Skip to content

Hide Navigation Hide TOC

Rar Usage with Password and Compression Level (faa48cae-6b25-4f00-a094-08947fef582f)

Detects the use of rar.exe, on the command line, to create an archive with password protection or with a specific compression level. This is pretty indicative of malicious actions.

Cluster A Galaxy A Cluster B Galaxy B Level
Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern Rar Usage with Password and Compression Level (faa48cae-6b25-4f00-a094-08947fef582f) Sigma-Rules 1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2