Skip to content

Hide Navigation Hide TOC

Suspicious File Execution From Internet Hosted WebDav Share (f0507c0f-a3a2-40f5-acc6-7f543c334993)

Detects the execution of the "net use" command to mount a WebDAV server and then immediately execute some content in it. As seen being used in malicious LNK files

Cluster A Galaxy A Cluster B Galaxy B Level
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Suspicious File Execution From Internet Hosted WebDav Share (f0507c0f-a3a2-40f5-acc6-7f543c334993) Sigma-Rules 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2