Attachment: .csproj with suspicious commands
Attached .csproj file contains suspicious commands.
type.inbound and any(attachments, .file_extension == "csproj" and any(file.explode(.), ( (any(.scan.strings.strings, strings.contains(., 'DllImport'))) and (any(.scan.strings.strings, strings.icontains(., 'CreateProcess'))) ) ) )
View MQL Guide
Test against your own EMLs or sample data.
Get Started. Today.
Managed or self-managed. No MX changes.