Tag

Archive

4 briefs RSS

MOTW Bypass via CAB, TAR, and 7-Zip Chaining

A newly discovered Mark of the Web (MOTW) bypass technique utilizes a chain of CAB, TAR, and 7-Zip archives to circumvent SmartScreen and execute files without security warnings.

motw bypass phishing defense-evasion archive 7-zip cab tar

2r 2t 1i Mar 19, 2026

medium advisory

Windows Script Execution from Archive File

2 rules 3 TTPs

This rule identifies attempts to execute Jscript/Vbscript files from an archive file, a common delivery method for malicious scripts on Windows systems.

M365 Defender +2 execution windows scripting archive

2r 3t Jan 24, 2024

low advisory

GitHub Repository Archive Status Changed

2 rules 3 TTPs

Detection of GitHub repository archiving or unarchiving events, which could indicate malicious activity such as persistence, impact, or defense impairment.

GitHub repository archive unarchive persistence impact defense-impairment

2r 3t Jan 4, 2024

medium advisory

Detection of Encrypted Archive Creation with WinRAR or 7-Zip

2 rules 2 TTPs

Adversaries use WinRAR or 7-Zip with encryption options to compress and protect stolen data before exfiltration, making detection more challenging.

Defender XDR +2 collection archive exfiltration windows

2r 2t Jan 3, 2024