Unicode RTL Override Character

Unicode RTL Override Character
alert indicates the execution of a process whose file name contains the Unicode right-to-left override character.


10 minutes
3 days
14 days
10 Minutes
Cortex XDR agent endpoint data


Attackers may try to masquerade malicious files by using the Unicode right-to-left override character in the file name, thus making the file type appear benign. This technique is often used with phishing e-mail attachments.

Attacker's Goals

Trick users into executing malicious files by making their file types seem benign.

Investigative Actions

Investigate the executed process causality group. There is no reason for benign files to contain the Unicode right-to-left override character in their name.

Recommended For You