Table 4 Suspicious execution
From: A flexible approach for cyber threat hunting based on kernel audit records
cmdLine | exe |
|---|---|
bash | cmdLine:chmod +x tcexec,uuid:7890EEEB-B6FA-AFBD-D5BA-A2422F30BF99,cid:26541 |
bash | cmdLine:python3 command-not-found – tcexec,uuid:63901CB6-67CD-9C7D-2476-D0F75FEB22C5,cid:26543 |
./pine | ./cmdLine:tcexec,uuid:0BF26B23-2DE5-B70A-45F7-64BE377293F3,cid:27201 |