Renamed CDB.exe Execution

Rule Info

Name
Renamed CDB.exe Execution
Author
X__Junior
Description
Detects the execution of a renamed Microsoft Console Debugger "CDB.exe" binary based on the PE metadata fields
Reference
https://www.elastic.co/security-labs/fragile-web-ref7707
Date
2025-02-27 00:00:00
Modified
None
Id
fdc64d4a-984a-4ba6-ac31-f5868a9b6ec9
Tags
attack.execution attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022