Local Network Connection Initiated By Script Interpreter (08249dc0-a28d-4555-8ba5-9255a198e08c)
Detects a script interpreter (Wscript/Cscript) initiating a local network connection to download or execute a script hosted on a shared folder.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Local Network Connection Initiated By Script Interpreter (08249dc0-a28d-4555-8ba5-9255a198e08c) | Sigma-Rules | Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | 1 |