open-menu
closeme
File In Suspicious Location Encoded To Base64 Via Certutil.EXE
calendar
Jun 7, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Encoded To Base64 Via Certutil.EXE
calendar
Jun 7, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Jun 7, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Jun 5, 2023
·
attack.privilege_escalation
attack.persistence
attack.defense_evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Security Service Disabled Via Reg.EXE
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Defender Registry Key Tampering Via Reg.EXE
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - PSClassic
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender Functionalities Via Registry Keys
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - ScriptBlockLogging
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender Remove-MpPreference - ScriptBlockLogging
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious PowerShell Child Processes
calendar
Jun 5, 2023
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Jun 5, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Crontab Enumeration
calendar
Jun 2, 2023
·
attack.discovery
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Download File To Potentially Suspicious Directory Via Wget
calendar
Jun 2, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Script Located In Potentially Suspicious Directory
calendar
Jun 2, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
OS Architecture Discovery Via Grep
calendar
Jun 2, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential GobRAT File Discovery Via Grep
calendar
Jun 2, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Tmp Folder
calendar
Jun 2, 2023
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Shell Script Creation in Profile Folder
calendar
Jun 2, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution Of Process Located In Tmp Directory
calendar
Jun 2, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Nohup Execution
calendar
Jun 2, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wget Creating Files in Tmp Directory
calendar
Jun 2, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential SmadHook.DLL Sideloading
calendar
Jun 2, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Load By Uncommon Process
calendar
Jun 1, 2023
·
attack.defense_evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
PSScriptPolicyTest Creation By Uncommon Process
calendar
Jun 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Loaded Via LOLBIN Process
calendar
Jun 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Image Load
calendar
Jun 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Azure Browser SSO Abuse
calendar
Jun 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DCOM InternetExplorer.Application DLL Hijack - Image Load
calendar
Jun 1, 2023
·
attack.lateral_movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Jun 1, 2023
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded Via Office Application
calendar
Jun 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Jun 1, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
May 31, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Eventlog Clear or Configuration Change
calendar
May 31, 2023
·
attack.defense_evasion
attack.t1070.001
attack.t1562.002
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To A Suspicious Target Folder
calendar
May 31, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File With Suspicious Extension Downloaded Via Bitsadmin
calendar
May 31, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Monitoring For Persistence Via BITS
calendar
May 31, 2023
·
attack.defense_evasion
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Response File Execution Via Odbcconf.EXE
calendar
May 31, 2023
·
attack.defense_evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious GoogleUpdate Child Process
calendar
May 30, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Change To Sensitive/Critical Files
calendar
May 30, 2023
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Failed DNS Zone Transfer
calendar
May 30, 2023
·
attack.reconnaissance
attack.t1590.002
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Exception Rule Added For A Suspicious Folder
calendar
May 30, 2023
·
Share on:
twitter
facebook
linkedin
copy
Potential Register_App.Vbs LOLScript Abuse
calendar
May 30, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 DLL Execution With Uncommon Extension
calendar
May 30, 2023
·
attack.defense_evasion
attack.t1574
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 Execution From Potential Suspicious Location
calendar
May 30, 2023
·
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Scripting/CommandLine Process Spawned Regsvr32
calendar
May 30, 2023
·
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 Execution From Highly Suspicious Location
calendar
May 26, 2023
·
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of Regsvr32
calendar
May 26, 2023
·
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Odbcconf.EXE Suspicious DLL Location
calendar
May 26, 2023
·
attack.defense_evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Potential Regsvr32 Commandline Flag Anomaly
calendar
May 26, 2023
·
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
««
«
1
2
3
4
5
»
»»
to-top