Skip to content

Hide Navigation Hide TOC

Files Added To An Archive Using Rar.EXE (6f3e2987-db24-4c78-a860-b4f4095a7095)

Detects usage of "rar" to add files to an archive for potential compression. An adversary may compress data (e.g. sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network.

Cluster A Galaxy A Cluster B Galaxy B Level
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Files Added To An Archive Using Rar.EXE (6f3e2987-db24-4c78-a860-b4f4095a7095) Sigma-Rules 1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2