Suspicious Sigverif Execution (7d4aaec2-08ed-4430-8b96-28420e030e04)
Detects the execution of sigverif binary as a parent process which could indicate it being used as a LOLBIN to proxy execution
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) | Attack Pattern | Suspicious Sigverif Execution (7d4aaec2-08ed-4430-8b96-28420e030e04) | Sigma-Rules | 1 |