Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Hour |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
This process has probably been compromised by Meterpreter, and is now used by it to run malicious commands.
Attacker's Goals
Run Metasploits's malicious post exploitation tool named Meterpreter to further compromise the host.
Investigative actions
- Verify if the destination IP is running a Metasploit server.
- Look for malicious action being done by the suspicious process.