Unusual File Extension

Description

Triggered when a user accesses a new file type or extension. This is based on a user's previous history and/or peer group activity.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Malware

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Impact
Initial Access

MITRE ATT&CK Techniques

Data Encrypted for Impact
Spearphishing Attachment

MITRE Threat Groups

APT38
APT41
TA505

Data Sources

Endpoint Detection and Response