Rule Library

Sigma Rules

2 rules found for "AdmU3"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Compressed File Creation Via Tar.EXE

Detects execution of "tar.exe" in order to create a compressed file. Adversaries may abuse various utilities to compress or encrypt data before exfiltration.

WindowsProcess Creation

TA0009 · CollectionTA0010 · ExfiltrationT1560 · Archive Collected DataT1560.001 · Archive via Utility

Nasreddine Bencherchali (Nextron Systems)+1Tue Dec 19windows

Detectionlowtest

Compressed File Extraction Via Tar.EXE

Detects execution of "tar.exe" in order to extract compressed file. Adversaries may abuse various utilities in order to decompress data to avoid detection.

WindowsProcess Creation

TA0009 · CollectionTA0010 · ExfiltrationT1560 · Archive Collected DataT1560.001 · Archive via Utility

AdmU3Tue Dec 19windows