Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
High |
Description
An attacker may use a special right-to-left (RTL) override character to trick users into executing malicious files that look like benign file types.
Attacker's Goals
Trick users into executing malicious files by making their file types seem benign.
Investigative actions
Investigate the executed process. There is no reason for benign files to contain the Unicode right-to-left override character in their name.