Terminate Linux Process Via Kill

Rule Info

Name
Terminate Linux Process Via Kill
Author
Tuan Le (NCSGroup)
Description
Detects usage of command line tools such as "kill", "pkill" or "killall" to terminate or signal a running process.
Reference
https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
Date
2023-03-16 00:00:00
Modified
None
Id
64c41342-6b27-523b-5d3f-c265f3efcdb3
Tags
attack.defense_evasion attack.t1562 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=64c41342-6b27-523b-5d3f-c265f3efcdb3

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4700 from @nasbench - Promote older rules status from `experimental` to `test`
2024-02-01
367ebd939
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
tuan
feat: new rule related to process termination using `kill` (#4112)
2023-03-21
a035aa038
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022