Suspicious Appended Extension (e3f673b3-65d1-4d80-9146-466f8b63fa99)
Detects file renames where the target filename uses an uncommon double extension. Could indicate potential ransomware activity renaming files and adding a custom extension to the encrypted files, such as ".jpg.crypted", ".docx.locky", etc.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) | Attack Pattern | Suspicious Appended Extension (e3f673b3-65d1-4d80-9146-466f8b63fa99) | Sigma-Rules | 1 |