Techniques
Sample rules
Potential Binary Proxy Execution Via Cdb.EXE
- source: sigma
- technicques:
- t1106
- t1127
- t1218
Description
Detects usage of “cdb.exe” to launch arbitrary processes or commands from a debugger script file
Detection logic
condition: all of selection*
selection_cli:
CommandLine|contains:
- ' -c '
- ' -cf '
selection_img:
- Image|endswith: \cdb.exe
- OriginalFileName: CDB.Exe