Suspicious NCat Command Line Flags - Windows

Rule Info

Name
Suspicious NCat Command Line Flags - Windows
Author
Florian Roth
Description
Detects suspicious command line flags often used with NCat to establish a reverse shell or execute a command.
Reference
https://nmap.org/ncat/
Date
2022-12-07 00:00:00
Modified
2023-09-05 00:00:00
Id
4c43f8da-ad24-4b81-a9de-1df10d81e1fa
Tags
attack.command-and-control
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022