1 rule found for "yxinmiracle"
Detects execution of the Grixba reconnaissance tool based on suspicious command-line parameter combinations. This tool is used by the Play ransomware group for network enumeration, data gathering, and event log clearing.