Tag

Rtlo

1 brief RSS

File with Right-to-Left Override Character (RTLO) Created/Executed

This rule detects the creation or execution of files or processes with names containing the Right-to-Left Override (RTLO) character, which can be used to disguise the file extension and trick users into executing malicious files on Windows systems.

Elastic Defend +2 defense-evasion rtlo masquerading windows

2r 2t Jan 2, 2024