Rule Info
Name
Suspicious Invocation of Shell via AWK - Linux
Author
Li Ling, Andy Parkidomo, Robert Rakowski, Blake Hartstein (Bloomberg L.P.)
Description
Detects the execution of "awk" or it's sibling commands, to invoke a shell using the system() function.
This behavior is commonly associated with attempts to execute arbitrary commands or escalate privileges, potentially leading to unauthorized access or further exploitation.
Date
2024-09-02 00:00:00
Modified
None
Id
8c1a5675-cb85-452f-a298-b01b22a51856
Tags
attack.execution attack.t1059 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit