Python Spawning Pretty TTY Via PTY Module (c4042d54-110d-45dd-a0e1-05c47822c937)
Detects a python process calling to the PTY module in order to spawn a pretty tty which could be indicative of potential reverse shell activity.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Python Spawning Pretty TTY Via PTY Module (c4042d54-110d-45dd-a0e1-05c47822c937) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |