==================================================

CREATED: WIN-WERFAULT-NO-CLI (#1987)

Description

This detector identifies werfault.exe being executed without any command line parameters. This technique has been used by adversaries during process injection attacks.

ATT&CK Technique T1055

==================================================

CREATED: WIN-POSSIBLE-WEBSHELL-REQ-ITEM (#1988)

Description

This detector identifies certain command line strings associated with writing a webshell to disk.

ATT&CK Technique T1100

Did this answer your question?