Process Launched Without Image Name

Rule Info

Name
Process Launched Without Image Name
Author
Matt Anderson (Huntress)
Description
Detect the use of processes with no name (".exe"), which can be used to evade Image-based detections.
Date
2024-07-23 00:00:00
Modified
None
Id
f208d6d8-d83a-4c2c-960d-877c37da84e5
Tags
attack.defense-evasion DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
Matt Anderson
Merge PR #4919 from @MATTANDERS0N - Added new detections related BOINC
2024-07-23