Regular Expressions 101

Community Patterns

Windows File With Double Extension

0

Regular Expression
PCRE2 (PHP >=7.3)

/
^((?![\\\/:\*"\<\>\|]+).)*\.((?![\\\/:\*"\<\>\|]+).)+\.((?![\\\/:\*"\<\>\|]+).)+$
/
gm

Description

This can be used for threat hunting. It will look for valid file names that have a double extension that can be used to trick people. Ex: Invoice.pdf.exe

Submitted by Todd A Danko - 10 months ago