Multiple File Combined Via Built-In Copy Command

Rule Info

Name
Multiple File Combined Via Built-In Copy Command
Author
X__Junior (Nextron Systems)
Description
Detects the use of the built-in CMD "copy" command with 2 or more plus signs in order to combine the content of multiple files.
Reference
https://www.esentire.com/blog/exploring-the-infection-chain-screenconnects-link-to-asyncrat-deployment
Date
2024-07-11 00:00:00
Modified
None
Id
d1c833da-7d72-4c83-9b8d-87f7a2a5db57
Tags
attack.execution attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022