MALWARE-TOOLS Win.Tool.RemComSvc download attempt
This rule looks for strings associated with a PUA that could potentially inject into other applications or spawn a reverse shell.
This rule alerts when a binary containing RemComSvc is downloaded.
Attacks/Scans seen in the wild
Known false positives, with the described conditions
This rule has the potential to trigger on benign use of the RemComSvc binary. The RemComSvc binary is not inherently malicious. Although, it is commonly used by threat actors to inject into other processes and delve deeper into the network. A common false positive would be its usage in the ManageEngine software suite.
Cisco Talos Intelligence Group
No rule groups
No information provided