PuTTY Secure Copy Suspicious Usage

Rule Info

Name
PuTTY Secure Copy Suspicious Usage
Author
Nasreddine Bencherchali
Description
Detects suspicious usage of PuTTY Secure Copy (PSCP) to exilftrate file
Reference
https://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter5.html
Date
2022-11-10 00:00:00
Modified
None
Id
6b69e637-a67b-4062-bb9d-c354db0a4664
Tags
attack.exfiltration attack.t1048.003
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022