Skip to content

Hide Navigation Hide TOC

Suspicious Deno File Written from Remote Source (6c0ce3b6-85e2-49d4-9c3f-6e008ce9796e)

Detects Deno writing a file from a direct HTTP(s) call and writing to the appdata folder or bringing it's own malicious DLL. This behavior may indicate an attempt to execute remotely hosted, potentially malicious files through deno.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Deno File Written from Remote Source (6c0ce3b6-85e2-49d4-9c3f-6e008ce9796e) Sigma-Rules Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern 1
Suspicious Deno File Written from Remote Source (6c0ce3b6-85e2-49d4-9c3f-6e008ce9796e) Sigma-Rules User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 1
Suspicious Deno File Written from Remote Source (6c0ce3b6-85e2-49d4-9c3f-6e008ce9796e) Sigma-Rules JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern 2