Techniques
Sample rules
Raccine Uninstall
- source: sigma
- technicques:
- t1562
- t1562.001
Description
Detects commands that indicate a Raccine removal from an end system. Raccine is a free ransomware protection tool.
Detection logic
condition: 1 of selection*
selection1:
CommandLine|contains|all:
- 'taskkill '
- RaccineSettings.exe
selection2:
CommandLine|contains|all:
- reg.exe
- delete
- Raccine Tray
selection3:
CommandLine|contains|all:
- schtasks
- /DELETE
- Raccine Rules Updater