Large Number Of Files Deleted From Popular Known Folders

Rule Info

Name
Large Number Of Files Deleted From Popular Known Folders
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects deletion of a large number of files from popular known folders (i.e. Desktop, Documents, Downloads, Music, Pictures, Videos, etc.). Occurrence of such an event from an uncommon application can be a sign of ransomware
Reference
Internal Research
Date
2024-01-30 00:00:00
Modified
None
Id
8c106246-325e-4412-a90d-b883fd80e0b0
Tags
attack.defense_evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022