Rule Info
Name
Suspicious Microsoft Office Child Process - MacOS
Author
Sohan G (D4rkCiph3r)
Description
Detects suspicious child processes spawning from microsoft office suite applications such as word or excel. This could indicates malicious macro execution
Reference
Date
2023-01-31 00:00:00
Modified
2023-02-04 00:00:00
Id
69483748-1525-4a6c-95ca-90dc8d431b68
Tags
attack.execution attack.persistence attack.t1059.002 attack.t1137.002 attack.t1204.002 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01