Merge PR #5863 from @swachchhanda000 - Add finger.exe to related rules

update: Potential Defense Evasion Via Rename Of Highly Relevant Binaries - add finger.exe update: System File Execution Location Anomaly - add finger.exe
2026-02-16 17:35:13 +05:45
parent 14d11fdda7
commit dc3880459d
2 changed files with 6 additions and 2 deletions
@@ -19,9 +19,10 @@ references:
    - https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/megacortex-ransomware-spotted-attacking-enterprise-networks
    - https://twitter.com/christophetd/status/1164506034720952320
    - https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/
+    - https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke
 author: Matthew Green - @mgreen27, Florian Roth (Nextron Systems), frack113
 date: 2019-06-15
-modified: 2024-12-03
+modified: 2026-02-12
 tags:
    - attack.defense-evasion
    - attack.t1036.003
@@ -41,6 +42,7 @@ detection:
              - 'cmstp.exe'
              - 'cscript.exe'
              - 'IE4UINIT.EXE'
+              - 'finger.exe'
              - 'mshta.exe'
              - 'msiexec.exe'
              - 'msxsl.exe'
@@ -62,6 +64,7 @@ detection:
            - '\cmstp.exe'
            - '\cscript.exe'
            - '\ie4uinit.exe'
+            - '\finger.exe'
            - '\mshta.exe'
            - '\msiexec.exe'
            - '\msxsl.exe'
@@ -12,7 +12,7 @@ references:
    - https://www.splunk.com/en_us/blog/security/inno-setup-malware-redline-stealer-campaign.html
 author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali (Nextron Systems)
 date: 2017-11-27
-modified: 2025-11-23
+modified: 2026-02-12
 tags:
    - attack.defense-evasion
    - attack.t1036
@@ -41,6 +41,7 @@ detection:
            - '\dllhst3g.exe'
            - '\dwm.exe'
            - '\eventvwr.exe'
+            - '\finger.exe'
            - '\logonui.exe'
            - '\LsaIso.exe'
            - '\lsass.exe'