Csc (939eeb6b-3f74-43b6-8ead-644457ee7d78)
This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.
Description: Binary file used by .NET to compile C# code
Author: Oddvar Moe
Paths: * C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe * C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Csc.exe
Resources: * https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/command-line-building-with-csc-exe
Detection: * Sigma: proc_creation_win_csc_susp_parent.yml * Sigma: proc_creation_win_csc_susp_folder.yml * Elastic: defense_evasion_dotnet_compiler_parent_process.toml * Elastic: defense_evasion_execution_msbuild_started_unusal_process.toml * IOC: Csc.exe should normally not run as System account unless it is used for development.[Csc.exe - LOLBAS Project]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Csc (939eeb6b-3f74-43b6-8ead-644457ee7d78) | Tidal Software | MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6) | Tidal Groups | 1 |