Ryuk Test Files Detected

Description

The search looks for files that contain the key word Ryuk under any folder in the C drive, which is consistent with Ryuk propagation.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

The search looks for files that contain the key word *Ryuk* under any folder in the C drive, which is consistent with Ryuk propagation.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Impact

MITRE ATT&CK Techniques

Data Encrypted for Impact

Data Encrypted for Impact

MITRE Threat Groups

APT38
APT41
TA505

Data Sources


   Help

Ryuk Test Files Detected Help

You must be ingesting data that records the filesystem activity from your hosts to populate the Endpoint Filesystem data-model object. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.

   Search

Open in Search