valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update and rename win_renamed_meg.yml to win_renamed_megasync.yml

Browse Source
This commit is contained in:
Sittikorn S 2021-06-23 09:24:42 +07:00 committed by GitHub
parent 16bafc835a
commit c0724e533f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/process_creation/win_renamed_meg.yml → rules/windows/process_creation/win_renamed_megasync.yml
View File

@ -1,7 +1,7 @@
title: Renamed MegaSync
id: 643bdcac-8b82-49f4-9fd9-25a90b929f3b
status: experimental
description: Detects the execution of a renamed meg.exe (MegaSync) during incident response engagements associated with ransomware families like Nefilim, Sodinokibi, Pysa, and Conti.
description: Detects the execution of a renamed meg.exe of MegaSync during incident response engagements associated with ransomware families like Nefilim, Sodinokibi, Pysa, and Conti.
references:
- https://redcanary.com/blog/rclone-mega-extortion/
author: Sittikorn S