Remote Thread Created In Shell Application (a9d4d3fa-8fc0-41bc-80b1-30b9fda79d6f)
Detects remote thread creation in command shell applications, such as "Cmd.EXE" and "PowerShell.EXE". It is a common technique used by malware, such as IcedID, to inject malicious code and execute it within legitimate processes.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) | Attack Pattern | Remote Thread Created In Shell Application (a9d4d3fa-8fc0-41bc-80b1-30b9fda79d6f) | Sigma-Rules | 1 |