Skip to content

Hide Navigation Hide TOC

ISO File Created Within Temp Folders (2f9356ae-bf43-41b8-b858-4496d83b2acb)

Detects the creation of a ISO file in the Outlook temp folder or in the Appdata temp folder. Typical of Qakbot TTP from end-July 2022.

Cluster A Galaxy A Cluster B Galaxy B Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern ISO File Created Within Temp Folders (2f9356ae-bf43-41b8-b858-4496d83b2acb) Sigma-Rules 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2