![Back to home Valhalla Logo](/static/valhalla-logo.png)
Rule Info
Name
Suspicious External WebDAV Execution
Author
Ahmed Farouk
Description
Detects executables launched from external WebDAV shares using the WebDAV Explorer integration, commonly seen in initial access campaigns.
Reference
Date
2024-05-10 00:00:00
Modified
None
Id
1ae64f96-72b6-48b3-ad3d-e71dff6c6398
Tags
attack.initial_access attack.t1584 attack.t1566 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Ahmed Farouk
Merge PR #4845 from @ahmedfarou22 - Proxy WebDAV Rule Improvements/New Rule
2024-05-10