Suspicious Binaries and Scripts in Public Folder

Rule Info

Name
Suspicious Binaries and Scripts in Public Folder
Author
The DFIR Report
Description
Detects the creation of a file with a suspicious extension in the public folder, which could indicate potential malicious activity.
Reference
https://intel.thedfirreport.com/events/view/30032
Date
2025-01-23 00:00:00
Modified
None
Id
b447f7de-1e53-4cbf-bfb4-f1f6d0b04e4e
Tags
attack.execution attack.t1204
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b447f7de-1e53-4cbf-bfb4-f1f6d0b04e4e

Rule History

Author
Title
Date
Commit
Kostas
Merge PR #5174 from @tsale - Add `Suspicious Binaries and Scripts in Public Folder`
2025-01-30
56203e524
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022