Rule Info
Name
Network Sweep via CMD For Loop
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects a subnet sweep executed via a CMD for loop iterating over an IP range using the (1,1,N) step pattern.
Attackers use this tool-agnostic pattern for network reconnaissance to identify live hosts or enumerate SMB shares across private subnets.
Date
2026-06-02 00:00:00
Modified
None
Id
a2d85f3c-71e4-4b96-8c0d-e43f127b9d68
Tags
attack.discovery attack.t1018 attack.t1135
Type
Nextron Sigma feed only (private)
