open-menu
closeme
Network Connections Where There Should Not Be (Notepad)
calendar
Sep 1, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Shrpubw Execution from Unexpected File Path
calendar
Sep 1, 2023
·
attack.persistence
attack.t1574
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Nov 29, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Child and Parent Process Relationships
calendar
Nov 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Process Access and Injection
calendar
Nov 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abusing PowerShell to Disable Defender Components
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1562
attack.t1562.001
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Abusing PowerShell to Modify Defender Components
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1562
attack.t1562.001
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with RunDLL32 and DllRegisterServer Function
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.s0650
attack.s0386
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding in CMD or Powershell
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries
calendar
Nov 9, 2022
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
CertUtil Downloading Malicious Binaries
calendar
Nov 9, 2022
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Unusual or Suspicious Process Ancestry
calendar
Nov 9, 2022
·
attack.persistence
attack.t1505
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Injecting into Other Process
calendar
Nov 9, 2022
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscation and Escape Characters
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Process Executing with Unusual Command Lines
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Process Executing with Unusual Command Lines
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Process Execution sans Command Lines
calendar
Nov 9, 2022
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Export Functionalities
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 without Command Line
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Svchost Not Matching Normal Execution Parameters
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Behaving Improperly or Suspiciously
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Making Suspicious Network Connection
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
WMIC Shadow Copy Deletion
calendar
Nov 9, 2022
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
to-top