Hidden Executable In NTFS Alternate Data Stream (b69888d4-380c-45ce-9cf9-d9ce46e67821)

Detects the creation of an ADS (Alternate Data Stream) that contains an executable by looking at a non-empty Imphash

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Hidden Executable In NTFS Alternate Data Stream (b69888d4-380c-45ce-9cf9-d9ce46e67821)	Sigma-Rules	NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	1
NTFS File Attributes - T1564.004 (f2857333-11d4-45bf-b064-2c28d8525be5)	Attack Pattern	Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8)	Attack Pattern	2