Suspicious Greedy Compression Using Rar.EXE (afe52666-401e-4a02-b4ff-5d128990b8cb)
Detects RAR usage that creates an archive from a suspicious folder, either a system folder or one of the folders often used by attackers for staging purposes
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Greedy Compression Using Rar.EXE (afe52666-401e-4a02-b4ff-5d128990b8cb) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |