sigmaDRL-1.1from SigmaHQ/sigma
Suspicious Double Extension File Execution
Detects suspicious use of an .exe extension after a non-executable file extension like .pdf.exe, a set of spaces or underlines to cloak the executable file in spear phishing campaigns
Quality
100
FP risk
—
Forks
0
Views
0
ATT&CK techniques
Rule source🔒 locked
🔒
Sign in to view the rule source
Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.
Sign in →