Tag
Windows Subsystem for Linux Distribution Installed via Registry Modification
2 rules 3 TTPsThis rule detects registry modifications indicative of a new Windows Subsystem for Linux (WSL) distribution installation, a technique adversaries may leverage to evade detection by utilizing Linux environments within Windows.
Windows Subsystem for Linux Enabled via Dism Utility
2 rules 1 TTPAdversaries may enable and use Windows Subsystem for Linux (WSL) using the Microsoft Dism utility to evade detection on Windows systems by running Linux applications and tools.
Host File System Changes via Windows Subsystem for Linux
2 rules 2 TTPsThis rule detects file creation and modification on the host system from the Windows Subsystem for Linux (WSL), potentially indicating defense evasion by adversaries.
Execution via Windows Subsystem for Linux
2 rules 2 TTPsThis detection identifies attempts to execute programs from the Windows Subsystem for Linux (WSL) to evade detection by flagging suspicious executions initiated by WSL processes and excluding known safe executables.
Detection of Kali Linux Installation or Usage via Windows Subsystem for Linux (WSL)
2 rules 1 TTPAdversaries may attempt to install or use Kali Linux via Windows Subsystem for Linux (WSL) to avoid detection, potentially enabling them to perform malicious activities within a Windows environment while blending in with legitimate WSL usage.