Techniques
Sample rules
Potentially Suspicious File Download From ZIP TLD
- source: sigma
- technicques:
Description
Detects the download of a file with a potentially suspicious extension from a .zip top level domain.
Detection logic
condition: selection
selection:
Contents|contains: .zip/
TargetFilename|contains:
- .bat:Zone
- .dat:Zone
- .dll:Zone
- .doc:Zone
- .docm:Zone
- .exe:Zone
- .hta:Zone
- .pptm:Zone
- .ps1:Zone
- .rar:Zone
- .rtf:Zone
- .sct:Zone
- .vbe:Zone
- .vbs:Zone
- .ws:Zone
- .wsf:Zone
- .xll:Zone
- .xls:Zone
- .xlsm:Zone
- .zip:Zone