Skip to content

<<< Hide Navigation Hide TOC >>>

Renamed Gpg.EXE Execution (ec0722a3-eb5c-4a56-8ab2-bf6f20708592)

Detects the execution of a renamed "gpg.exe". Often used by ransomware and loaders to decrypt/encrypt data.

Galaxy ColorsAttack Pat...Sigma-Rule...
Rows: 1
Loading extensions...
Collapse filters
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Cluster A Galaxy A Cluster B Galaxy B Level
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Renamed Gpg.EXE Execution (ec0722a3-eb5c-4a56-8ab2-bf6f20708592) Sigma-Rules 1