Regular Expressions 101

Community Patterns

Community Library Entry

0

Regular Expression
PCRE2 (PHP >=7.3)

/
^((?![\\\/:\*"\<\>\|]+).)*\.((?![\\\/:\*"\<\>\|]+).)+\.((?![\\\/:\*"\<\>\|]+).)+$
/
gm

Description

This can be used for threat hunting. It will look for valid file names that have a double extension that can be used to trick people. Ex: Invoice.pdf.exe

Submitted by Todd A Danko - 2 years ago