==================================================

CREATED: WIN-WEBEXSERVICE-SUSPECT-CLI (#1422)

Description

This detector identifies the Windows Service Control process (sc.exe) starting the WebEx Service with a suspicious command line. This behavior occurs during privilege escalation using CVE-2018-15442, also known as the WebExec exploit.

ATT&CK Technique T1068

==================================================

CREATED: WIN-WEBEXSERVICE-SUSPECT-CHILD (#1421)

Description

This detector identifies processes spawning from a WebEx Service process. This behavior occurs during privilege escalation using CVE-2018-15442, also known as the WebExec exploit.

ATT&CK Technique T1068

Did this answer your question?