Single Letter Process On Endpoint

Description

This search looks for process names that consist only of a single letter.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Malware

Alert Volume

This search looks for process names that consist only of a single letter.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

User Execution

Malicious File

MITRE Threat Groups

APT-C-36
APT12
APT19
APT28
APT29
APT30
APT32
APT33
APT37
APT39
BRONZE BUTLER
BlackTech
Cobalt Group
Dark Caracal
DarkHydrus
Darkhotel
Dragonfly 2.0
Elderwood
FIN4
FIN6
FIN7
FIN8
Frankenstein
Gallmaker
Gamaredon Group
Gorgon Group
Inception
Lazarus Group
Leviathan
Machete
Magic Hound
Mofang
Molerats
MuddyWater
Naikon
OilRig
PLATINUM
PROMETHIUM
Patchwork
RTM
Rancor
Sandworm Team
Sharpshooter
Silence
TA459
TA505
The White Company
Tropic Trooper
Whitefly
Windshift
Wizard Spider
admin@338
menuPass

Kill Chain Phases

Actions On Objectives

Data Sources

Endpoint Detection and Response

   Help

Single Letter Process On Endpoint Help

You must be ingesting data that records process activity from your hosts to populate the Endpoint data model in the Processes node. You must also be ingesting logs with both the process name and command line from your endpoints. The command-line arguments are mapped to the "process" field in the Endpoint data model.

   Search

Open in Search