Skip to content

Hide Navigation Hide TOC

Suspicious Command Patterns In Scheduled Task Creation (f2c64357-b1d2-41b7-849f-34d2682c0fad)

Detects scheduled task creation using "schtasks" that contain potentially suspicious or uncommon commands

Cluster A Galaxy A Cluster B Galaxy B Level
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Suspicious Command Patterns In Scheduled Task Creation (f2c64357-b1d2-41b7-849f-34d2682c0fad) Sigma-Rules 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2