Space After Filename

Jun 4, 2025 · attack.execution attack.t1059 ·

Detects space after filename

Sigma rule (View on GitHub)

 1title: Space After Filename
 2id: 879c3015-c88b-4782-93d7-07adf92dbcb7
 3status: test
 4description: Detects space after filename
 5author: Ömer Günal
 6date: 2020-06-17
 7modified: 2021-11-27
 8tags:
 9    - attack.execution
10    - attack.t1059
11logsource:
12    product: linux
13detection:
14    selection1:
15        - 'echo "*" > * && chmod +x *'
16    selection2:
17        - 'mv * "* "'
18    condition: all of selection*
19falsepositives:
20    - Typos
21level: low

Related rules

Outlook EnableUnsafeClientMailRules Setting Enabled
Suspicious Remote Child Process From Outlook
Hacktool Ruler
DarkGate - Drop DarkGate Loader In C:\Temp Directory
Conhost Spawned By Uncommon Parent Process