PUA - Potential PE Metadata Tamper Using Rcedit (0c92f2e6-f08f-4b73-9216-ecb0ca634689)

Detects the use of rcedit to potentially alter executable PE metadata properties, which could conceal efforts to rename system utilities for defense evasion.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	PUA - Potential PE Metadata Tamper Using Rcedit (0c92f2e6-f08f-4b73-9216-ecb0ca634689)	Sigma-Rules	1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	PUA - Potential PE Metadata Tamper Using Rcedit (0c92f2e6-f08f-4b73-9216-ecb0ca634689)	Sigma-Rules	1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	PUA - Potential PE Metadata Tamper Using Rcedit (0c92f2e6-f08f-4b73-9216-ecb0ca634689)	Sigma-Rules	1
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	PUA - Potential PE Metadata Tamper Using Rcedit (0c92f2e6-f08f-4b73-9216-ecb0ca634689)	Sigma-Rules	1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2
Indicator Removal from Tools - T1027.005 (b0533c6e-8fea-4788-874f-b799cacc4b92)	Attack Pattern	Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	2