Suspicious File Copy To Admin Share

Rule Info

Name
Suspicious File Copy To Admin Share
Author
MalGamy (Nextron System)
Description
Detects suspicious file copy operations to administrative shares, which may indicate lateral movement or malicious staging.
Date
2024-11-10 00:00:00
Modified
None
Id
b244fbab-7679-4f96-83a3-c3e016b50ddb
Tags
attack.lateral-movement attack.t1021
Type
Nextron Sigma feed only (private)

Rule History