Find sigma rule

Attack: Automated Exfiltration

Adversaries may exfiltrate data, such as sensitive documents, through the use of automated processing after being gathered during Collection.(Citation: ESET Gamaredon June 2020)

When automated exfiltration is used, other exfiltration techniques likely apply as well to transfer the information out of the network, such as Exfiltration Over C2 Channel and Exfiltration Over Alternative Protocol.

MITRE

Tactic

exfiltration

technique

T1020

Test : Exfiltration via Encrypted FTP

OS

windows

Description:

Simulates encrypted file transfer to an FTP server. For testing purposes, a free FTP testing portal is available at https://sftpcloud.io/tools/free-ftp-server, providing a temporary FTP server for 60 minutes. Use this service responsibly for testing and validation only.

Executor

powershell

Sigma Rule

back

sigma_redcanaryco

Knowing which rule should trigger according to the redcannary test