Suspicious Tasks Running System Processes

Rule Info

Name
Suspicious Tasks Running System Processes
Author
Nasreddine Bencherchali
Description
Detects suspicious execution of scheduled tasks with processes masquerading as system processes
Reference
https://www.cisa.gov/uscert/sites/default/files/publications/aa22-320a_joint_csa_iranian_government-sponsored_apt_actors_compromise_federal%20network_deploy_crypto%20miner_credential_harvester.pdf
Date
2022-11-17 00:00:00
Modified
None
Id
b62ed848-810c-4e17-88a0-261539b05622
Tags
attack.persistence attack.execution attack.privilege_escalation attack.t1053.005
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022