open-menu
closeme
Local System Accounts Discovery - Linux
calendar
Oct 8, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Process Code Injection Via DD Utility
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1055.009
·
Share on:
twitter
facebook
linkedin
copy
Linux HackTool Execution
calendar
Sep 22, 2024
·
attack.execution
attack.resource-development
attack.t1587
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning Tools Execution
calendar
Sep 22, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Capsh Shell Invocation - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Inline Python Execution - Spawn Shell Via OS System Library
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution GCC - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Find - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Flock - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Git - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Nice - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Rsync - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Apt - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Env Command - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation Via Ssh - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invocation of Shell via AWK - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vim GTFOBin Abuse - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - ProcessCreation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-33891
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2022-26134
·
Share on:
twitter
facebook
linkedin
copy
Bash Interactive Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
BPFtrace Unsafe Option Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Capabilities Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Cat Sudoers
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1592.004
·
Share on:
twitter
facebook
linkedin
copy
Chmod Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Clear Linux Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection with Xclip Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Commands to Clear or Remove the Syslog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Connection Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Container Residence Discovery Via Proc Virtual FS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Copy Passwd Or Shadow From TMP Path
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Crontab Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Curl Usage on Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
DD File Overwrite
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Disable Or Stop Services
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Docker Container Discovery Via Dockerenv Listing
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Download File To Potentially Suspicious Directory Via Wget
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
ESXi Account Creation Via ESXCLI
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
ESXi Admin Permission Assigned To Account Via ESXCLI
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi Network Configuration Discovery Via ESXCLI
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Storage Information Discovery Via ESXCLI
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Syslog Configuration Change Via ESXCLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1562.003
·
Share on:
twitter
facebook
linkedin
copy
ESXi System Information Discovery Via ESXCLI
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM Kill Via ESXCLI
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM List Discovery Via ESXCLI
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VSAN Information Discovery Via ESXCLI
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Script Located In Potentially Suspicious Directory
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Flush Iptables Ufw Chain
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Group Has Been Deleted Via Groupdel
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
History File Deletion
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Install Root Certificate
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Interactive Bash Suspicious Children
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.004
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Pipe to Shell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Shebang In CLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Indicators
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Linux Doas Tool Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Linux Package Uninstall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Linux Recon Indicators
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1592.004
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Linux Remote System Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Linux Shell Pipe to Shell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Webshell Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Mount Execution With Hidepid Parameter
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Named Pipe Created Via Mkfifo
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Nohup Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OS Architecture Discovery Via Grep
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Pnscan Binary Data Transmission Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Potential Container Discovery Via Inodes Listing
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential GobRAT File Discovery Via Grep
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Perl Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential PHP Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Python Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Ruby Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Change To Sensitive/Critical Files
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Xterm Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Tmp Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Named Pipe Created Via Mkfifo
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Print History File Contents
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1592.004
·
Share on:
twitter
facebook
linkedin
copy
Process Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Team Viewer Session Started On Linux Host
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Remove Immutable File Attribute
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Remove Scheduled Cron Task/Job
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - Linux
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task/Job At
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Setuid and Setgid
calendar
Aug 12, 2024
·
attack.persistence
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution Of Process Located In Tmp Directory
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.t1548.003
cve.2019-14287
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl Change User Agents - Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl File Upload - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Git Clone - Linux
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1593.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Nohup Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Package Installed - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Terminate Linux Process Via Kill
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Touch Suspicious Service File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Execve Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Install Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1014
·
Share on:
twitter
facebook
linkedin
copy
Ufw Force Stop Using Ufw-Init
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
User Added To Root/Sudoers Group Using Usermod
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
User Has Been Deleted Via Userdel
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
to-top