1 result found
An error occurred while saving the commentBill Sutphin commented
Agree as to need for complete detail. Consider the following detection category:
Identifies suspicious processes indirectly spawned by Microsoft Office applications. These descendant processes are often launched during exploitation. This alert may have more noise than the direct descendent rule (Suspicious MS Office Child Process). MITRE ATT&CK™ T1064 - Scripting, T1173 - Dynamic Data Exchange, T1192 - Spearphishing Link, T1193 - Spearphishing Attachment.