Rule Info
Name
Potential File Extension Spoofing Using Right-to-Left Override
Author
Jonathan Peters (Nextron Systems), Florian Roth (Nextron Systems)
Description
Detects suspicious filenames that contain a right-to-left override character and a potentially spoofed file extensions.
Date
2024-11-17 00:00:00
Modified
None
Id
979baf41-ca44-4540-9d0c-4fcef3b5a3a4
Tags
attack.execution attack.defense-evasion attack.t1036.002
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Jonathan Peters
Merge PR #5081 from @cod3nym - Add `Potential File Extension Spoofing Using Right-to-Left Override`
2024-11-18
Scan your endpoints, forensic images or collected files with our portable scanner THOR