RA2009: Scan With Iocs And Rules

Summary

ID	RA2009
Brief Description	Scan with IOCs, rules and signatures
Author	@ERMACK_COMMUNITY
Creation Date	2023/03/13
References	https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-2-WindowsIntrusion.pdfs
Response Stage	Identification

Description

Anti-virus/Yara analysis/Sigma: - Mount the evidence in a read-only mode. Run Anti-virus scan or multiple Yara files for a quick-win detection. - Please note that unknown malware may be not detected.