Skip to content

Hide Navigation Hide TOC

Suspicious File Created in Outlook Temporary Directory (fabb0e80-030c-4e3e-a104-d09676991ac3)

Detects the creation of files with suspicious file extensions in the temporary directory that Outlook uses when opening attachments. This can be used to detect spear-phishing campaigns that use suspicious files as attachments, which may contain malicious code.

Cluster A Galaxy A Cluster B Galaxy B Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Suspicious File Created in Outlook Temporary Directory (fabb0e80-030c-4e3e-a104-d09676991ac3) Sigma-Rules 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2