Rule Info
Name
Makecab.EXE Execution With Directive File
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of "makecab.exe" with a directive file.
Attackers can leverage makecab with a directive file in order to create ".cab" file while avoiding any mention of the files being compressed. As the ".DDF" file will contain all the information necessary for the compression.
Date
2024-03-12 00:00:00
Modified
None
Id
dd300e4e-d45b-4ec6-8e00-088ce7e5d017
Tags
attack.execution attack.t1218
Type
Nextron Sigma feed only (private)