SigmaHQ/rules/linux/lnx_space_after_filename_.yml

title: Space After Filename
id: 879c3015-c88b-4782-93d7-07adf92dbcb7 
status: experimental
description: Detects space after filename
author: Ömer Günal
date: 2020/06/17
references:
    - https://attack.mitre.org/techniques/T1064
level: low
logsource:
    product: linux
detection:
    selection1:
        - 'echo "*" > * && chmod +x *'
    selection2:
        - 'mv * "* "'
    condition: selection1 and selection2 
falsepositives:
    - Typos
tags:
    - attack.execution
Create lnx_space_after_filename_ 2020-07-12 22:33:39 +00:00			`title: Space After Filename`
			`id: 879c3015-c88b-4782-93d7-07adf92dbcb7`
Fixed my git issue 2020-09-14 04:03:04 +00:00			`status: experimental`
Create lnx_space_after_filename_ 2020-07-12 22:33:39 +00:00			`description: Detects space after filename`
			`author: Ömer Günal`
			`date: 2020/06/17`
Fixed my git issue 2020-09-14 04:03:04 +00:00			`references:`
			`- https://attack.mitre.org/techniques/T1064`
Create lnx_space_after_filename_ 2020-07-12 22:33:39 +00:00			`level: low`
			`logsource:`
			`product: linux`
			`detection:`
			`selection1:`
			`- 'echo "" > && chmod +x *'`
			`selection2:`
			`- 'mv * "* "'`
			`condition: selection1 and selection2`
			`falsepositives:`
			`- Typos`
Fixed my git issue 2020-09-14 04:03:04 +00:00			`tags:`
			`- attack.execution`