Scheduled Task Executed Masquerading as System Binary

Rule Info

Name
Scheduled Task Executed Masquerading as System Binary
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects the suspicious execution of Scheduled Tasks where the Program being run is masquerading as a system binary. This is often used by threat actors to maintain persistence and evade detection.
Reference
Internal Research
Date
2025-04-07 00:00:00
Modified
None
Id
f4b8b8b3-ac62-4577-b7ae-ad63c9ae5311
Tags
attack.execution attack.persistence attack.t1053.005 attack.defense-evasion attack.t1036.005
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022