Techniques
Sample rules
Suspicious Binaries and Scripts in Public Folder
- source: sigma
- technicques:
- t1204
Description
Detects the creation of a file with a suspicious extension in the public folder, which could indicate potential malicious activity.
Detection logic
condition: selection
selection:
TargetFilename|contains: :\Users\Public\
TargetFilename|endswith:
- .bat
- .dll
- .exe
- .hta
- .js
- .ps1
- .vbe
- .vbs