Java JAR Execution From Potentially Suspicious Location

Rule Info

Name
Java JAR Execution From Potentially Suspicious Location
Author
X__Junior (Nextron Systems)
Description
Detects execution of Java application that has been packaged into a JAR from suspicious locations.
Reference
https://securelist.com/sambaspy-rat-targets-italian-users/113851/
Date
2024-09-20 00:00:00
Modified
None
Id
cced1834-8204-43e6-9530-2f5392f1594b
Tags
attack.execution attack.t1059
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022