XQL - Hunting Renamed LOLBINs Process Execution
Reason for Query:
LOLBINs are used quite extensively in attacks, in some cases LOLBINs are renamed and then used to bypass behavior based detection rules. Hence, the query is built to hunt for renamed process execution eg; cmd.exe renamed to xyz.exe a
...