Hide Navigation Hide TOC

Potentially Suspicious Cabinet File Expansion (9f107a84-532c-41af-b005-8d12a607639f)

Detects the expansion or decompression of cabinet files from potentially suspicious or uncommon locations, e.g. seen in Iranian MeteorExpress related attacks

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potentially Suspicious Cabinet File Expansion (9f107a84-532c-41af-b005-8d12a607639f)	Sigma-Rules	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	1