Skip to content

Hide Navigation Hide TOC

PUA - NirCmd Execution (4e2ed651-1906-4a59-a78a-18220fca1b22)

Detects the use of NirCmd tool for command execution, which could be the result of legitimate administrative activity

Cluster A Galaxy A Cluster B Galaxy B Level
PUA - NirCmd Execution (4e2ed651-1906-4a59-a78a-18220fca1b22) Sigma-Rules Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 1
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2