Create lnx_space_after_filename_

2024-11-07 01:45:21 +00:00 · 2020-07-13 01:33:39 +03:00 · 2020-07-13 01:33:39 +03:00 · 4b74a0df76
commit 4b74a0df76
parent c749aa2539
1 changed files with 20 additions and 0 deletions
--- a/rules/linux/lnx_space_after_filename_
+++ b/rules/linux/lnx_space_after_filename_
@ -0,0 +1,20 @@
+title: Space After Filename
+id: 879c3015-c88b-4782-93d7-07adf92dbcb7 
+description: Detects space after filename
+references:
+    - https://attack.mitre.org/techniques/T1064
+author: Ömer Günal
+date: 2020/06/17
+tags:
+    - attack.execution
+level: low
+logsource:
+    product: linux
+detection:
+    selection1:
+        - 'echo "*" > * && chmod +x *'
+    selection2:
+        - 'mv * "* "'
+    condition: selection1 and selection2 
+falsepositives:
+    - Typos