Tag
low
advisory
Unusual Process Spawned by a Parent Process via Machine Learning
2 rules 2 TTPsA machine learning job detected a suspicious Windows process, predicted malicious by the ProblemChild model and flagged as an unusual child process name for its parent, potentially indicating LOLbins usage and evading traditional detection.
defense-evasion
lolbins
windows
machine-learning
2r
2t
low
advisory
Suspicious Windows Process Cluster Detection via Machine Learning
2 rules 2 TTPsA machine learning job combination has identified a host with one or more suspicious Windows processes that exhibit unusually high malicious probability scores, potentially indicating masquerading and defense evasion tactics.
defense-evasion
masquerading
LOLbins
windows
2r
2t
low
advisory
Unusual Process Spawned by a User Detected by Machine Learning
2 rules 2 TTPsA machine learning job detected a suspicious Windows process, predicted to be malicious by the ProblemChild supervised ML model and found to be unusual within the user's context, potentially indicating defense evasion techniques like masquerading or the use of LOLbins.
endpoint
windows
defense evasion
machine learning
lolbins
2r
2t