This rule focuses on detecting the execution of Netcat, a versatile networking utility often exploited by adversaries for establishing command and control (C2) communication channels. Adversaries may utilize non-application layer protocols to connect with C2 servers or communicate among compromised hosts in a network. The rule leverages process creation logs on Windows systems to detect specific instances of Netcat executables (nc.exe, ncat.exe, netcat.exe) being run, as well as suspicious command line parameters that suggest potential malicious activity.