Technique T1055
Process Injection
Detection & mitigation
Monitor for suspicious process injections (e.g., CreateRemoteThread, NtCreateThreadEx) from scripting hosts like wscript.exe or cscript.exe into other processes. Deploy endpoint detection rules for known LokiBot indicators and block execution of obfuscated JScript attachments.