Skip to content

Hide Navigation Hide TOC

Files Added To An Archive Using Rar.EXE (6f3e2987-db24-4c78-a860-b4f4095a7095)

Detects usage of "rar" to add files to an archive for potential compression. An adversary may compress data (e.g. sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network.

Cluster A Galaxy A Cluster B Galaxy B Level
Files Added To An Archive Using Rar.EXE (6f3e2987-db24-4c78-a860-b4f4095a7095) Sigma-Rules Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 1
Archive Collected Data - T1560 (53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a) Attack Pattern Archive via Utility - T1560.001 (00f90846-cbd1-4fc5-9233-df5c2bf2a662) Attack Pattern 2