Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_mshta_susp_child_processes/
Suspicious MSHTA Child Process | Detection.FYI
Detects a suspicious process spawning from an
child process detectionsuspiciousmshtafyi
https://attack.mitre.org/techniques/T1218/005/
System Binary Proxy Execution: Mshta, Sub-technique T1218.005 - Enterprise | MITRE ATT&CKĀ®
system binary proxysub technique t1218005 enterprise mitreexecutionmshta
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_hktl_invoke_obfuscation_via_use_mhsta/
Invoke-Obfuscation Via Use MSHTA | Detection.FYI
Detects Obfuscated Powershell via use MSHTA in Scripts
invoke obfuscation viadetection fyiusemshta