Putty

A remote, anonymous attacker can exploit multiple vulnerabilities in PuTTY to perform a denial of service attack, manipulate data, and possibly carry out spoofing attacks.

This analytic detects the execution of programs associated with the PuTTY SSH client suite, including putty.exe, pscp.exe, plink.exe, psftp.exe, and puttygen.exe, which can be used to establish unauthorized remote connections, transfer files, or execute commands on remote systems potentially leading to network compromise.