Tag
This rule detects potential exploitation of Foxmail client to gain initial access and execute malicious code by monitoring for Foxmail client spawning child processes with arguments pointing to user-profile AppData paths or remote shares, indicating exploitation of a Foxmail vulnerability through a malicious email.