Sponsor of the Day:
Jerkmate
https://detection.fyi/joesecurity/sigma-rules/officeproductdropsexecutableatsuspiciouslocation/
Office product drops executable at suspicious location | Detection.FYI
Office product drops executable at suspicious location
location detection fyioffice productdropsexecutablesuspicious
https://detection.fyi/sigmahq/sigma/windows/file/file_event/file_event_win_office_publisher_files_in_susp_locations/
Publisher Attachment File Dropped In Suspicious Location | Detection.FYI
Detects creation of files with the
location detection fyipublisherattachmentfiledropped
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_certutil_encode_susp_location/
File In Suspicious Location Encoded To Base64 Via Certutil.EXE | Detection.FYI
Detects the execution of certutil with the
via certutil exesuspicious locationdetection fyifileencoded
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_iexpress_susp_execution/
Self Extracting Package Creation Via Iexpress.EXE From Potentially Suspicious Location |...
Detects the use of iexpress.exe to create binaries via Self Extraction Directive (SED) files located in potentially suspicious locations. This behavior has...
self extractingpackage creationpotentially suspiciousviaexe