Maxime Thiebaut 0xThiebaut

## sodinokibi_ransomware_registry_key.yml
title: Sodinokibi Ransomware Registry Key
id: 9fecd354-77f0-498e-a611-c963970e7bca
description: Detects the creation of Sodinokibi (aka REvil) registry keys
status: experimental
references:
    - https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
    - https://twitter.com/malwrhunterteam/status/1372648463553462279
tags:
    - attack.persistence
    - attack.t1547.001
	title: Sodinokibi Ransomware Registry Key
	id: 9fecd354-77f0-498e-a611-c963970e7bca
	description: Detects the creation of Sodinokibi (aka REvil) registry keys
	status: experimental
	references:
	- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
	- https://twitter.com/malwrhunterteam/status/1372648463553462279
	tags:
	- attack.persistence
	- attack.t1547.001