Techniques
Sample rules
Proxy Execution Via Explorer.exe
- source: sigma
- technicques:
- t1218
Description
Attackers can use explorer.exe for evading defense mechanisms
Detection logic
condition: selection
selection:
CommandLine|contains: explorer.exe
Image|endswith: \explorer.exe
ParentImage|endswith: \cmd.exe