Techniques
Sample rules
DirLister Execution
- source: sigma
- technicques:
- t1083
Description
Detect the usage of “DirLister.exe” a utility for quickly listing folder or drive contents. It was seen used by BlackCat ransomware to create a list of accessible directories and files.
Detection logic
condition: selection
selection:
- OriginalFileName: DirLister.exe
- Image|endswith: \dirlister.exe