Tag
medium
advisory
Suspicious Dynamic .NET Compilation via Csc.exe
2 rules 1 TTPAttackers may use csc.exe to compile .NET code on the fly to evade detection, often placing the compiler and source code in suspicious locations, which can be detected by monitoring process creation events.
.NET Framework
defense-evasion
dynamic-compilation
csc.exe
2r
1t
high
advisory
Suspicious CSC.exe Parent Process
3 rules 3 TTPsThe Csc.exe (C# compiler) process is being launched by unusual parent processes or from suspicious locations, indicating potential malware execution or defense evasion.
Windows
attack.execution
attack.defense-evasion
csc.exe
payload-delivery
3r
3t