security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
blue-team-tools/rules/windows/process_creation/proc_creation_win_jsc_execution.yml
T
Nasreddine Bencherchali 34c5d66c22 Merge PR #5966 from @nasbench - Update mitre tags to use attack v19 
chore: update mitre tags to use attack v19
2026-04-29 01:20:23 +02:00

30 lines
984 B
YAML
Raw Permalink Blame History

title: JScript Compiler Execution
id: 52788a70-f1da-40dd-8fbd-73b5865d6568
status: test
description: |
Detects the execution of the "jsc.exe" (JScript Compiler).
Attacker might abuse this in order to compile JScript files on the fly and bypassing application whitelisting.
references:
- https://lolbas-project.github.io/lolbas/Binaries/Jsc/
- https://www.phpied.com/make-your-javascript-a-windows-exe/
- https://twitter.com/DissectMalware/status/998797808907046913
author: frack113
date: 2022-05-02
modified: 2024-04-24
tags:
- attack.execution
- attack.stealth
- attack.t1127
logsource:
product: windows
category: process_creation
detection:
selection:
- Image|endswith: '\jsc.exe'
- OriginalFileName: 'jsc.exe'
condition: selection
falsepositives:
- Legitimate use to compile JScript by developers.
# Note: Can be decreased to informational or increased to medium depending on how this utility is used.
level: low
Reference in New Issue View Git Blame Copy Permalink