Rule Info
Name
WSL Child Process Anomaly
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects uncommon or suspicious child processes spawning from a WSL process. This could indicate an attempt to evade parent/child relationship detections or persistence attempts via cron using WSL
Date
2023-01-23 00:00:00
Modified
2023-08-15 00:00:00
Id
2267fe65-0681-42ad-9a6d-46553d3f3480
Tags
attack.execution attack.defense_evasion attack.t1218 attack.t1202 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit