Fake Image Execution

Rule Info

Name
Fake Image Execution
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects execution of binaries that have image file extensions but are actually executables. Adversaries may use a image file extension to disguise malware as image files to avoid detection.
Reference
https://www.seqrite.com/blog/advisory-pahalgam-attack-themed-decoys-used-by-apt36-to-target-the-indian-government/
Date
2025-05-05 00:00:00
Modified
None
Id
234f2ba0-6635-42ad-b5f0-914ddd50780f
Tags
attack.defense-evasion attack.t1036.008 attack.execution attack.t1204.002
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022