Skip to content

Hide Navigation Hide TOC

PUA - TruffleHog Execution (44030449-b0df-4c94-aae1-502359ab28ee)

Detects execution of TruffleHog, a tool used to search for secrets in different platforms like Git, Jira, Slack, SharePoint, etc. that could be used maliciously. While it is a legitimate tool, intended for use in CI pipelines and security assessments, It was observed in the Shai-Hulud malware campaign targeting npm packages to steal sensitive information.

Cluster A Galaxy A Cluster B Galaxy B Level
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern PUA - TruffleHog Execution (44030449-b0df-4c94-aae1-502359ab28ee) Sigma-Rules 1
PUA - TruffleHog Execution (44030449-b0df-4c94-aae1-502359ab28ee) Sigma-Rules File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Credentials In Files - T1552.001 (837f9164-50af-4ac0-8219-379d8a74cefc) Attack Pattern Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern 2