detection.wiki

Detection rules › Elastic

GenAI Process Compiling or Generating Executables

Status
production
Severity
medium
Time window
9m
Author
Elastic
Source
github.com/elastic/detection-rules

Detects when GenAI tools spawn compilers or packaging tools to generate executables. Attackers leverage local LLMs to autonomously generate and compile malware, droppers, or implants. Python packaging tools (pyinstaller, nuitka, pyarmor) are particularly high-risk as they create standalone executables that can be deployed without dependencies. This rule focuses on compilation activity that produces output binaries, filtering out inspection-only operations.

MITRE ATT&CK coverage

TacticTechniques
Resource DevelopmentT1587.001 Develop Capabilities: Malware
StealthT1027.004 Obfuscated Files or Information: Compile After Delivery

MITRE ATLAS coverage

Adversarial-ML threat framework (not MITRE ATT&CK).

TacticTechniques
ExecutionAML.T0053 AI Agent Tool Invocation
Privilege EscalationAML.T0053 AI Agent Tool Invocation

Rule body elastic

[metadata]
creation_date = "2025/12/04"
integration = ["endpoint", "windows", "sentinel_one_cloud_funnel", "m365_defender", "auditd_manager"]
maturity = "production"
updated_date = "2026/04/07"

[rule]
author = ["Elastic"]
description = """
Detects when GenAI tools spawn compilers or packaging tools to generate executables. Attackers leverage local LLMs to
autonomously generate and compile malware, droppers, or implants. Python packaging tools (pyinstaller, nuitka, pyarmor)
are particularly high-risk as they create standalone executables that can be deployed without dependencies. This rule
focuses on compilation activity that produces output binaries, filtering out inspection-only operations.
"""
from = "now-9m"
index = [
    "logs-endpoint.events.process-*",
    "logs-windows.sysmon_operational-*",
    "logs-m365_defender.event-*",
    "logs-sentinel_one_cloud_funnel.*",
    "logs-auditd_manager.auditd-*",
]
language = "eql"
license = "Elastic License v2"
name = "GenAI Process Compiling or Generating Executables"
note = """## Triage and analysis

### Investigating GenAI Process Compiling or Generating Executables

This rule detects GenAI tools spawning compilers or packaging tools. While developers may use GenAI to write code that they then compile, autonomous compilation by GenAI processes is unusual.

### Possible investigation steps

- Review the GenAI process that spawned the compiler to identify which tool is running and verify if it's an expected/authorized tool.
- Investigate the user account associated with the GenAI process to determine if this activity is expected for that user.
- Review the output files created by the compilation process to identify any malicious executables.
- Check for other alerts or suspicious activity on the same host around the same time.
- Verify if the GenAI tool is from a trusted source and if it's authorized for use in your environment.
- Identify whether the generated executables appear in temporary directories often used for malware staging (`%TEMP%`, `/tmp`, `.cache`).
- Inspect the compiled artifacts for networking imports, credential harvesting functionality, or persistence mechanisms.

### False positive analysis

- Legitimate development workflows that use GenAI tools for code generation may trigger this rule if they compile the generated code.
- Some GenAI-assisted coding IDEs (Cursor, Copilot Workspace) may run compilation tasks when testing code; confirm whether the behavior is tied to developer workflow.

### Response and remediation

- Terminate the GenAI process and any spawned compiler processes to stop the malicious activity.
- Investigate the compiled executables to determine if they are malicious.
- Review audit logs to determine the scope of compilation activity and identify any executables that may have been created.
- Quarantine any compiled binaries; submit suspicious artifacts to sandbox or malware analysis.
"""
references = [
    "https://atlas.mitre.org/techniques/AML.T0053",
    "https://www.elastic.co/security-labs/elastic-advances-llm-security",
]
risk_score = 47
rule_id = "b2c3d4e5-f6a7-8901-bcde-f123456789ab"
severity = "medium"
tags = [
    "Domain: Endpoint",
    "OS: Linux",
    "OS: macOS",
    "OS: Windows",
    "Use Case: Threat Detection",
    "Tactic: Execution",
    "Tactic: Defense Evasion",
    "Data Source: Elastic Defend",
    "Data Source: Sysmon",
    "Data Source: Auditd Manager",
    "Data Source: Microsoft Defender XDR",
    "Data Source: SentinelOne",
    "Resources: Investigation Guide",
    "Domain: LLM",
    "Mitre Atlas: T0053",
]
timestamp_override = "event.ingested"
type = "eql"

query = '''
process where event.type == "start" and

  // GenAI parent process
  (
    process.parent.name in (
      "ollama.exe", "ollama", "Ollama",
      "textgen.exe", "textgen", "text-generation-webui.exe", "oobabooga.exe",
      "lmstudio.exe", "lmstudio", "LM Studio",
      "claude.exe", "claude", "Claude",
      "cursor.exe", "cursor", "Cursor", "Cursor Helper", "Cursor Helper (Plugin)",
      "copilot.exe", "copilot", "Copilot",
      "codex.exe", "codex",
      "Jan", "jan.exe", "jan", "Jan Helper",
      "gpt4all.exe", "gpt4all", "GPT4All",
      "gemini-cli.exe", "gemini-cli",
      "genaiscript.exe", "genaiscript",
      "grok.exe", "grok",
      "qwen.exe", "qwen",
      "koboldcpp.exe", "koboldcpp", "KoboldCpp",
      "llama-server", "llama-cli"
    ) or
    
    // Node/Deno with GenAI frameworks
    (process.parent.name in ("node.exe", "node", "deno.exe", "deno") and
     process.parent.command_line like~ ("*mcp-server*", "*@modelcontextprotocol*", "*langchain*", "*autogpt*", "*babyagi*", "*agentgpt*", "*crewai*", "*semantic-kernel*", "*llama-index*", "*haystack*")) or
    
    // Python with GenAI frameworks
    (process.parent.name like~ "python*" and
     process.parent.command_line like~ ("*langchain*", "*autogpt*", "*babyagi*", "*agentgpt*", "*crewai*", "*semantic-kernel*", "*llama-index*", "*haystack*"))
  ) and

  // Compilation tools
  (
    // Python packaging
    process.name in ("pyinstaller", "py2exe", "cx_Freeze", "nuitka", "pyarmor", "pkg") or
    
    // C/C++ compilation with output
    (process.name in ("gcc", "g++", "clang", "clang++", "cl.exe") and
     process.command_line like~ "*-o *" and
     process.command_line like~ ("*.c *", "*.c", "*.cpp *", "*.cpp", "*.cc *", "*.cc", "*.m *", "*.m") and
     not process.command_line like~ "*git*") or
    
    // Go compilation
    (process.name == "go" and process.args == "build") or
    
    // Rust compilation
    (process.name == "cargo" and process.args == "build") or
    (process.name == "rustc" and process.command_line like~ "*-o *") or
    
    // .NET compilation
    process.name in ("csc.exe", "vbc.exe", "msbuild.exe") or
    (process.name == "dotnet" and process.args == "build") or
    
    // Java compilation
    process.name == "javac"
  )
'''


[[rule.threat]]
framework = "MITRE ATT&CK"

[[rule.threat.technique]]
id = "T1027"
name = "Obfuscated Files or Information"
reference = "https://attack.mitre.org/techniques/T1027/"

[[rule.threat.technique.subtechnique]]
id = "T1027.004"
name = "Compile After Delivery"
reference = "https://attack.mitre.org/techniques/T1027/004/"

[rule.threat.tactic]
id = "TA0005"
name = "Defense Evasion"
reference = "https://attack.mitre.org/tactics/TA0005/"

[[rule.threat]]
framework = "MITRE ATT&CK"

[[rule.threat.technique]]
id = "T1587"
name = "Develop Capabilities"
reference = "https://attack.mitre.org/techniques/T1587/"

[[rule.threat.technique.subtechnique]]
id = "T1587.001"
name = "Malware"
reference = "https://attack.mitre.org/techniques/T1587/001/"

[rule.threat.tactic]
id = "TA0042"
name = "Resource Development"
reference = "https://attack.mitre.org/tactics/TA0042/"

Stages and Predicates

Stage 1: process

process where event.type == "start" and
  (
    process.parent.name in (
      "ollama.exe", "ollama", "Ollama",
      "textgen.exe", "textgen", "text-generation-webui.exe", "oobabooga.exe",
      "lmstudio.exe", "lmstudio", "LM Studio",
      "claude.exe", "claude", "Claude",
      "cursor.exe", "cursor", "Cursor", "Cursor Helper", "Cursor Helper (Plugin)",
      "copilot.exe", "copilot", "Copilot",
      "codex.exe", "codex",
      "Jan", "jan.exe", "jan", "Jan Helper",
      "gpt4all.exe", "gpt4all", "GPT4All",
      "gemini-cli.exe", "gemini-cli",
      "genaiscript.exe", "genaiscript",
      "grok.exe", "grok",
      "qwen.exe", "qwen",
      "koboldcpp.exe", "koboldcpp", "KoboldCpp",
      "llama-server", "llama-cli"
    ) or
    (process.parent.name in ("node.exe", "node", "deno.exe", "deno") and
     process.parent.command_line like~ ("*mcp-server*", "*@modelcontextprotocol*", "*langchain*", "*autogpt*", "*babyagi*", "*agentgpt*", "*crewai*", "*semantic-kernel*", "*llama-index*", "*haystack*")) or
    (process.parent.name like~ "python*" and
     process.parent.command_line like~ ("*langchain*", "*autogpt*", "*babyagi*", "*agentgpt*", "*crewai*", "*semantic-kernel*", "*llama-index*", "*haystack*"))
  ) and
  (
    process.name in ("pyinstaller", "py2exe", "cx_Freeze", "nuitka", "pyarmor", "pkg") or
    (process.name in ("gcc", "g++", "clang", "clang++", "cl.exe") and
     process.command_line like~ "*-o *" and
     process.command_line like~ ("*.c *", "*.c", "*.cpp *", "*.cpp", "*.cc *", "*.cc", "*.m *", "*.m") and
     not process.command_line like~ "*git*") or
    (process.name == "go" and process.args == "build") or
    (process.name == "cargo" and process.args == "build") or
    (process.name == "rustc" and process.command_line like~ "*-o *") or
    process.name in ("csc.exe", "vbc.exe", "msbuild.exe") or
    (process.name == "dotnet" and process.args == "build") or
    process.name == "javac"
  )

Indicators

Each row is a field, operator, and value that the rule matches. The corpus column counts how many other rules in the catalog look for the same combination: high numbers point to widely-used, community-vetted indicators. Blank or 1 shows that the indicator is specific to this rule.

FieldKindValues
event.typeeq
  • start corpus 606 (elastic 606)
process.argseq
  • build
process.command_linewildcard
  • *-o * corpus 2 (sigma 1, elastic 1)
  • *.c
  • *.c *
  • *.cc
  • *.cc *
  • *.cpp
  • *.cpp *
  • *.m
  • *.m *
process.nameeq
  • cargo
  • dotnet
  • go
  • javac
  • rustc
process.namein
  • cl.exe
  • clang
  • clang++
  • csc.exe corpus 4 (elastic 3, splunk 1)
  • cx_Freeze
  • g++
  • gcc
  • msbuild.exe corpus 16 (elastic 13, splunk 3)
  • nuitka
  • pkg
  • py2exe
  • pyarmor
  • pyinstaller
  • vbc.exe corpus 3 (elastic 2, splunk 1)
process.parent.command_linewildcard
  • *@modelcontextprotocol* corpus 2 (elastic 2)
  • *agentgpt* corpus 2 (elastic 2)
  • *autogpt* corpus 2 (elastic 2)
  • *babyagi* corpus 2 (elastic 2)
  • *crewai* corpus 2 (elastic 2)
  • *haystack* corpus 2 (elastic 2)
  • *langchain* corpus 2 (elastic 2)
  • *llama-index* corpus 2 (elastic 2)
  • *mcp-server* corpus 2 (elastic 2)
  • *semantic-kernel* corpus 2 (elastic 2)
process.parent.namein
  • Cursor Helper
  • Cursor Helper (Plugin)
  • Jan
  • Jan Helper
  • LM Studio
  • claude
  • claude.exe
  • codex
  • codex.exe
  • copilot
  • copilot.exe
  • cursor
  • cursor.exe
  • deno
  • deno.exe
  • gemini-cli
  • gemini-cli.exe
  • genaiscript
  • genaiscript.exe
  • gpt4all
  • gpt4all.exe
  • grok
  • grok.exe
  • jan.exe
  • koboldcpp
  • koboldcpp.exe
  • llama-cli
  • llama-server
  • lmstudio
  • lmstudio.exe
  • node corpus 5 (elastic 4, splunk 1)
  • node.exe corpus 3 (elastic 2, splunk 1)
  • ollama
  • ollama.exe
  • oobabooga.exe
  • qwen
  • qwen.exe
  • text-generation-webui.exe
  • textgen
  • textgen.exe
process.parent.namewildcard
  • python* corpus 12 (elastic 12)