Techniques
Sample rules
Finger.exe Suspicious Invocation
- source: sigma
- technicques:
- t1105
Description
Detects suspicious aged finger.exe tool execution often used in malware attacks nowadays
Detection logic
condition: selection
selection:
- OriginalFileName: finger.exe
- Image|endswith: \finger.exe