Adwind RAT / JRAT File Artifact (0bcfabcb-7929-47f4-93d6-b33fb67d34d1)

Detects javaw.exe in AppData folder as used by Adwind / JRAT

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Adwind RAT / JRAT File Artifact (0bcfabcb-7929-47f4-93d6-b33fb67d34d1)	Sigma-Rules	JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	1
Adwind RAT / JRAT File Artifact (0bcfabcb-7929-47f4-93d6-b33fb67d34d1)	Sigma-Rules	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2