T1203 #148
Description
https://attack.mitre.org/techniques/T1203/
sigma:
builtin/application/microsoft-windows_audit_cve/win_audit_cve.yml: - attack.t1203
network_connection/net_connection_win_eqnedt.yml: - attack.t1203
network_connection/net_connection_win_office_outbound_non_local_ip.yml: - attack.t1203
process_creation/proc_creation_win_arcsoc_susp_child_process.yml: - attack.t1203
process_creation/proc_creation_win_hwp_exploits.yml: - attack.t1203
process_creation/proc_creation_win_java_remote_debugging.yml: - attack.t1203
process_creation/proc_creation_win_keyscrambler_susp_child_process.yml: - attack.t1203
process_creation/proc_creation_win_spoolsv_susp_child_processes.yml: - attack.t1203
process_creation/proc_creation_win_winrar_susp_child_process.yml: - attack.t1203