Nasreddine Bencherchali
95793d73bd
chore: update workflows and add quality of life updates and automation to the repository --------- Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
26 lines
752 B
YAML
26 lines
752 B
YAML
title: Terminate Linux Process Via Kill
|
|
id: 64c41342-6b27-523b-5d3f-c265f3efcdb3
|
|
status: experimental
|
|
description: Detects usage of command line tools such as "kill", "pkill" or "killall" to terminate or signal a running process.
|
|
references:
|
|
- https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
|
|
- https://www.cyberciti.biz/faq/how-force-kill-process-linux/
|
|
author: Tuan Le (NCSGroup)
|
|
date: 2023/03/16
|
|
tags:
|
|
- attack.defense_evasion
|
|
- attack.t1562
|
|
logsource:
|
|
product: linux
|
|
category: process_creation
|
|
detection:
|
|
selection:
|
|
Image|endswith:
|
|
- '/kill'
|
|
- '/pkill'
|
|
- '/killall'
|
|
condition: selection
|
|
falsepositives:
|
|
- Likely
|
|
level: low
|