Skip to content

Hide Navigation Hide TOC

Suspicious FileFix Execution Pattern (b5b29e4e-31fa-4fdf-b058-296e7a1aa0c2)

Detects suspicious FileFix execution patterns where users are tricked into running malicious commands through browser file upload dialog manipulation. This attack typically begins when users visit malicious websites impersonating legitimate services or news platforms, which may display fake CAPTCHA challenges or direct instructions to open file explorer and paste clipboard content. The clipboard content usually contains commands that download and execute malware, such as information stealing tools.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious FileFix Execution Pattern (b5b29e4e-31fa-4fdf-b058-296e7a1aa0c2) Sigma-Rules Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious Copy and Paste - T1204.004 (e261a979-f354-41a8-963e-6cadac27c4bf) Attack Pattern 2