Space After Filename

Oct 25, 2022 · attack.execution ·

Detects space after filename

Sigma rule (View on GitHub)

 1title: Space After Filename
 2id: 879c3015-c88b-4782-93d7-07adf92dbcb7
 3status: test
 4description: Detects space after filename
 5references:
 6    - https://attack.mitre.org/techniques/T1064
 7author: Ömer Günal
 8date: 2020/06/17
 9modified: 2021/11/27
10tags:
11    - attack.execution
12logsource:
13    product: linux
14detection:
15    selection1:
16        - 'echo "*" > * && chmod +x *'
17    selection2:
18        - 'mv * "* "'
19    condition: all of selection*
20falsepositives:
21    - Typos
22level: low

References

Scripting, Technique T1064 - Enterprise | MITRE ATT&CK®

© 2015 - 2024, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

Read More

Related rules

PCRE.NET Package Temp Files
Abuse of the Windows Server Update Services (WSUS) for lateral movement.
FakeUpdates/SocGholish Malware Detection
Scheduled task executing powershell encoded payload from registry
ms-msdt for RCE CVE-2022-30190

Space After Filename

Sigma rule (View on GitHub)

References

Scripting, Technique T1064 - Enterprise | MITRE ATT&CK®

Related rules