Suspicious Java Children Processes

 1title: Suspicious Java Children Processes
 2id: d292e0af-9a18-420c-9525-ec0ac3936892
 3status: test
 4description: Detects java process spawning suspicious children
 5references:
 6    - https://www.tecmint.com/different-types-of-linux-shells/
 7author: Nasreddine Bencherchali (Nextron Systems)
 8date: 2022-06-03
 9tags:
10    - attack.execution
11    - attack.t1059
12logsource:
13    category: process_creation
14    product: linux
15detection:
16    selection:
17        ParentImage|endswith: '/java'
18        CommandLine|contains:
19            - '/bin/sh'
20            - 'bash'
21            - 'dash'
22            - 'ksh'
23            - 'zsh'
24            - 'csh'
25            - 'fish'
26            - 'curl'
27            - 'wget'
28            - 'python'
29    condition: selection
30falsepositives:
31    - Unknown
32level: high

References

• 5 Most Frequently Used Open Source Shells for Linux

  

  In this article, we shall take a look at some of the most frequently used open-source shells and their features on Unix/GNU Linux systems.

  
  Read More

Related rules

• Abusable DLL Potential Sideloading From Suspicious Location
• Add Insecure Download Source To Winget
• Add New Download Source To Winget
• Atlassian Confluence CVE-2022-26134
• Azure New CloudShell Created