Suspicious Tasks Running System Processes

Rule Info

Id
b62ed848-810c-4e17-88a0-261539b05622
Author
Nasreddine Bencherchali
Name
Suspicious Tasks Running System Processes
Tags
attack.persistence attack.privilege_escalation attack.execution attack.t1053.005
Date
2022-11-17 00:00:00
Modified
None
Description
Detects suspicious execution of scheduled tasks with processes masquerading as system processes
Type
Nextron Sigma feed only (private)

Rule History