HackTool - Potential CobaltStrike Process Injection (6309645e-122d-4c5b-bb2b-22e4f9c2fa42)

Detects a potential remote threat creation with certain characteristics which are typical for Cobalt Strike beacons

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
HackTool - Potential CobaltStrike Process Injection (6309645e-122d-4c5b-bb2b-22e4f9c2fa42)	Sigma-Rules	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945)	Attack Pattern	2