Suspicious Invocation of Shell via AWK - Linux (8c1a5675-cb85-452f-a298-b01b22a51856)
Detects the execution of "awk" or it's sibling commands, to invoke a shell using the system() function. This behavior is commonly associated with attempts to execute arbitrary commands or escalate privileges, potentially leading to unauthorized access or further exploitation.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Invocation of Shell via AWK - Linux (8c1a5675-cb85-452f-a298-b01b22a51856) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |