Suspicious File Rename

Rule Info

Name
Suspicious File Rename
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects suspicious renaming of benign file types such as documents or images to executable file types. Threat actors often drops files with innocent extensions and later rename them to executable formats during execution to evade detection.
Reference
https://ptsecurity.com/research/pt-esc-threat-intelligence/striking-panda-attacks-apt31-today/
Date
2026-04-02 00:00:00
Modified
None
Id
e864fc83-5cba-444e-bbeb-20f515c406e7
Tags
attack.defense-evasion attack.execution attack.t1036.008
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022