Skip to content

Hide Navigation Hide TOC

PUA - Restic Backup Tool Execution (6ddff2e8-ea1a-45d0-8938-93dfc1d67ae7)

Detects the execution of the Restic backup tool, which can be used for data exfiltration. Threat actors may leverage Restic to back up and exfiltrate sensitive data to remote storage locations, including cloud services. If not legitimately used in the enterprise environment, its presence may indicate malicious activity.

Cluster A Galaxy A Cluster B Galaxy B Level
PUA - Restic Backup Tool Execution (6ddff2e8-ea1a-45d0-8938-93dfc1d67ae7) Sigma-Rules Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 1
PUA - Restic Backup Tool Execution (6ddff2e8-ea1a-45d0-8938-93dfc1d67ae7) Sigma-Rules Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 1
Exfiltration Over Web Service - T1567 (40597f16-0963-4249-bf4c-ac93b7fb9807) Attack Pattern Exfiltration to Cloud Storage - T1567.002 (bf1b6176-597c-4600-bfcd-ac989670f96b) Attack Pattern 2