Csc.EXE Execution Form Potentially Suspicious Parent (b730a276-6b63-41b8-bcf8-55930c8fc6ee)

Detects a potentially suspicious parent of "csc.exe", which could be a sign of payload delivery.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Csc.EXE Execution Form Potentially Suspicious Parent (b730a276-6b63-41b8-bcf8-55930c8fc6ee)	Sigma-Rules	1
Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	Csc.EXE Execution Form Potentially Suspicious Parent (b730a276-6b63-41b8-bcf8-55930c8fc6ee)	Sigma-Rules	1
Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	Csc.EXE Execution Form Potentially Suspicious Parent (b730a276-6b63-41b8-bcf8-55930c8fc6ee)	Sigma-Rules	1
Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	Csc.EXE Execution Form Potentially Suspicious Parent (b730a276-6b63-41b8-bcf8-55930c8fc6ee)	Sigma-Rules	1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Compile After Delivery - T1027.004 (c726e0a2-a57a-4b7b-a973-d0f013246617)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2