Rule Library
Sigma Rules
3 rules found for "Aaron Greetham - NCC Group"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
DNS Query To MEGA Hosting Website
Detects DNS queries for subdomains related to MEGA sharing website
WindowsDNS Query
TA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage
Aaron Greetham - NCC GroupWed May 26windows
Detectionmediumtest
Rclone Config File Creation
Detects Rclone config files being created
WindowsFile Event
TA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage
Aaron Greetham - NCC GroupWed May 26windows
Detectionhightest
PUA - Rclone Execution
Detects execution of RClone utility for exfiltration as used by various ransomwares strains like REvil, Conti, FiveHands, etc
WindowsProcess Creation
TA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage
Bhabesh Raj+2Mon May 10windows