Outbound Network Connection Initiated By Script Interpreter (992a6cae-db6a-43c8-9cec-76d7195c96fc)
Detects a script interpreter wscript/cscript opening a network connection to a non-local network. Adversaries may use script to download malicious payloads.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Outbound Network Connection Initiated By Script Interpreter (992a6cae-db6a-43c8-9cec-76d7195c96fc) | Sigma-Rules | Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | 1 |