MSC File Execution From Potential Suspicious Location

Rule Info

Name
MSC File Execution From Potential Suspicious Location
Author
X__Junior, Florian Roth
Description
Detecting execution of Microsoft Management Console (MMC) files from potentially suspicious locations.
Reference
https://x.com/k3yp0d/status/1846084639519089106?s=12&t=C0_T_re0wRP_NfKa27Xw9w
Date
2024-10-20 00:00:00
Modified
None
Id
a691dcd8-5498-4d65-8987-aca2ee434aab
Tags
attack.t1071.004
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022