Read Contents From Stdin Via Cmd.EXE

Rule Info

Tags
attack.execution DEMO attack.t1059.003
Modified
None
Author
frack113, Nasreddine Bencherchali (Nextron Systems)
Name
Read Contents From Stdin Via Cmd.EXE
Description
Detect the use of "<" to read and potentially execute a file via cmd.exe
Date
2023-03-07 00:00:00
Reference
https://github.com/redcanaryco/atomic-red-team/blob/40b77d63808dd4f4eafb83949805636735a1fd15/atomics/T1059.003/T1059.003.md
Id
241e802a-b65e-484f-88cd-c2dc10f9206d
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=241e802a-b65e-484f-88cd-c2dc10f9206d

Rule History

Commit
Date
Author
Title
1378cf6d7
2023-03-07
Nasreddine Bencherchali
feat: update cmd based rules
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022