Loading threats
Composite behavior identifying authenticated SMB access to IPC$ and data shares followed by creation of a structured temporary directory matching the test_zorg_test_*_*.tmp naming pattern, along with auxiliary RPC interaction. This sequence is consistent with automated tooling preparing a staging directory on a remote host prior to file transfer or execution.
This behavioral pattern is part of the SikkerAPI detection catalog and is actively monitored across our global honeypot network. No IPs in the current retention window have triggered this detection signature.
When an attacker exhibits this behavior, matched IPs will appear here with confidence scores, geolocation, and session details. Browse other SMB detections or look up a specific IP to check its threat profile.