Rule Info
Name
Process Launched Without Image Name
Author
Matt Anderson (Huntress)
Description
Detect the use of processes with no name (".exe"), which can be used to evade Image-based detections.
Reference
Date
2024-07-23 00:00:00
Modified
None
Id
f208d6d8-d83a-4c2c-960d-877c37da84e5
Tags
attack.defense-evasion DEMO
Type
Community Rule
Link to Public Repo