Read Contents From Stdin Via Cmd.EXE

Rule Info

Name
Read Contents From Stdin Via Cmd.EXE
Author
frack113, Nasreddine Bencherchali (Nextron Systems)
Description
Detect the use of "<" to read and potentially execute a file via cmd.exe
Reference
https://github.com/redcanaryco/atomic-red-team/blob/40b77d63808dd4f4eafb83949805636735a1fd15/atomics/T1059.003/T1059.003.md
Date
2023-03-07 00:00:00
Modified
None
Id
241e802a-b65e-484f-88cd-c2dc10f9206d
Tags
attack.execution attack.t1059.003 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=241e802a-b65e-484f-88cd-c2dc10f9206d

Rule History

Author
Title
Date
Commit
github-actions[bot]
chore: promote older rules status from `experimental` to `test` (#4651)
2024-01-01
c3fe2da99
Nasreddine Bencherchali
feat: update cmd based rules
2023-03-07
1378cf6d7
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022