CodePage Modification Via MODE.COM To Russian Language (12fbff88-16b5-4b42-9754-cd001a789fb3)
Detects a CodePage modification using the "mode.com" utility to Russian language. This behavior has been used by threat actors behind Dharma ransomware.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) | Attack Pattern | CodePage Modification Via MODE.COM To Russian Language (12fbff88-16b5-4b42-9754-cd001a789fb3) | Sigma-Rules | 1 |