PUA - NimScan Execution (4fd6b1c7-19b8-4488-97f6-00f0924991a3)
Detects usage of NimScan, a portscanner utility. In early 2025, adversaries were observed using this utility to scan for open ports on remote hosts in a compromised environment. This rule identifies the execution of NimScan based on the process image name and specific hash values associated with different versions of the tool.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) | Attack Pattern | PUA - NimScan Execution (4fd6b1c7-19b8-4488-97f6-00f0924991a3) | Sigma-Rules | 1 |