Rule Info
Name
Use Of The SFTP.EXE Binary As A LOLBIN
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the usage of the "sftp.exe" binary as a LOLBIN by abusing the "-D" flag
Date
2022-11-10 00:00:00
Modified
None
Id
a85ffc3a-e8fd-4040-93bf-78aff284d801
Tags
attack.defense_evasion attack.execution attack.t1218 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit