Skip to content
Threat Feed

Product

Windows Subsystem for Linux

4 briefs RSS
medium advisory

Windows Subsystem for Linux Distribution Installed via Registry Modification

This rule detects registry modifications indicative of a new Windows Subsystem for Linux (WSL) distribution installation, a technique adversaries may leverage to evade detection by utilizing Linux environments within Windows.

Windows Subsystem for Linux +4 wsl defense-evasion windows
2r 3t
medium advisory

Host File System Changes via Windows Subsystem for Linux

This rule detects file creation and modification on the host system from the Windows Subsystem for Linux (WSL), potentially indicating defense evasion by adversaries.

Elastic Defend +2 defense-evasion windows wsl
2r 2t
medium advisory

Execution via Windows Subsystem for Linux

This detection identifies attempts to execute programs from the Windows Subsystem for Linux (WSL) to evade detection by flagging suspicious executions initiated by WSL processes and excluding known safe executables.

Microsoft Defender XDR +3 defense-evasion execution windows wsl
2r 2t
high advisory

Detection of Kali Linux Installation or Usage via Windows Subsystem for Linux (WSL)

Adversaries may attempt to install or use Kali Linux via Windows Subsystem for Linux (WSL) to avoid detection, potentially enabling them to perform malicious activities within a Windows environment while blending in with legitimate WSL usage.

Windows Subsystem for Linux +4 defense-evasion windows wsl kalilinux
2r 1t