Skip to content

Hide Navigation Hide TOC

Bash (cef3a09e-22ca-43dc-ad4a-95741a3b85ff)

This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.

Description: File used by Windows subsystem for Linux

Author: Oddvar Moe

Paths: * C:\Windows\System32\bash.exe * C:\Windows\SysWOW64\bash.exe

Resources: * https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules

Detection: * BlockRule: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules * Sigma: proc_creation_win_lolbin_bash.yml * IOC: Child process from bash.exe[Bash.exe - LOLBAS Project]

Cluster A Galaxy A Cluster B Galaxy B Level
UNC3886 (23af694a-11f4-43eb-a176-683059b301cb) Tidal Groups Bash (cef3a09e-22ca-43dc-ad4a-95741a3b85ff) Tidal Software 1
UNC5325 (be7243cb-6031-4e2a-97d9-3522c002becd) Tidal Groups Bash (cef3a09e-22ca-43dc-ad4a-95741a3b85ff) Tidal Software 1