Rule Info
Name
Casing_Anomaly_LocalTemp
Author
Florian Roth
Description
Detects Local Temp with a suspicious casing
Score
65
Reference
Internal Research
Date
2019-10-02
Modified
2022-06-09
Minimum Yara
1.7
Rule Hash
9374def176101dd0caa3d2d70a28d266
Tags
['CASING', 'ANOMALY', 'T1027', 'SCRIPT', 'SUSP']
Required Modules
[]
Virustotal Matches
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
20
Suspicious (< 10 engines)
16
Clean (0 engines)
2
Rule Matches
Timestamp
Positives
Total
Hash
VT