Techniques
Sample rules
PUA - Advanced Port Scanner Execution
- source: sigma
- technicques:
- t1046
- t1135
Description
Detects the use of Advanced Port Scanner.
Detection logic
condition: 1 of selection_*
selection_cli:
CommandLine|contains|all:
- /portable
- /lng
selection_img:
- Image|contains: \advanced_port_scanner
- OriginalFileName|contains: advanced_port_scanner
- Description|contains: Advanced Port Scanner