Cscript/Wscript Suspicious Child Process

Rule Info

Tags
attack.execution DEMO
Name
Cscript/Wscript Suspicious Child Process
Id
b6676963-0353-4f88-90f5-36c20d443c6a
Date
2023-05-15 00:00:00
Modified
None
Description
Detects suspicious child processes of Wscript/Cscript
Reference
None
Author
Nasreddine Bencherchali (Nextron Systems)
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b6676963-0353-4f88-90f5-36c20d443c6a

Rule History

Title
Author
Commit
Date
feat: multiple updates and new rules (#4242)
Nasreddine Bencherchali
62caac470
2023-05-17
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022