HackTool - CACTUSTORCH Remote Thread Creation (2e4e488a-6164-4811-9ea1-f960c7359c40)

Detects remote thread creation from CACTUSTORCH as described in references.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	HackTool - CACTUSTORCH Remote Thread Creation (2e4e488a-6164-4811-9ea1-f960c7359c40)	Sigma-Rules	1
HackTool - CACTUSTORCH Remote Thread Creation (2e4e488a-6164-4811-9ea1-f960c7359c40)	Sigma-Rules	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	1
HackTool - CACTUSTORCH Remote Thread Creation (2e4e488a-6164-4811-9ea1-f960c7359c40)	Sigma-Rules	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	1
HackTool - CACTUSTORCH Remote Thread Creation (2e4e488a-6164-4811-9ea1-f960c7359c40)	Sigma-Rules	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Mshta - T1218.005 (840a987a-99bd-4a80-a5c9-0cb2baa6cade)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Visual Basic - T1059.005 (dfd7cc1d-e1d8-4394-a198-97c4cab8aa67)	Attack Pattern	2
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4)	Attack Pattern	2