Cmd.Exe Execution With Uncommon Flag

Rule Info

Id
491adfaf-173b-4e26-b6d8-0b0aa25cb4b6
Author
Nasreddine Bencherchali
Name
Cmd.Exe Execution With Uncommon Flag
Tags
attack.execution attack.t1059.003
Date
2022-11-18 00:00:00
Modified
None
Description
Detect use of "/R" flag which is the same as "/C". This flag is often used for obfsucation and should be investigated
Type
Nextron Sigma feed only (private)

Rule History