Description
Identifies a suspicious parent child process relationship with cmd.exe descending from unusual process. This may indicate an interactive shell activity from within an injected or hollowed process. Below an example where a cmd is spawned from default Google service:
.
Required Info
- Target Operating Systems:
- Target ECS Version: x.x.x
- New fields required in ECS for this?
- Related issues or PRs
Optional Info
Example Data
Description
Identifies a suspicious parent child process relationship with cmd.exe descending from unusual process. This may indicate an interactive shell activity from within an injected or hollowed process. Below an example where a cmd is spawned from default Google service:
Required Info
Optional Info
Example Data