Skip to content

Hide Navigation Hide TOC

Suspicious Filename with Embedded Base64 Commands (179b3686-6271-4d87-807d-17d843a8af73)

Detects files with specially crafted filenames that embed Base64-encoded bash payloads designed to execute when processed by shell scripts. These filenames exploit shell interpretation quirks to trigger hidden commands, a technique observed in VShell malware campaigns.

Cluster A Galaxy A Cluster B Galaxy B Level
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Suspicious Filename with Embedded Base64 Commands (179b3686-6271-4d87-807d-17d843a8af73) Sigma-Rules 1
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern Suspicious Filename with Embedded Base64 Commands (179b3686-6271-4d87-807d-17d843a8af73) Sigma-Rules 1
Unix Shell - T1059.004 (a9d4b653-6915-42af-98b2-5758c4ceee56) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2