Detection of Renamed PuTTY.exe

Rule Info

Name
Detection of Renamed PuTTY.exe
Author
MalGamy
Description
Detects instances of PuTTY.exe clients that have been renamed, indicating potential malicious activity utilizing legitimate remote access tools.
Reference
https://attack.mitre.org/techniques/T1036/005
Date
2024-09-30 00:00:00
Modified
None
Id
fd6c020c-55cc-478f-93d4-d1b0f1c970e5
Tags
attack.execution attack.t1036.005
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022