Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image

Rule Info

Name
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
Author
frack113, Florian Roth (Nextron Systems), Josh Nickels
Description
Detects potential commandline obfuscation using unicode characters. Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.
Date
2024-09-02 00:00:00
Modified
2024-09-05 00:00:00
Id
584bca0f-3608-4402-80fd-4075ff6072e3
Tags
attack.defense-evasion attack.t1027 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
secDre4mer
Merge PR #5002 from @secDre4mer - Update `Potential CommandLine Obfuscation Using Unicode Characters` rules
2024-09-06
Nasreddine Bencherchali
Merge PR #4993 from @nasbench - Fix Issues
2024-09-02
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Nasreddine Bencherchali
Merge PR #4928 from @nasbench - Fix FPs and issues found in testing
2024-07-24
Nasreddine Bencherchali
feat: more updates
2023-03-06