Merge PR #5119 from @CheraghiMilad - Update Terminate Linux Process Via Kill

update: Terminate Linux Process Via Kill - Add "xkill"

---------

Co-authored-by: Nasreddine Bencherchali <[email protected]>

Author: CheraghiMilad

rules/linux/process_creation/proc_creation_lnx_kill_process.yml renamed to rules-threat-hunting/linux/process_creation/proc_creation_lnx_susp_process_termination_via_kill.yml

@@ -5,21 +5,25 @@ description: Detects usage of command line tools such as "kill", "pkill" or "kil
 references:
     - https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
     - https://www.cyberciti.biz/faq/how-force-kill-process-linux/
+    - https://www.geeksforgeeks.org/how-to-kill-processes-on-the-linux-desktop-with-xkill/
 author: Tuan Le (NCSGroup)
 date: 2023-03-16
+modified: 2024-12-12
 tags:
     - attack.defense-evasion
     - attack.t1562
+    - detection.threat-hunting
 logsource:
     product: linux
     category: process_creation
 detection:
     selection:
         Image|endswith:
             - '/kill'
-            - '/pkill'
             - '/killall'
+            - '/pkill'
+            - '/xkill'
     condition: selection
 falsepositives:
-    - Likely
-level: low
+    - Unknown
+level: medium