You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently there has been surge in the activities of Rhysida Ransomware group and also it has been observed targeting large industries observing it's past attack and also with recent attacks on Insomniac Games, analyzing the sample there seems to be common pattern where it modifies registry settings for desktop wallpaper and at last uses powershell command to delete itself, therefore this rule has been created observing that pattern
Description of the Idea of the Rule
Recently there has been surge in the activities of Rhysida Ransomware group and also it has been observed targeting large industries observing it's past attack and also with recent attacks on Insomniac Games, analyzing the sample there seems to be common pattern where it modifies registry settings for desktop wallpaper and at last uses powershell command to delete itself, therefore this rule has been created observing that pattern
Public References / Exampel Event Log
https://www.sentinelone.com/anthology/rhysida/
https://app.any.run/tasks/0654a60b-df51-45d3-a297-916af05920b7/
https://app.any.run/tasks/74c6bd6a-d12a-4515-8c39-8024b3f8d0b2/
The text was updated successfully, but these errors were encountered: