Potential PsExec Remote Execution

Rule Info

Tags
attack.resource_development DEMO attack.t1587.001
Modified
None
Author
Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems)
Name
Potential PsExec Remote Execution
Description
Detects potential psexec command that initiate execution on a remote systems via common commandline flags used by the utility
Date
2023-02-28 00:00:00
Reference
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
Id
ea011323-7045-460b-b2d7-0f7442ea6b38
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=ea011323-7045-460b-b2d7-0f7442ea6b38

Rule History

Commit
Date
Author
Title
137dcbcc5
2023-02-28
Nasreddine Bencherchali
feat: more updates and fixes
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022