==================================================

CREATED: WIN-LSASS-SUSPECT-BINARY (#1399)

Description

Identifies rogue processes claiming to be lsass.exe but lacking expected binary metadata.

References

ATT&CK Technique T1036

==================================================

CREATED: WIN-SVCHOST-TRICKBOT-FILEMODS (#1400)

Description

Identifies a known technique used by malware leveraging a legitimate svchost.exe process to download TrickBot files.

References

ATT&CK Technique T1093

Did this answer your question?