Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Attackers may abuse the conhost process to execute malicious files and evade detection.
Attacker's Goals
Investigate the processes being spawned on the host for malicious activities.
Investigative actions
An adversary may use the conhost process to evade detection.