EXPLORE
Sign In
← Back to Explore
T1036.007

Double File Extension

Adversaries may abuse a double extension in the filename as a means of masquerading the true file type. A file name may include a secondary file type extension that may cause only the first extension to be displayed (ex: <code>File.txt.exe</code> may render in some views as just <code>File.txt</code>). However, the second extension is the true file type that determines how the file is opened and executed. The real file extension may be hidden by the operating system in the file browser (ex: expl...

Windows
4
Detections
2
Sources
2
Threat Actors

BY SOURCE

3sigma1elastic

PROCEDURES (2)

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

File Monitoring2 detections

Auto-extracted: 2 detections for file monitoring

THREAT ACTORS (2)

KimsukyMustang Panda

DETECTIONS (4)

Executable File Creation with Multiple Extensions
elasticmedium
Suspicious Double Extension Files
sigmahigh
Suspicious LNK Double Extension File Created
sigmamedium
Suspicious Parent Double Extension File Execution
sigmahigh