
Rule Info
Name
Suspicious IP Address In Scheduled Task Creation
Author
X__Junior
Description
Detects scheduled task creation using "schtasks" that contains an IP address, which is considered suspicious
Date
2025-01-13 00:00:00
Modified
None
Id
f5be4913-a66d-4726-95ea-88f638288b88
Tags
attack.impact attack.t1489
Type
Nextron Sigma feed only (private)