I am trying to build a use case for files that have a double file extension since these can often be the source of malware. I haven't had any success building a search string for this. Has anyone had any success building a search for locating the execution of double file extensions? Even if I can just build a search for the double file extensions, I can try to go from there. Any thoughts?
Searching for the regular expression
\.[^\.]+\. should locate files with 2 extensions. You should search specific fields to avoid false positives.