// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE PUB-ENTDTG 0600Z
ColdReconTechniquesT1055
Technique T1055

Process Injection

CLEARED FOR PUBLIC RELEASE · OPEN-SOURCE INTELLIGENCE
Process Injection (T1055) — a Defense Evasion technique, observed in public incident reporting.
MITRE ATT&CKT1055
TacticDefense Evasion
Incidents on file25

Detection & mitigation

Monitor for suspicious process injections (e.g., CreateRemoteThread, NtCreateThreadEx) from scripting hosts like wscript.exe or cscript.exe into other processes. Deploy endpoint detection rules for known LokiBot indicators and block execution of obfuscated JScript attachments.

Observed in the wild

Track this in real time.

ColdRecon watches the public signal so you don't have to — a daily brief and a live detection-coverage desk. Request clearance.

Request Clearance →