Process Execution From Within Recycle.Bin

Rule Info

Name
Process Execution From Within Recycle.Bin
Author
X__Junior (Nextron Systems)
Description
Detects uncommon file execution activity from the recycle bin directory. This directory is often used to stage malware.
Reference
https://www.mandiant.com/resources/blog/infected-usb-steal-secrets
Date
2024-01-24 00:00:00
Modified
None
Id
b6821812-4485-4d92-a81e-4e9cd5823df6
Tags
attack.persistence attack.defense_evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022