Skip to content

Hide Navigation Hide TOC

Legitimate Application Writing Files In Uncommon Location (1cf465a1-2609-4c15-9b66-c32dbe4bfd67)

Detects legitimate applications writing any type of file to uncommon or suspicious locations that are not typical for application data storage or execution. Adversaries may leverage legitimate applications (Living off the Land Binaries - LOLBins) to drop or download malicious files to uncommon locations on the system to evade detection by security solutions.

Cluster A Galaxy A Cluster B Galaxy B Level
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Legitimate Application Writing Files In Uncommon Location (1cf465a1-2609-4c15-9b66-c32dbe4bfd67) Sigma-Rules 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Legitimate Application Writing Files In Uncommon Location (1cf465a1-2609-4c15-9b66-c32dbe4bfd67) Sigma-Rules 1