Potentially Suspicious CMD Shell Output Redirect (8e0bb260-d4b2-4fff-bb8d-3f82118e6892)
Detects inline Windows shell commands redirecting output via the ">" symbol to a suspicious location. This technique is sometimes used by malicious actors in order to redirect the output of reconnaissance commands such as "hostname" and "dir" to files for future exfiltration.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potentially Suspicious CMD Shell Output Redirect (8e0bb260-d4b2-4fff-bb8d-3f82118e6892) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |