Skip to content

Hide Navigation Hide TOC

Suspicious File Created by ArcSOC.exe (e890acee-d488-420e-8f20-d9b19b3c3d43)

Detects instances where the ArcGIS Server process ArcSOC.exe, which hosts REST services running on an ArcGIS server, creates a file with suspicious file type, indicating that it may be an executable, script file, or otherwise unusual.

Cluster A Galaxy A Cluster B Galaxy B Level
Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) Attack Pattern Suspicious File Created by ArcSOC.exe (e890acee-d488-420e-8f20-d9b19b3c3d43) Sigma-Rules 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Suspicious File Created by ArcSOC.exe (e890acee-d488-420e-8f20-d9b19b3c3d43) Sigma-Rules 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Suspicious File Created by ArcSOC.exe (e890acee-d488-420e-8f20-d9b19b3c3d43) Sigma-Rules 1