Techniques
Sample rules
Creation of a Diagcab
- source: sigma
- technicques:
Description
Detects the creation of diagcab file, which could be caused by some legitimate installer or is a sign of exploitation (review the filename and its location)
Detection logic
condition: selection
selection:
TargetFilename|endswith: .diagcab