_rules.py
Details	File	1	sysmonconfig-trace.xml
Details	File	1	mon-cheatsheet.pdf
Details	File	3	evtxecmd.exe
Details	File	1	下記からchainsaw_x86_64-pc-windows-msvc.zip
Details	File	2	7.7z
Details	File	1	zircolite_win10.exe
Details	File	1	をzircolite.exe
Details	File	1	rules_linux_original.json
Details	File	5	syslog.log
Details	File	4	jsac2022_8_hara_en.pdf
Details	File	1	01_blacktech_lamice.csv
Details	File	1	explorerを開きを01_blacktech_lamice.csv
Details	File	11	k7sysmn1.dll
Details	File	10	k7sysmon.exe
Details	File	3	iso.html
Details	File	1	ir_report2022q2.pdf
Details	File	7	dump.bin
Details	File	1	job_description.pdf
Details	File	54	install.exe
Details	File	4	responsor.dat
Details	File	3	setlang.exe
Details	File	3	setlangloc.dat
Details	File	4	rescure.dat
Details	File	3	rescure86.dat
Details	File	3	rescure64.dat
Details	File	2	sspisrvui.dat
Details	File	3	setlangloc.dll
Details	File	1	bigip-exploit.html
Details	Github username	27	sigmahq
Details	Github username	19	the-dfir-report
Details	Github username	1	joesecurity
Details	Github username	1	mbabinski
Details	Github username	2	mdecrevoisier
Details	Github username	4	blacklanternsecurity
Details	Github username	7	withsecurelabs
Details	Github username	2	wagga40
Details	Github username	2	yamato-security
Details	Github username	35	neo23x0
Details	Github username	1	sysinternals
Details	Github username	1	olafharton
Details	Threat Actor Identifier - APT	278	APT10
Details	Url	1	http://detect-respond.blogspot.com/2013/03/the-pyramid-of-
Details	Url	1	https://support.virustotal.com/hc/en-us/articles/360015738658-sigma-rules
Details	Url	1	https://github.com/sigmahq/sigma/issues/3749
Details	Url	1	http://7-zip.org/a/7z1604-x64.exe
Details	Url	1	https://github.com/sigmahq/sigma/blob/master/rules/window
Details	Url	1	https://sigmahq.github.io/sigma-specification/sigma_specification.html
Details	Url	1	https://github.com/sigmahq/sigma/tree/master/rules
Details	Url	1	https://github.com/the-dfir-report/sigma-rules
Details	Url	1	https://github.com/joesecurity/sigma-rules
Details	Url	1	https://github.com/mbabinski/sigma-rules
Details	Url	1	https://github.com/mdecrevoisier/sigma-detection-rules
Details	Url	1	https://github.com/blacklanternsecurity/sigma-rules
Details	Url	1	https://github.com/withsecurelabs/lazarus-sigma-rules
Details	Url	1	https://github.com/sigmahq/sigma/blob/master/.github/workflows/sigma-test.yml
Details	Url	1	https://github.com/sigmahq/sigma/blob/master/tests/test_rules.py
Details	Url	1	https://github.com/withsecurelabs/chainsaw
Details	Url	2	https://github.com/wagga40/zircolite
Details	Url	2	https://github.com/yamato-security/hayabusa
Details	Url	4	https://uncoder.io
Details	Url	1	https://marketplace.visualstudio.com/items?itemname=humpal
Details	Url	1	https://github.com/neo23x0/sysmon-config/blob/master/sysmonconfig-trace.xml
Details	Url	1	https://github.com/sysinternals
Details	Url	1	https://github.com/olafharton
Details	Url	7	https://ericzimmerman.github.io/#!index.md
Details	Url	1	https://github.com/withsecurelabs/chainsaw/releases/tag/v2.3.1
Details	Url	1	https://github.com/wagga40/zircolite/releases/tag/2.9.7
Details	Url	1	https://github.com/wagga40/zircolite/blob/master/docs/usage.md#generate
Details	Url	4	https://jsac.jpcert.or.jp/archive/2022/pdf/jsac2022_8_hara_en.pdf
Details	Url	4	https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742
Details	Url	3	https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-ii/107745
Details	Url	2	https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-
Details	Url	3	https://security.macnica.co.jp/blog/2022/05/iso.html
Details	Url	4	https://insight-jp.nttsecurity.com/post/102ho8o/operation-restylink
Details	Url	1	https://www.jpcert.or.jp/pr/2022/ir_report2022q2.pdf
Details	Url	2	https://securelist.com/bluenoroff-methods-bypass-motw/108383
Details	Url	2	https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity
Details	Url	1	https://blogs.jpcert.or.jp/ja/2022/09/bigip-exploit.html
Details	Url	1	https://jfrog.com/blog/jfrog-discloses-3-remote-access-trojans-in-pypi