capa-rules icon indicating copy to clipboard operation
capa-rules copied to clipboard

Published 20 hours ago verified publisher icon mandiant

communicate via Twitter

Open Ana06 opened this issue 3 years ago • 0 comments

Rule name

communicate via Twitter

Summary

Use legitimate Twitter service or web site as part of the binary's command and control (C2) communications.

Possible test samples

Publicly available samples that may contain the capability this rule should detect (MD5 hashes):

  • 32bb43f8847ecf158c1e96891ed9a28c
  • d1ce79089578da2d41f1ad901f7b1014

References

Links or references to additional information on the capability (can also be included in the rule):

  • https://attack.mitre.org/techniques/T1102/

Namespace

Proposed namespace: communication/web-service. More details in https://github.com/fireeye/capa-rules/blob/master/doc/format.md#rule-namespace

att&ck

aka.mitre.att&ck.t1102

Ana06 avatar Apr 19 '21 11:04 Ana06