Sodinokibi

Nov 2, 2022 ·

Sodinokibi random extension key

Sigma rule (View on GitHub)

 1title: Sodinokibi
 2status: experimental
 3description: Sodinokibi random extension key
 4author: Joe Security
 5date: 2022-11-02
 6id: 200107
 7threatname: Sodinokibi
 8behaviorgroup: 15
 9classification: 0
10mitreattack:
11
12logsource:
13    product: windows
14    category: registry_event
15detection:
16    selection:
17        EventID: 13
18        TargetObject:
19            - '*recfg*rnd_ext*'
20    condition: selection
21level: critical