Linux Shell Pipe to Shell (880973f3-9708-491c-a77b-2a35a1921158)
Detects suspicious process command line that starts with a shell that executes something and finally gets piped into another shell
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) | Attack Pattern | Linux Shell Pipe to Shell (880973f3-9708-491c-a77b-2a35a1921158) | Sigma-Rules | 1 |