Vendor
medium
advisory
Suspicious Child Processes from Communication Applications
3 rules 3 TTPsThe detection rule identifies suspicious child processes spawned from communication applications on Windows systems, potentially indicating masquerading or exploitation of vulnerabilities within these applications.
Elastic Defend +12
defense-evasion
persistence
windows
3r
3t
medium
advisory
Potential Masquerading as Communication Apps
2 rules 3 TTPsAttackers may attempt to evade defenses by masquerading malicious processes as legitimate communication applications such as Slack, WebEx, Teams, Discord, RocketChat, Mattermost, WhatsApp, Zoom, Outlook and Thunderbird.
Slack +9
defense-evasion
masquerading
windows
2r
3t