Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
High |
Description
A process was run with a suspicious command line, potentially exploiting the Spring4Shell vulnerability.
Attacker's Goals
Gain the ability to execute code remotely or drop malware.
Investigative actions
Check that the executed process command line is not compromised.