Rule Info
Name
HackTool - SharpMove Tool Execution
Author
Luca Di Bartolomeo (CrimpSec)
Description
Detects the execution of SharpMove, a .NET utility performing multiple tasks such as "Task Creation", "SCM" query, VBScript execution using WMI via its PE metadata and command line options.
Reference
Date
2024-01-29 00:00:00
Modified
None
Id
055fb54c-a8f4-4aee-bd44-f74cf30a0d9d
Tags
attack.lateral-movement attack.t1021.002 DEMO
Type
Community Rule
Link to Public Repo