Suspicious GrpConv Execution (f14e169e-9978-4c69-acb3-1cff8200bc36)
Detects the suspicious execution of a utility to convert Windows 3.x .grp files or for persistence purposes by malicious software or actors
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) | Attack Pattern | Suspicious GrpConv Execution (f14e169e-9978-4c69-acb3-1cff8200bc36) | Sigma-Rules | 1 |