High Severity

Attachment: .csproj with suspicious commands

Labels

Description

Attached .csproj file contains suspicious commands.

References

https://delivr.to/payloads?id=9d80cf8d-fb68-40fb-8969-4b11f3a29c9f

Sublime Security

Created Aug 17th, 2023 • Last updated Aug 17th, 2023

Feed Source

Sublime Core Feed

Source

GitHub

type.inbound
and any(attachments,
        .file_extension == "csproj"
        and any(file.explode(.),
                (
                  (any(.scan.strings.strings, strings.contains(., 'DllImport')))
                  and (any(.scan.strings.strings, strings.icontains(., 'CreateProcess')))
                )
        )
)

MQL Console

•

View MQL Guide

Playground

Test against your own EMLs or sample data.

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.