Vendor
medium
advisory
Suspicious Child Processes from Communication Applications
3 rules 3 TTPsThe detection rule identifies suspicious child processes spawned from communication applications on Windows systems, potentially indicating masquerading or exploitation of vulnerabilities within these applications.
Elastic Defend +12
defense-evasion
persistence
windows
3r
3t
medium
advisory
RMM Domain DNS Queries from Non-Browser Processes
2 rules 75 IOCsDetects DNS queries to commonly abused remote monitoring and management (RMM) or remote access software domains from non-browser processes, potentially indicating unauthorized remote access or command and control activity.
Elastic Defend +9
command-and-control
rmm
dns
2r
75i
medium
advisory
Masquerading Business Application Installers
2 rules 4 TTPsAttackers masquerade malicious executables as legitimate business application installers to trick users into downloading and executing malware, leveraging defense evasion and initial access techniques.
Elastic Defend +22
masquerading
defense-evasion
initial-access
malware
windows
2r
4t