HackTool - Potential Impacket Smbexec Execution

Rule Info

Name
HackTool - Potential Impacket Smbexec Execution
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects the use of Impacket's smbexec tool. Smbexec, included in the Impacket suite, enables attackers to execute programs remotely. Similar to PsExec, but it leverages the SMB protocol to retrieve command outputs.
Reference
https://www.cybertriage.com/blog/dfir-breakdown-impacket-remote-execution-activity-smbexec/
Date
2025-02-06 00:00:00
Modified
None
Id
51b33a49-946d-45f7-bb23-2f22ca33f654
Tags
attack.execution attack.t1047 attack.lateral-movement attack.t1021.003
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022