security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4989d43ae97015f8113aed2efcd49d288b8fec21
blue-team-tools/rules/linux/process_creation/proc_creation_lnx_kill_process.yml
T
github-actions[bot] 367ebd9395 Merge PR #4700 from @nasbench - Promote older rules status from experimental to test 
chore: promote older rules status from experimental to test
2024-02-01 02:09:31 +01:00

26 lines
744 B
YAML
Raw Blame History

title: Terminate Linux Process Via Kill
id: 64c41342-6b27-523b-5d3f-c265f3efcdb3
status: test
description: Detects usage of command line tools such as "kill", "pkill" or "killall" to terminate or signal a running process.
references:
- https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
- https://www.cyberciti.biz/faq/how-force-kill-process-linux/
author: Tuan Le (NCSGroup)
date: 2023/03/16
tags:
- attack.defense_evasion
- attack.t1562
logsource:
product: linux
category: process_creation
detection:
selection:
Image|endswith:
- '/kill'
- '/pkill'
- '/killall'
condition: selection
falsepositives:
- Likely
level: low
Reference in New Issue View Git Blame Copy Permalink