Rule Library

Sigma Rules

3 rules found for "Aaron Greetham - NCC Group"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

DNS Query To MEGA Hosting Website

Detects DNS queries for subdomains related to MEGA sharing website

WindowsDNS Query

TA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage

Aaron Greetham - NCC GroupWed May 26windows

Detectionmediumtest

Rclone Config File Creation

Detects Rclone config files being created

WindowsFile Event

TA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage

Aaron Greetham - NCC GroupWed May 26windows

Detectionhightest

PUA - Rclone Execution

Detects execution of RClone utility for exfiltration as used by various ransomwares strains like REvil, Conti, FiveHands, etc

WindowsProcess Creation

TA0010 · ExfiltrationT1567.002 · Exfiltration to Cloud Storage

Bhabesh Raj+2Mon May 10windows