Potentially Suspicious Download From GoogleDrive Link Via CommandLine

Rule Info

Name
Potentially Suspicious Download From GoogleDrive Link Via CommandLine
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects CommandLine strings referencing Google Drive links with download options and no antivirus scanning. Attackers might use Google Drive in order to host malicious payloads and then later download them via commandline utilities.
Reference
https://twitter.com/_xDeJesus/status/1753529462669414775
Date
2024-04-29 00:00:00
Modified
None
Id
82193464-1319-49f3-8dd7-a177d618e7e8
Tags
attack.execution attack.defense_evasion detection.threat_hunting
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022