open-menu
closeme
HackTool - Dumpert Process Dumper Execution
calendar
Jan 22, 2025
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
ManageEngine Endpoint Central Dctask64.EXE Potential Abuse
calendar
Jan 22, 2025
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Jan 22, 2025
·
attack.defense-evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Console CodePage Lookup Via CHCP
calendar
Jan 6, 2025
·
attack.discovery
attack.t1614.001
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Uncommon Script Extension Execution
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Enumerate All Information With Whoami.EXE
calendar
Jan 6, 2025
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
File In Suspicious Location Encoded To Base64 Via Certutil.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Insensitive Subfolder Search Via Findstr.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Interesting Service Enumeration Via Sc.EXE
calendar
Jan 6, 2025
·
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Port Forwarding Activity Via SSH.EXE
calendar
Jan 6, 2025
·
attack.command-and-control
attack.lateral-movement
attack.t1572
attack.t1021.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Ping/Copy Command Combination
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Rebuild Performance Counter Values Via Lodctr.EXE
calendar
Jan 6, 2025
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Execution With Known Revoked Signing Certificate
calendar
Jan 6, 2025
·
attack.execution
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Remote Command Execution
calendar
Jan 6, 2025
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Server Web Shell Execution
calendar
Jan 6, 2025
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Simple Help Execution
calendar
Jan 6, 2025
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Findstr.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Response File Execution Via Odbcconf.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Wget.EXE - Paths
calendar
Jan 6, 2025
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Encoded To Base64 Via Certutil.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution
calendar
Jan 6, 2025
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Service Tampering
calendar
Dec 27, 2024
·
attack.defense-evasion
attack.t1489
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
QuickAssist Execution
calendar
Dec 19, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Webshell Detection With Command Line Keywords
calendar
Dec 14, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Rename Of Highly Relevant Binaries
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1036.003
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated Windows Installer
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Msiexec Quiet Installation
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Non-privileged Usage of Reg or Powershell
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Permission Check Via Accesschk.EXE
calendar
Dec 1, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Dec 1, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Service Permissions Weakness
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Session Hijacking Activity
calendar
Dec 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Created as System
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process By Web Server Process
calendar
Dec 1, 2024
·
attack.persistence
attack.t1505.003
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation via Masqueraded XML File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.persistence
attack.t1036.005
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Dec 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Disk Cleanup
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using DismHost
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using PkgMgr and DISM
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass WSReset
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Setup16.EXE Execution With Custom .Lst File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ShellExec_RunDLL Call Via Ordinal
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of ShellExec_RunDLL
calendar
Dec 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
CodePage Modification Via MODE.COM To Russian Language
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpMove Tool Execution
calendar
Dec 1, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SOAPHound Execution
calendar
Dec 1, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Dropper Script Execution Via WScript/CScript
calendar
Dec 1, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
PUA - PingCastle Execution
calendar
Dec 1, 2024
·
attack.reconnaissance
attack.t1595
·
Share on:
twitter
facebook
linkedin
copy
PUA - PingCastle Execution From Potentially Suspicious Parent
calendar
Dec 1, 2024
·
attack.reconnaissance
attack.t1595
·
Share on:
twitter
facebook
linkedin
copy
Remote CHM File Download/Execution Via HH.EXE
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Dec 1, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Dec 1, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
System Disk And Volume Reconnaissance Via Wmic.EXE
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1047
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CreateMiniDump Execution
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - GMER Rootkit Detector and Remover Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz LSASS Dumper Execution
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
cve.2023-21746
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Nov 25, 2024
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PPID Spoofing SelectMyParent Tool Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1134.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEOP Execution
calendar
Nov 25, 2024
·
cve.2022-41120
attack.t1068
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Windows Credential Editor (WCE) Execution
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1003.001
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Execution - Imphash
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
PUA - Fast Reverse Proxy (FRP) Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nimgrab Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PUA - NPS Tunneling Tool Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA- IOX Tunneling Tool Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution From Unusual Location
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AdFind Execution
calendar
Nov 25, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed NetSupport RAT Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 17, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Portable Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Quick Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Connections Cleanup
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Creation Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Extraction Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Potentially Suspicious Child Process
calendar
Nov 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Firewall Configuration Discovery Via Netsh.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Forfiles.EXE Child Process Masquerading
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Command Targeting Teams Sensitive Files
calendar
Nov 1, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed Cloudflared.EXE Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon System Information Discovery Via Wmic.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Curl.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Wget.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certipy Execution
calendar
Oct 8, 2024
·
attack.discovery
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious JWT Token Search Via CLI
calendar
Oct 6, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Oct 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Permission Misconfiguration Reconnaissance Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Portable Gpg.EXE Execution
calendar
Oct 1, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Potential Excel.EXE DCOM Lateral Movement Via ActivateMicrosoftApp
calendar
Oct 1, 2024
·
attack.t1021.003
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Execution With Potential Decryption Capabilities
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Security Tools Keyword Lookup Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Oct 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution Anomaly
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution From Privileged Process
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution With Output Option
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - MeshAgent Command Execution via MeshCentral
calendar
Sep 22, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DInjector PowerShell Cradle Execution
calendar
Sep 13, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Right-to-Left Override
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Dism Remove Online Package
calendar
Sep 3, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Feature Enabled Via DISM
calendar
Sep 3, 2024
·
attack.persistence
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP URL Via Curl.EXE
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Via CLI
calendar
Sep 2, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
OneNote.EXE Execution of Malicious Embedded Scripts
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 2
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 3
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream - CLI
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Service Installation
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Shell Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
File Explorer Folder Opened Using Explorer Folder Shortcut Via Shell
calendar
Aug 29, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpWSUS/WSUSpendu Execution
calendar
Aug 29, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key - CommandLine
calendar
Aug 29, 2024
·
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Via .NET Reflection
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering - ProcCreation
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Cab File Extraction Via Wusa.EXE From Potentially Suspicious Paths
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
COM Object Execution via Xwizard.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
New Capture Session Launched Via DXCap.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Injection Via AccCheckConsole
calendar
Aug 29, 2024
·
attack.execution
detection.threat-hunting
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious EventLog Recon Activity Using Log Query Utilities
calendar
Aug 29, 2024
·
attack.credential-access
attack.discovery
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump via RdrLeakDiag.EXE
calendar
Aug 29, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Program Executed Using Proxy/Local Command Via SSH.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Sigverif.EXE Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Executed By Parent Process Located In Suspicious Location
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Xwizard.EXE Execution From Non-Default Location
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Important Scheduled Task
calendar
Aug 26, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Data Export From MSSQL Table Via BCP.EXE
calendar
Aug 20, 2024
·
attack.execution
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32.EXE Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Aug 16, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LaZagne Execution
calendar
Aug 16, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
7Zip Compressing Dump Files
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abused Debug Privilege by Arbitrary Parent Processes
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Database Snapshot Via ADExplorer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Csvde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add SafeBoot Keys Via Reg Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Cmdlet
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
AddinUtil.EXE Execution From Uncommon Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
All Backups Deleted Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Allow Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated MSI Spawned Cmd And Powershell
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Application Removed Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Terminated Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Binary Execution Using GUP Utility
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via ConfigSecurityPolicy.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via GfxDownloadWrapper.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Shell Command Execution Via Settingcontent-Ms
calendar
Aug 12, 2024
·
attack.t1204
attack.t1566.001
attack.execution
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
AspNetCompiler Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Assembly Loading Via CL_LoadAssembly.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture via PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture via SoundRecorder
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via NT Resource Kit Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Command Prompt
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Aug 12, 2024
·
attack.t1027
attack.defense-evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 MZ Header In CommandLine
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
BitLockerTogo.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Browser Execution In Headless Mode
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Browser Started with Remote Debugging
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via CMSTP
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via Fodhelper.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via WSReset.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
C# IL Code Compilation Via Ilasm.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Capture Credentials with Rpcping.exe
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1552.004
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association To Executable Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Changing Existing Service ImagePath Value Via Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Headless Execution To Mockbin Like Site
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Cmd.EXE Missing Space Characters Execution Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Code Execution via Pcwutl.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Compress Data and Lock With Password for Exfiltration With 7-ZIP
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compress Data and Lock With Password for Exfiltration With WINZIP
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Computer Password Change Via Ksetup.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Computer System Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Conhost.exe CommandLine Path Traversal
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Copy .DMP/.DUMP Files From Remote Share Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Copy From Or To Admin Share Or Sysvol Folder
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.exfiltration
attack.t1039
attack.t1048
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Copy From VolumeShadowCopy Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Copying Sensitive Files with Credential Data
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
car.2013-07-001
attack.s0404
·
Share on:
twitter
facebook
linkedin
copy
CreateDump Process Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense-evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Curl Web Request With Potential Custom User-Agent
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Data Copied To Clipboard Via Clip.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Delete All Scheduled Tasks
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Delete Important Scheduled Task
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Deleted Data Overwritten Via Cipher.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Deny Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Detect Virtualbox Driver Installation OR Starting Of VMs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.006
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Detected Windows Software Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518
·
Share on:
twitter
facebook
linkedin
copy
Detection of PowerShell Execution via Sqlps.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
DeviceCredentialDeployment Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Devtoolslauncher.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Direct Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Directory Removal Via Rmdir
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
DirLister Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender AV Security Monitoring
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows IIS HTTP Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disabled IE Security Features
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled Volume Snapshots
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Discovery of a System Time
calendar
Aug 12, 2024
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution via Rasautou.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution Via Register-cimprovider.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading by VMware Xfer Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Dllhost.EXE Execution Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
DllUnregisterServer Function Call Via Msiexec.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
DNS Exfiltration and Tunneling Tools Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.001
attack.command-and-control
attack.t1071.004
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Domain Trust Discovery Via Dsquery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Driver/DLL Installation Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
DriverQuery.EXE Execution
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Dropping Of Password Filter DLL
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556.002
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Dumping of Sensitive Hives Via Reg.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.005
car.2013-07-001
·
Share on:
twitter
facebook
linkedin
copy
Dumping Process via Sqldumper.exe
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpStack.log Defender Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dynamic .NET Compilation Via Csc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Email Exifiltration Via Powershell
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enumeration for 3rd Party Creds From CLI
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
Enumeration for Credentials in Registry
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Gather Credentials
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Steals Browser Information
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Tamper In .NET Processes Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Trace Evasion Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562.006
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Snap-Ins Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat as Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Files with Msdeploy.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execute From Alternate Data Streams
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Execute MSDT Via Answer File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execute Pcwrun.EXE To Leverage Follina
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Non-Existing File
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Execution of Powershell Script in Public Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Execution via stordiag.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution via WorkFolders.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Explorer NOUACCHECK Flag
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Explorer Process Tree Break
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Exports Critical Registry Keys To a File
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Exports Registry Key To a File
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
File And SubFolder Enumeration Via Dir Command
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
File Decoded From Base64/Hex Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Decryption Using Gpg4win
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Deletion Via Del
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Download And Execution Via IEExec.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From Browser Process Via Inline URL
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using Notepad++ GUP Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using ProtocolHandler.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To A Suspicious Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To An Uncommon Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download via CertOC.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via InstallUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download with Headless Browser
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Encryption Using Gpg4win
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Encryption/Decryption Via Gpg4win From Suspicious Locations
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Recovery From Backup Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
File With Suspicious Extension Downloaded Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Files Added To An Archive Using Rar.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Filter Driver Unloaded Via Fltmc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Findstr GPP Passwords
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Finger.EXE Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Firewall Disabled via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Deleted Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Update Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Forfiles Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Drive Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1120
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Suspicious Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Gpresult Display Group Policy Information
calendar
Aug 12, 2024
·
attack.discovery
attack.t1615
·
Share on:
twitter
facebook
linkedin
copy
Gpscript Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on: