Skip to content

Hide Navigation Hide TOC

FileFix - Command Evidence in TypedPaths from Browser File Upload Abuse (4fee3d51-8069-4a4c-a0f7-924fcaff2c70)

Detects commonly-used chained commands and strings in the most recent 'url' value of the 'TypedPaths' key, which could be indicative of a user being targeted by the FileFix technique.

Cluster A Galaxy A Cluster B Galaxy B Level
FileFix - Command Evidence in TypedPaths from Browser File Upload Abuse (4fee3d51-8069-4a4c-a0f7-924fcaff2c70) Sigma-Rules Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 1
Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2