Suspicious Execution From GUID Like Folder Names (90b63c33-2b97-4631-a011-ceb0f47b77c3)
Detects potential suspicious execution of a GUID like folder name located in a suspicious location such as %TEMP% as seen being used in IcedID attacks
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) | Attack Pattern | Suspicious Execution From GUID Like Folder Names (90b63c33-2b97-4631-a011-ceb0f47b77c3) | Sigma-Rules | 1 |