Product: Solaris
Use-Case: Ransomware
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 3 | 0 | 12 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| process-created | T1059 - Command and Scripting Interperter ↳ A-WannaCry: Artifacts seen by WannaCry malware have been observed on this asset T1059.003 - T1059.003 ↳ A-WannaCry: Artifacts seen by WannaCry malware have been observed on this asset T1222 - File and Directory Permissions Modification ↳ A-WannaCry: Artifacts seen by WannaCry malware have been observed on this asset T1222.001 - File and Directory Permissions Modification: Windows File and Directory Permissions Modification ↳ A-WannaCry: Artifacts seen by WannaCry malware have been observed on this asset T1486 - Data Encrypted for Impact ↳ A-WannaCry: Artifacts seen by WannaCry malware have been observed on this asset T1490 - Inhibit System Recovery ↳ A-WannaCry: Artifacts seen by WannaCry malware have been observed on this asset T1070 - Indicator Removal on Host ↳ NotPetya-Activity: NotPetya Ransomware Activity detected on this asset ↳ A-Fsutil-Sus-Invocation: Suspicious parameters of fsutil were detected on this asset. T1003 - OS Credential Dumping ↳ NotPetya-Activity: NotPetya Ransomware Activity detected on this asset T1003.001 - T1003.001 ↳ NotPetya-Activity: NotPetya Ransomware Activity detected on this asset T1070.001 - Indicator Removal on Host: Clear Windows Event Logs ↳ NotPetya-Activity: NotPetya Ransomware Activity detected on this asset T1218 - Signed Binary Proxy Execution ↳ NotPetya-Activity: NotPetya Ransomware Activity detected on this asset T1218.011 - Signed Binary Proxy Execution: Rundll32 ↳ NotPetya-Activity: NotPetya Ransomware Activity detected on this asset |