Usage of Tzutil Utility for System Timezone Discovery

Rule Info

Name
Usage of Tzutil Utility for System Timezone Discovery
Author
MalGamy (Nextron Systems)
Description
Detects the usage of tzutil.exe, a legitimate Windows utility for managing time zones for system timezone discovery. Threat Actors may want to know about victim timezone to align attack activities with victim working hours or to evade certain time-based security controls.
Reference
https://catalyst.prodaft.com/public/report/inside-the-latest-espionage-campaign-of-nebulous-mantis
Date
2025-05-14 00:00:00
Modified
None
Id
bce93f3a-a2c8-4355-89ac-79fd184da576
Tags
attack.discovery attack.t1082
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022