Suspicious Child Processes of SSH

Rule Info

Name
Suspicious Child Processes of SSH
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects suspicious child processes of SSH, which may indicate malicious activity. Adversaries might use the SSH.exe for indirect proxy execution of malicious code or programs in order to bypass the detection
Reference
https://any.run/malware-trends/emmenhtal/?utm_source=linkedin&utm_medium=post&utm_campaign=emmenhtal&utm_content=tracker&utm_term=090125
Date
2025-02-04 00:00:00
Modified
None
Id
1122eb6d-4729-4275-adfd-102560bd6e50
Tags
attack.execution attack.defense-evasion attack.t1218
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022