VsCode Code Tunnel Execution File Indicator

    Thursday, September 5, 2024 In: Threat Research Print

    Date: 09/05/2024

    Severity: Medium

    Summary

    "VsCode Code Tunnel Execution File Indicator" refers to a feature in Visual Studio Code (VSCode) that shows an indicator or status related to the execution of code tunnels. Code tunnels are used in VSCode's remote development setup, allowing developers to securely connect and work with code on remote machines. The execution file indicator helps users track and manage these connections by displaying relevant information or statuses about the code tunnel's activity or state, ensuring smooth remote development workflows.

    Indicators of Compromise (IOC) List

    TargetFilenam  e

    '\code_tunnel.json'

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    (Resourcename in ("Sysmon") AND eventtype = "1") AND targetfilename = "\code_tunnel.json"

    Detection Query 2

    (Technologygroup = "EDR" ) AND targetfilename = "\code_tunnel.json"

    Reference:

    https://github.com/SigmaHQ/sigma/blob/master/rules-threat-hunting/windows/file/file_event/file_event_win_vscode_tunnel_indicators.yml


    Tags

    SigmaMalware

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.