open-menu
closeme
File Creation Related To RAT Clients
calendar
Dec 19, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-50623 Exploitation Attempt - Cleo
calendar
Dec 14, 2024
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Session Hijacking Activity
calendar
Dec 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1203
cve.2023-38331
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Peach Sandstorm APT Process Activity Indicators
calendar
Dec 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pikabot Fake DLL Extension Execution Via Rundll32.EXE
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Dropper Script Execution Via WScript/CScript
calendar
Dec 1, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Dec 1, 2024
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Dec 1, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
System Disk And Volume Reconnaissance Via Wmic.EXE
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1047
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Nov 25, 2024
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Admin Permission Assigned To Account Via ESXCLI
calendar
Nov 20, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM Kill Via ESXCLI
calendar
Nov 20, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential File Extension Spoofing Using Right-to-Left Override
calendar
Nov 18, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Python Reverse Shell Execution Via PTY And Socket Modules
calendar
Nov 4, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY Via PTY Module
calendar
Nov 4, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Exploitation Framework Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1203
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Hacktool Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Command Executed Via Run Dialog Box - Registry
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Potentially Suspicious Child Process
calendar
Nov 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Direct Syscall of NtOpenProcess
calendar
Nov 1, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Curl.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Wget.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet Signing Level Requirements By File Under Validation
calendar
Oct 8, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed Powershell Under Powershell Channel
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non PowerShell WSMAN COM Provider
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts Pipe
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Webserver
calendar
Oct 1, 2024
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Execution With Potential Decryption Capabilities
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Oct 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Linux HackTool Execution
calendar
Sep 22, 2024
·
attack.execution
attack.resource-development
attack.t1587
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Sep 13, 2024
·
attack.execution
attack.privilege-escalation
attack.resource-development
attack.t1587
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Possible CVE-2021-1675 Print Spooler Exploitation
calendar
Sep 13, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Cicada Ransomware PSExec File Creation
calendar
Sep 9, 2024
·
attack.lateral-movement
attack.execution
attack.t1570
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Cicada3301 Ransomware Execution via PSExec
calendar
Sep 9, 2024
·
attack.execution
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Capsh Shell Invocation - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Inline Python Execution - Spawn Shell Via OS System Library
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Git - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Rsync - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Env Command - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation Via Ssh - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invocation of Shell via AWK - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Process Activity Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2020-1472 - Execution of ZeroLogon PoC
calendar
Sep 2, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
cve.2020-1472
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP URL Via Curl.EXE
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Onyx Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-22954 Exploitation Attempt - VMware Workspace ONE Access Remote Code Execution
calendar
Sep 2, 2024
·
attack.execution
attack.initial-access
attack.t1059.006
attack.t1190
cve.2022-22954
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
calendar
Sep 2, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - Dynamic Compilation Via Csc.EXE
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Execution Policy Enabled
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Initial Execution From External Drive
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Subsequent Execution of Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Command Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect File Transfer
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Temporary File
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Serpent Backdoor Payload Execution Via Scheduled Task
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Emotet Loader Execution Via .LNK File
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Activity
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpWSUS/WSUSpendu Execution
calendar
Aug 29, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-29072 Exploitation Attempt
calendar
Aug 29, 2024
·
attack.execution
cve.2022-29072
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Cab File Extraction Via Wusa.EXE From Potentially Suspicious Paths
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Injection Via AccCheckConsole
calendar
Aug 29, 2024
·
attack.execution
detection.threat-hunting
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Executed By Parent Process Located In Suspicious Location
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Data Export From MSSQL Table Via BCP.EXE
calendar
Aug 20, 2024
·
attack.execution
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32.EXE Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Kerberos DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Parsing DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Cmdlet
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Script
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT File Artifact
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
AMSI Bypass Pattern Assembly GetType
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Application Removed Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Terminated Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Binary Execution Using GUP Utility
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Shell Command Execution Via Settingcontent-Ms
calendar
Aug 12, 2024
·
attack.t1204
attack.t1566.001
attack.execution
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Assembly DLL Creation Via AspNetCompiler
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2022-26134
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.privilege-escalation
attack.t1068
attack.defense-evasion
attack.t1211
attack.credential-access
attack.t1212
attack.lateral-movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Azure New CloudShell Created
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Powershell Code Artifacts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 MZ Header In CommandLine
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Bash Interactive Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
BPFtrace Unsafe Option Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1552.004
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Headless Execution To Mockbin Like Site
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Data Collection Via OSAScript
calendar
Aug 12, 2024
·
attack.collection
attack.execution
attack.t1115
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
CLR DLL Loaded Via Office Applications
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Cmd.EXE Missing Space Characters Execution Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
attack.execution
attack.t1559.001
attack.g0069
attack.g0080
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Registry Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - Security
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - System
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Computer Password Change Via Ksetup.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Computer System Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Conhost.exe CommandLine Path Traversal
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - Security
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - System
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense-evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
CSExec Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
CSExec Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Curl Web Request With Potential Custom User-Agent
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation IPC Access
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
cve.2021-1675
cve.2021-34527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-26858 Exchange Exploitation
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
cve.2021-26858
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-44077 POC Default Dropped File
calendar
Aug 12, 2024
·
attack.execution
cve.2021-44077
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File
calendar
Aug 12, 2024
·
attack.execution
cve.2023-38331
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - .REV File Creation
calendar
Aug 12, 2024
·
attack.execution
cve.2023-40477
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - WinRAR Application Crash
calendar
Aug 12, 2024
·
attack.execution
cve.2023-40477
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Drop DarkGate Loader In C:\Temp Directory
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkSide Ransomware Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Detection of PowerShell Execution via Sqlps.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
DLL Load via LSASS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1547.008
·
Share on:
twitter
facebook
linkedin
copy
DNS Events Related To Mining Pools
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Request By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
DNS RCE CVE-2020-1350
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1569.002
cve.2020-1350
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DotNET Assembly DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
DotNet CLR DLL Loaded By Scripting Applications
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Blacklist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Whitelist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Droppers Exploiting CVE-2017-11882
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-11882
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Dump Ntds.dit To Suspicious Location
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Elise Backdoor Activity
calendar
Aug 12, 2024
·
attack.g0030
attack.g0050
attack.s0081
attack.execution
attack.t1059.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Enable Microsoft Dynamic Data Exchange
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.002
·
Share on:
twitter
facebook
linkedin
copy
Equation Group Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.g0020
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Snap-Ins Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat as Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute MSDT Via Answer File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execute Pcwrun.EXE To Leverage Follina
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution of Powershell Script in Public Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Script Located In Potentially Suspicious Directory
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-0261
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-0261
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-8759
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-8759
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploited CVE-2020-10189 Zoho ManageEngine
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1059.001
attack.t1059.003
attack.s0190
cve.2020-10189
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019-1378
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Decryption Using Gpg4win
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Encryption Using Gpg4win
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Encryption/Decryption Via Gpg4win From Suspicious Locations
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Was Not Allowed To Run
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.006
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
File With Uncommon Extension Created By An Office Application
calendar
Aug 12, 2024
·
attack.t1204.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Fireball Archer Install
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Flash Player Update from Suspicious Location
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1189
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Process Creation Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Forfiles Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
GAC DLL Loaded Via Office Applications
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor IOC
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Griffon Malware Attack Pattern
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Bloodhound/Sharphound Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CACTUSTORCH Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1055.012
attack.t1059.005
attack.t1059.007
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike BOF Injection Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Covenant PowerShell Launcher
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1564.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec PowerShell Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell Launch Parameters
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz Duplicating LSASS Handle
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impacket Tools Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Jlaive In-Memory Assembly Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koadic Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LittleCorporal Generated Maldoc Injection
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential Impacket Lateral Movement Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Sliver C2 Implant Activity Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool Service Registration or Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Hardware Model Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Hermetic Wiper TG Process Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1021.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Hidden Powershell in Link File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols Via CLI
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
ImagingDevices Unusual Parent/Child Processes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories - ProcCreation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution By Program Compatibility Wizard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Insecure Proxy/DOH Transfer Via Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Insecure Transfer Via Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Install New Package Via Winget Local Manifest
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Interactive Bash Suspicious Children
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.004
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Potential Suspicious Child Process
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Java Running with Remote Debugging
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
JexBoss Command Sequence
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
JXA In-memory Execution Via OSAScript
calendar
Aug 12, 2024
·
attack.t1059.002
attack.t1059.007
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Loaded Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes CronJob/Job Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Launch Agent/Daemon Execution Via Launchctl
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1569.001
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Lazarus Group Activity
calendar
Aug 12, 2024
·
attack.g0032
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Linux Reverse Shell Indicator
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Loading Diagcab Package From Remote Path
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Local File Read Using Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Local Privilege Escalation Indicator TabTip
calendar
Aug 12, 2024
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Logged-On User Password Change Via Ksetup.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MacOS Scripting Interpreter AppleScript
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious Base64 Encoded PowerShell Keywords in Command Lines
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Nishang PowerShell Commandlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Keywords
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious ShellIntel PowerShell Commandlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
MERCURY APT Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Excel Add-In Loaded From Uncommon Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Microsoft VBA For Outlook Addin Loaded Via Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - AsperaFaspex Suspicious Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - Log4J Wstomcat Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - ManageEngine Suspicious Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
MMC20 Lateral Movement
calendar
Aug 12, 2024
·
attack.execution
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
MSHTA Suspicious Execution 01
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1218.005
attack.execution
attack.t1059.007
cve.2020-1599
·
Share on:
twitter
facebook
linkedin
copy
Mshtml.DLL RunHTMLApplication Suspicious Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Suspicious Locations
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSMQ Corrupted Packet Encountered
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL XPCmdshell Option Change
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSSQL XPCmdshell Suspicious Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Named Pipe Created Via Mkfifo
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Net WebClient Casing Anomalies
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Eqnedt32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated Via Notepad.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
New Application in AppCompat
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
New PowerShell Instance Created
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
New Virtual Smart Card Created Via TpmVscMgr.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Nohup Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Non Interactive PowerShell Process Spawned
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Nslookup PowerShell Download Cradle
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
NTFS Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection To Non-Local IP
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD HTTP No Authentication RCE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.lateral-movement
attack.t1068
attack.t1190
attack.t1203
attack.t1021.006
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Osacompile Execution By Potentially Suspicious Applet/Osascript
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
OSACompile Run-Only Execution
calendar
Aug 12, 2024
·
attack.t1059.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Microsoft Dialer
calendar
Aug 12, 2024
·
attack.execution
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.command-and-control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
PAExec Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PaperCut MF/NG Exploitation Related Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PaperCut MF/NG Potential Exploitation
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Aug 12, 2024
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense-evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Image Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Temp Files
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PDQ Deploy Remote Adminstartion Tool Execution
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Possible PrintNightmare Print Driver Install
calendar
Aug 12, 2024
·
attack.execution
cve.2021-1678
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Potential Adplus.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Exploitation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 POWERHOLD Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Reconnaissance/POWERTRASH Related Activity
calendar
Aug 12, 2024
·
attack.execution
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Related PowerShell Script Created
calendar
Aug 12, 2024
·
attack.execution
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT Mustang Panda Activity Against Australian Gov
calendar
Aug 12, 2024
·
attack.execution
attack.g0129
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT10 Cloud Hopper Activity
calendar
Aug 12, 2024
·
attack.execution
attack.g0045
attack.t1059.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Via FTP.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Via Cmdl32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2021-26084
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via Cdb.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1218
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.defense-evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Process Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Service Installations - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Path Traversal Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Update Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Cookies Session Hijacking
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-26857 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
cve.2021-26857
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-40444 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-26809 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1569.002
cve.2022-26809
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-21554 QueueJumper Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.execution
cve.2023-21554
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution
calendar
Aug 12, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location
calendar
Aug 12, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation
calendar
Aug 12, 2024
·
attack.execution
cve.2024-3400
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity Via CommandLine Tools
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Via Dnscmd.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL File Download Via PowerShell Invoke-WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Dosfuscation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encoded PowerShell Patterns In CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-3094 - Suspicious SSH Child Process
calendar
Aug 12, 2024
·
attack.execution
cve.2024-3094
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-37085 - Suspicious Creation Of ESX Admins Group
calendar
Aug 12, 2024
·
attack.execution
cve.2024-37085
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-37085 - Suspicious ESX Admins Group Activity
calendar
Aug 12, 2024
·
attack.execution
cve.2024-37085
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Goofy Guineapig Backdoor Activity
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Download And Compile Of Payloads
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.007
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Lure Document Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MuddyWater APT Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Perl Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential PHP Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via WCHAR
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Powershell ReverseShell Connection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential POWERTRASH Script Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Class Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential QBot Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin CPL Execution Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Dot Ending File
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Potential ReflectDebugger Content Execution Via WerFault.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote PowerShell Session Initiated
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Renamed Rundll32 Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Ruby Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Functionality Abuse
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential SMB Relay Attack Tool Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Installation Binary Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Installation CLI Arguments Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Persistence Service Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Snatch Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Browser Launch From Document Reader Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Child Process Of 3CXDesktopApp
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Keywords
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Unquoted Service Path Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential Ursnif Malware Activity - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via CommandLine
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via PowerShell Scripts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential WMI Lateral Movement WmiPrvSE Spawned PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Xterm Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of ClickOnce Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process of KeyScrambler.exe
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1203
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of WinRAR.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Parent Process In Public Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution Of PDQDeployRunner
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Named Pipe Created Via Mkfifo
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious WebDAV LNK Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ADRecon Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell as a Service in Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded IEX Cmdlet
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Invoke Keyword
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Reflective Assembly Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Called from an Executable Version Mismatch
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Create Local User
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Credential Prompt
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Downgrade Attack - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download and Execution Cradles
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell DownloadFile
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1104
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Powershell Execute Batch Script
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Inline Execution From A File
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell MsXml COM Object
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell PSAttack
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Remote Session Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Run in AppData
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Scripts Installed as Services
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Scripts Installed as Services - Security
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ShellCode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Powershell XML Execute Command
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerView PowerShell Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PrinterNightmare Mimikatz Driver Name
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Process Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
ProcessHacker Privilege Elevation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Wuauclt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PSAsyncShell - Asynchronous TCP Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PSExec and WMI Process Creations Block
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1047
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Psexec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Remote Execution File Artefact
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.execution
attack.persistence
attack.t1136.002
attack.t1543.003
attack.t1570
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service Child Process Execution as LOCAL SYSTEM
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Tool Execution From Suspicious Locations - PipeName
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - CSExec Default Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - CsExec Execution
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - NirCmd Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - NirCmd Execution As LOCAL SYSTEM
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - NSudo Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - PAExec Default Named Pipe
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Radmin Viewer Utility Execution
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
PUA - RemCom Default Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - RunXCmd Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY on Windows
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Regsvr32 Calc Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Exports Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Fake DLL Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Uninstaller Execution
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Query Usage To Exfil Data
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Read Contents From Stdin Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Rebuild Performance Counter Values Via Lodctr.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Registry Entries For Azorult Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 DLL Execution With Uncommon Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
RemCom Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
RemCom Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Execution With Known Revoked Signing Certificate
calendar
Aug 12, 2024
·
attack.execution
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Remote Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote DLL Load Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Remote LSASS Process Access Through Windows Remote Management
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1059.001
attack.lateral-movement
attack.t1021.006
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Classic)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Module)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session Host Process (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Sessions Network Connections (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remotely Hosted HTA File Executed Via Mshta.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed Jusched.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed NirCmd.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed PsExec Service Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
REvil Kaseya Incident Malware Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.g0115
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from Redirected Input Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without Parameters
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 UNC Path Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1021.002
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - Linux
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - MacOs
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation Via Schtasks.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Encoded Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Schtasks From Suspicious Folders
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Script Event Consumer Spawning Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Script Interpreter Execution From Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Service Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service Started/Stopped Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service StartupType Change Via PowerShell Set-Service
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service StartupType Change Via Sc.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution Of Process Located In Tmp Directory
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Shell32 DLL Execution in Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Silence.EDA Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1071.004
attack.t1572
attack.impact
attack.t1529
attack.g0091
attack.s0363
·
Share on:
twitter
facebook
linkedin
copy
Silenttrinity Stager Msbuild Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1127.001
·
Share on:
twitter
facebook
linkedin
copy
Sliver C2 Default Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
smbexec.py Service Installation
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.execution
attack.t1021.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Installer Name Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Kernel Driver File Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware WerFault Persistence File Creation
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Space After Filename
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
SQL Client Tools PowerShell Session Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Start Windows Service Via Net.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Successful Account Login Via WMI
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Activity in Shell Commands
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Application Installed
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary In User Directory Spawned From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.g0046
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Child Process - MacOS
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1189
attack.t1203
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Patterns In Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands Linux
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Csi.exe Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1072
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Digital Signature Of AppX Package
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Electron Application Child Processes
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded And Obfuscated Reflection Assembly Load Function Call
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded PowerShell Command Line
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded Scripts in a WMI Consumer
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution Location Of Wermgr.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Powershell with Base64
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.002
attack.initial-access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Characteristics Due to Missing Fields
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created In PerfLogs
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation In Uncommon AppData Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Wget.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Wget.EXE - Paths
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Execution From Internet Hosted WebDav Share
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HWP Sub Processes
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1203
attack.t1059.003
attack.g0032
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Aug 12, 2024
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Interactive PowerShell as SYSTEM
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Modification Of Scheduled Tasks
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mshta.EXE Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Nohup Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - Powershell Script
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download and Execute Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Encoded Command Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell IEX Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocation From Script Engines
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parameter Substring
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrinterPorts Creation (CVE-2020-1048)
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1059.001
cve.2020-1048
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RASdial Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reverse Shell Command Line
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scan Loop Network
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation Involving Temp Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Name As GUID
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Write to System32 Tasks
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Execution AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Schedule Type With High Privileges
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Schedule Types
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Script Execution From Temp Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scripting in a WMI Consumer
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage of CVE_2021_34484 or CVE 2022_21919
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of CSharp Interactive Console
calendar
Aug 12, 2024
·
attack.execution
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WindowsTerminal Child Processes
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMIC Execution Via Office Process
calendar
Aug 12, 2024
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WSMAN Provider Image Loads
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Symlink Etc Passwd
calendar
Aug 12, 2024
·
attack.t1204.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals Tools AppX Versions Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Sysprep on AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
T1047 Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
TAIDOOR RAT DLL Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1055.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Tasks Folder Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.execution
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Trickbot Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1559
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
TropicTrooper Campaign November 2018
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Commands May 2020
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059.001
attack.t1053.005
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059
attack.lateral-movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Named Pipes
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1106
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 PowerShell Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Barracuda ESG Exploitation Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Email Exfiltration File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Potential SEASPY Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Appvlp.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Defaultpack.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Processes Of SndVol.exe
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Malware C2 URL Pattern
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1204.002
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Use of FSharp Interpreters
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of OpenConsole
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Pcalua For Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Scriptrunner.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use Of The SFTP.EXE Binary As A LOLBIN
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Using SettingSyncHost.exe as LOLBin
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1574.008
·
Share on:
twitter
facebook
linkedin
copy
VBA DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Arbitrary Binary Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Renamed Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Wab Execution From Non Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wab/Wabmig Unusual Parent Or Child Processes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Weak or Abused Passwords In CLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender AMSI Trigger Detected
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detected
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Hotfix Updates Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WinSxS Executable File Creation By Non-System Process
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WMI Event Consumer Created Named Pipe
calendar
Aug 12, 2024
·
attack.t1047
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WMIC Remote Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unquoted Services Path Lookup - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMImplant Hack Tool
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
WmiPrvSE Spawned A Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
WScript or CScript Dropper - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Wscript Shell Run In CommandLine
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
XBAP Execution From Uncommon Locations Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
ZxShell Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.defense-evasion
attack.t1218.011
attack.s0412
attack.g0001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Abuse of the Windows Server Update Services (WSUS) for lateral movement.
calendar
Aug 10, 2024
·
attack.execution
attack.lateral_movement
attack.T1210
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
attack.persistence
attack.T1176
attack.T1053.005
·
Share on:
twitter
facebook
linkedin
copy
Detecting Ammy Admin RMM Agent Execution
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Detection of CMD Execution via AnyViewer RMM
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Detection of Suspicious triggering of ErrorHandler.cmd Execution
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Emotet loader execution via .lnk file
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.006
·
Share on:
twitter
facebook
linkedin
copy
Execution of ZeroLogon PoC executable
calendar
Aug 10, 2024
·
attack.execution
attack.lateral_movement
attack.T1210
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
MOVEit exploitation
calendar
Aug 10, 2024
·
attack.execution
attack.T1623
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE - sdiagnhost.exe spawning command
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE CVE-2022-30190
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell AMSI Bypass Pattern
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin initial execution from external drive
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin subsequent execution of commands
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Aug 10, 2024
·
attack.execution
attack.T1059
·
Share on:
twitter
facebook
linkedin
copy
Using powershell specific download cradle OneLiner
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Atexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
In-memory Downloading and Compiling of Applets as Payloads
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Mac AppleScript Input Prompt
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Qbot Mounted Drive Script Executions
calendar
Mar 26, 2024
·
attack.s0650
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell with Suspect Strings
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
SMBexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Lineage - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Unusual Module Loads - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Unusual or Suspicious Process Ancestry - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Explorer Spawning Command Shell with Start and Exit Commands
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Creating Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.discovery
attack.t1087
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender via Service
calendar
Feb 26, 2024
·
attack.execution
attack.t1569.002
attack.t1562.001
dist.public
·
Share on:
twitter
facebook
linkedin
copy
AteraAgent malicious installations
calendar
Feb 23, 2024
·
attack.execution
attack.t1059.006
·
Share on:
twitter
facebook
linkedin
copy
Custom Cobalt Strike Command Execution
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Execution of ZeroLogon PoC executable
calendar
Feb 23, 2024
·
attack.execution
attack.lateral_movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Nullsoft Scriptable Installer Script (NSIS) execution
calendar
Feb 23, 2024
·
attack.execution
attack.t1106
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Nullsoft Scriptable Installer Script (NSIS) file creation
calendar
Feb 23, 2024
·
attack.execution
attack.t1106
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate Autoit3.exe Execution Parameters
calendar
Oct 14, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket DCOMExec Connection Attempt - Zeek
calendar
Sep 1, 2023
·
attack.s0357
attack.execution
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WebDAV LNK Execution
calendar
Aug 5, 2023
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Suspicious Process Ancestry (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Explorer Spawning CMD With Start/Exit Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Powershell Base64 Encoding (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Encoded Command Switch (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Commandlets (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Powershell Cmdlets (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Process Lineage (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unusual Module Loads (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Office Applications
calendar
Apr 21, 2023
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Apr 21, 2023
·
attack.lateral_movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation Preparation
calendar
Apr 21, 2023
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Quick Execution of a Series of Suspicious Commands
calendar
Apr 21, 2023
·
car.2013-04-002
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Creation
calendar
Apr 21, 2023
·
attack.lateral_movement
attack.persistence
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Impacket AtExec Process Activity
calendar
Apr 16, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Impacket Pipe Creation - Psexec
calendar
Apr 16, 2023
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Impacket PSExec Temp Executable File Creation
calendar
Apr 16, 2023
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Impacket AtExec Suspicious Registry Modification
calendar
Jan 30, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Impacket AtExec Suspicious Temp File Creation
calendar
Jan 30, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket AtExec Activity
calendar
Jan 30, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Jan 8, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
MOFComp Execution
calendar
Jan 8, 2023
·
attack.execution
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Old)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution with Get UUID Option
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Nov 29, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding in CMD or Powershell
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Unusual or Suspicious Process Ancestry
calendar
Nov 9, 2022
·
attack.persistence
attack.t1505
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Gootloader Stage 2 Registry Key Creation
calendar
Nov 9, 2022
·
attack.execution
attack.defense_evasion
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscation and Escape Characters
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Behaving Improperly or Suspiciously
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Making Suspicious Network Connection
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wscript.exe Executing Agreement Javascript in AppData Folder
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
to-top