Potential Winnti Dropper Activity (130c9e58-28ac-4f83-8574-0a4cc913b97e)
Detects files dropped by Winnti as described in RedMimicry Winnti playbook
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) | Attack Pattern | Potential Winnti Dropper Activity (130c9e58-28ac-4f83-8574-0a4cc913b97e) | Sigma-Rules | 1 |