PuTTY Secure Copy Suspicious Usage

Rule Info

Id
6b69e637-a67b-4062-bb9d-c354db0a4664
Author
Nasreddine Bencherchali
Name
PuTTY Secure Copy Suspicious Usage
Tags
attack.exfiltration attack.t1048.003
Date
2022-11-10 00:00:00
Modified
None
Description
Detects suspicious usage of PuTTY Secure Copy (PSCP) to exilftrate file
Type
Nextron Sigma feed only (private)

Rule History