Reconnaissance MalOps - Research

There are multiple MalOps related to Reconnaissance. The ‘Process is performing suspicious scanning activities’ MalOp is triggered when a process performs scanning activities when it has injected code. The ‘Suspicious scanning activity by an elevated process’ MalOp is triggered when a process performs network scans while running with high privileges or escalating a child process to run with high privileges.

Reconnaissance includes behaviors that search for or try to discover different information about an environment.

These MalOps are part of the Research group.

Supported OS for these MalOps: Windows

Malop Example

Next steps

  • Investigate the processes.

  • Investigate connections opened by these processes.

  • Isolate the machines in question.