Techniques
Sample rules
Raw Paste Service Access
- source: sigma
- technicques:
- t1071
- t1071.001
- t1102
- t1102.001
- t1102.003
Description
Detects direct access to raw pastes in different paste services often used by malware in their second stages to download malicious code in encrypted or encoded form
Detection logic
condition: selection
selection:
c-uri|contains:
- .paste.ee/r/
- .pastebin.com/raw/
- .hastebin.com/raw/
- .ghostbin.co/paste/*/raw/
- pastetext.net/
- pastebin.pl/
- paste.ee/