Techniques
Sample rules
DD File Overwrite
- source: sigma
- technicques:
- t1485
Description
Detects potential overwriting and deletion of a file using DD.
Detection logic
condition: all of selection*
selection1:
Image:
- /bin/dd
- /usr/bin/dd
selection2:
CommandLine|contains: of=
selection3:
CommandLine|contains:
- if=/dev/zero
- if=/dev/null