mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-06 17:35:19 +00:00
21 lines
474 B
YAML
21 lines
474 B
YAML
title: Space After Filename
|
|
id: 879c3015-c88b-4782-93d7-07adf92dbcb7
|
|
status: experimental
|
|
description: Detects space after filename
|
|
author: Ömer Günal
|
|
date: 2020/06/17
|
|
references:
|
|
- https://attack.mitre.org/techniques/T1064
|
|
level: low
|
|
logsource:
|
|
product: linux
|
|
detection:
|
|
selection1:
|
|
- 'echo "*" > * && chmod +x *'
|
|
selection2:
|
|
- 'mv * "* "'
|
|
condition: selection1 and selection2
|
|
falsepositives:
|
|
- Typos
|
|
tags:
|
|
- attack.execution |