Skip to content

Hide Navigation Hide TOC

Potential Ransomware Activity Using LegalNotice Message (8b9606c9-28be-4a38-b146-0e313cc232c1)

Detect changes to the "LegalNoticeCaption" or "LegalNoticeText" registry values where the message set contains keywords often used in ransomware ransom messages

Cluster A Galaxy A Cluster B Galaxy B Level
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Potential Ransomware Activity Using LegalNotice Message (8b9606c9-28be-4a38-b146-0e313cc232c1) Sigma-Rules 1
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2