Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Kubernetes - AGENT, Containers |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A command that can be used for file obfuscation was executed with an uncommon command line.
Attacker's Goals
Attackers may use obfuscated files to cover their tracks.
Investigative actions
Check whether the executing process is benign, and if this was a desired behavior as part of its normal execution flow.