Rule Info
Name
Makecab.EXE Execution With An Uncommon Directive File Extension
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of "makecab.exe" with a directive file with an uncommon extension.
The typical extension for cab directive is the Diamond Directive File (.DDF).
Not using this extension might be a sign of something uncommon or even suspicious worth investigating.
Date
2024-03-12 00:00:00
Modified
None
Id
962fe105-395d-4627-9d7f-ff07b9be27e9
Tags
attack.execution attack.t1218
Type
Nextron Sigma feed only (private)