Analytics Alerts
Browse the Cortex analytics alert reference.
1 alert match the current filters. tactic: TA0005 ✕ technique: T1053 ✕
Show ATT&CK heatmapAn unsigned process created scheduled task and performed an injection Medium 1 variation
An unsigned process created scheduled task and performed an injection.
- Activation:
- 14 Days
- Training:
- 30 Days
- Test:
- 4 Hours
- Deduplication:
- 1 Day
ATT&CK tactics: Persistence (TA0003) Defense Evasion (TA0005)ATT&CK techniques: Scheduled Task/Job: Scheduled Task (T1053.005) Process Injection (T1055)Required data: XDR AgentDetector tags: Scheduled tasks AnalyticsAttacker's goals: To ensure they have persistence on the system, the threat actor may use scheduled tasks to set persistence, Then, to avoid detection and carry out stealth execution, they may inject a malicious payload into a remote process.Investigative actions: Investigate the injection payload and the injection process. Check if the scheduled task trigger payload is malicious.Variations
Possible an unsigned installer created scheduled task and performed an injection
Low overridden
Possible an unsigned installer created scheduled task and performed an injection. overridden