Suspicious Unsigned Thor Scanner Execution

Rule Info

Name
Suspicious Unsigned Thor Scanner Execution
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects loading and execution of an unsigned thor scanner binary.
Reference
Internal Research
Date
2023-10-29 00:00:00
Modified
None
Id
ea5c131b-380d-49f9-aeb3-920694da4d4b
Tags
attack.defense-evasion attack.t1574.002 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Nasreddine Bencherchali
Merge PR #4525 from @nasbench
2023-10-29