Dot net compiler compiles file from suspicious location

calendar Feb 5, 2024  ยท
Share on: linkedin copy

Dot net compiler compiles file from suspicious location

Sigma rule (View on GitHub)

 1title: Dot net compiler compiles file from suspicious location
 2status: experimental
 3description: Dot net compiler compiles file from suspicious location
 4author: Joe Security
 5date: 2020-02-03
 6id: 200048
 7threatname:
 8behaviorgroup: 1
 9classification: 7
10mitreattack:
11
12logsource:
13    category: process_creation
14    product: windows
15detection:
16    selection:      
17        CommandLine:
18            - '*\windows\microsoft.net\framework*\csc.exe*/noconfig /fullpaths*\appdata\local\temp*'
19    condition: selection
20level: high
to-top