open-menu
closeme
Unusual Parent Process For Cmd.EXE
calendar
Dec 6, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Dec 4, 2023
·
attack.credential_access
attack.defense_evasion
attack.discovery
attack.execution
attack.privilege_escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Dec 4, 2023
·
attack.credential_access
attack.defense_evasion
attack.discovery
attack.execution
attack.privilege_escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Access
calendar
Dec 4, 2023
·
attack.defense_evasion
attack.t1218.003
attack.execution
attack.t1559.001
attack.g0069
attack.g0080
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Direct Syscall of NtOpenProcess
calendar
Dec 4, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike BOF Injection Pattern
calendar
Dec 4, 2023
·
attack.execution
attack.t1106
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz Duplicating LSASS Handle
calendar
Dec 4, 2023
·
attack.execution
attack.t1106
attack.defense_evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impacket Tools Execution
calendar
Dec 4, 2023
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LittleCorporal Generated Maldoc Injection
calendar
Dec 4, 2023
·
attack.execution
attack.t1204.002
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
Remote LSASS Process Access Through Windows Remote Management
calendar
Dec 4, 2023
·
attack.credential_access
attack.execution
attack.t1003.001
attack.t1059.001
attack.lateral_movement
attack.t1021.006
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Data Collection Via OSAScript
calendar
Dec 1, 2023
·
attack.collection
attack.execution
attack.t1115
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Dec 1, 2023
·
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Dec 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories - ProcCreation
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
JXA In-memory Execution Via OSAScript
calendar
Dec 1, 2023
·
attack.t1059.002
attack.t1059.007
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Malicious Nishang PowerShell Commandlets
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.003
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
OSACompile Run-Only Execution
calendar
Dec 1, 2023
·
attack.t1059.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PDQ Deploy Remote Adminstartion Tool Execution
calendar
Dec 1, 2023
·
attack.execution
attack.lateral_movement
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-26809 Exploitation Attempt
calendar
Dec 1, 2023
·
attack.initial_access
attack.t1190
attack.execution
attack.t1569.002
cve.2022.26809
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Via Dnscmd.EXE
calendar
Dec 1, 2023
·
attack.discovery
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt From Office Application
calendar
Dec 1, 2023
·
attack.execution
attack.defense_evasion
cve.2021.40444
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Password Spraying Attempt Using Dsacls.EXE
calendar
Dec 1, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Renamed Rundll32 Execution
calendar
Dec 1, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via CommandLine
calendar
Dec 1, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potentially Over Permissive Permissions Granted Using Dsacls.EXE
calendar
Dec 1, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Powershell XML Execute Command
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Query Usage To Exfil Data
calendar
Dec 1, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary In User Directory Spawned From Office Application
calendar
Dec 1, 2023
·
attack.execution
attack.t1204.002
attack.g0046
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Digital Signature Of AppX Package
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Instance Of An Office COM Object
calendar
Dec 1, 2023
·
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets - ScriptBlock
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - Log4J Wstomcat Process Execution
calendar
Nov 29, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Executed By Parent Process Located In Suspicious Location
calendar
Nov 28, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Extracting Cab Files From Suspicious Paths
calendar
Nov 28, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 POWERHOLD Execution
calendar
Nov 28, 2023
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Reconnaissance/POWERTRASH Related Activity
calendar
Nov 28, 2023
·
attack.execution
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Related PowerShell Script Created
calendar
Nov 28, 2023
·
attack.execution
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT Mustang Panda Activity Against Australian Gov
calendar
Nov 28, 2023
·
attack.execution
attack.g0129
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential POWERTRASH Script Execution
calendar
Nov 28, 2023
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
WMI Module Loaded By Non Uncommon Process
calendar
Nov 27, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation
calendar
Nov 27, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Wuauclt.EXE
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Nov 14, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Appvlp.EXE
calendar
Nov 14, 2023
·
attack.t1218
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
XBAP Execution From Uncommon Locations Via PresentationHost.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Webserver
calendar
Nov 14, 2023
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Potentially Suspicious Target
calendar
Nov 10, 2023
·
attack.defense_evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Nov 10, 2023
·
attack.execution
attack.defense_evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
smbexec.py Service Installation
calendar
Nov 10, 2023
·
attack.lateral_movement
attack.execution
attack.t1021.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Nov 10, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Nov 10, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Nov 10, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Nov 10, 2023
·
attack.execution
attack.t1059.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Nov 10, 2023
·
attack.execution
attack.t1059.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Nov 9, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Nov 6, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense_evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Nov 6, 2023
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 6, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Weak or Abused Passwords In CLI
calendar
Nov 6, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon PowerShell Hosts
calendar
Nov 3, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Nov 2, 2023
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential_access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Nov 2, 2023
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential_access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level - PowerShell
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ImagingDevices Unusual Parent/Child Processes
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Defaultpack.exe Use As Proxy
calendar
Nov 2, 2023
·
attack.t1218
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Net WebClient Casing Anomalies
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Session Hijacking Activity
calendar
Nov 2, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Powershell Inline Execution From A File
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Remote Session Creation
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Nov 2, 2023
·
attack.command_and_control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Powershell with Base64
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Nov 2, 2023
·
attack.t1566
attack.t1566.002
attack.initial_access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Encoded Command Patterns
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic - PowerShell Module
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - PowerShell Module
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Use of Pcalua For Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Oct 28, 2023
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Oct 28, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Keywords
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Mofcomp Execution
calendar
Oct 28, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Dump Ntds.dit To Suspicious Location
calendar
Oct 28, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Suspicious Locations
calendar
Oct 28, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT File Creation Indicators
calendar
Oct 28, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Process Activity Indicators
calendar
Oct 28, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Oct 28, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Onyx Sleet APT File Creation Indicators
calendar
Oct 28, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Nslookup PowerShell Download Cradle
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Called from an Executable Version Mismatch
calendar
Oct 28, 2023
·
attack.defense_evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Downgrade Attack - PowerShell
calendar
Oct 28, 2023
·
attack.defense_evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Classic)
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Renamed Powershell Under Powershell Channel
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non PowerShell WSMAN COM Provider
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command Line - PowerShell
calendar
Oct 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Oct 28, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Linux HackTool Execution
calendar
Oct 28, 2023
·
attack.execution
attack.resource_development
attack.t1587
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Oct 26, 2023
·
attack.execution
attack.privilege_escalation
attack.resource_development
attack.t1587
cve.2021.1675
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-26858 Exchange Exploitation
calendar
Oct 26, 2023
·
attack.t1203
attack.execution
cve.2021.26858
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-44077 POC Default Dropped File
calendar
Oct 26, 2023
·
attack.execution
cve.2021.44077
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Oct 26, 2023
·
attack.execution
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Oct 26, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
MSMQ Corrupted Packet Encountered
calendar
Oct 26, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Named Pipes
calendar
Oct 26, 2023
·
attack.g0010
attack.execution
attack.t1106
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts Pipe
calendar
Oct 23, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Oct 23, 2023
·
attack.command_and_control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP URL Via Curl.EXE
calendar
Oct 23, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Curl.EXE
calendar
Oct 23, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Execution Policy Enabled
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Cmdlet
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT File Artifact
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Hacktool Detection
calendar
Oct 18, 2023
·
attack.execution
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Oct 18, 2023
·
attack.execution
attack.t1218.011
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Oct 18, 2023
·
attack.persistence
attack.t1053.003
attack.privilege_escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Powershell Code Artifacts
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Uncommon Script Extension Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
calendar
Oct 18, 2023
·
detection.emerging_threats
attack.execution
attack.t1203
cve.2023.38331
·
Share on:
twitter
facebook
linkedin
copy
DotNet CLR DLL Loaded By Scripting Applications
calendar
Oct 18, 2023
·
attack.execution
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Snap-Ins Usage
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
File Decryption Using Gpg4win
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Encryption Using Gpg4win
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Encryption/Decryption Via Gpg4win From Suspicious Locations
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File With Uncommon Extension Created By An Office Application
calendar
Oct 18, 2023
·
attack.t1204.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Bloodhound/Sharphound Execution
calendar
Oct 18, 2023
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec PowerShell Obfuscation
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Oct 18, 2023
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hermetic Wiper TG Process Patterns
calendar
Oct 18, 2023
·
attack.execution
attack.lateral_movement
attack.t1021.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Powershell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Powershell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Powershell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Base64 Encoded PowerShell Keywords in Command Lines
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious ShellIntel PowerShell Commandlets
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - AsperaFaspex Suspicious Process Execution
calendar
Oct 18, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - ManageEngine Suspicious Process Execution
calendar
Oct 18, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Non Interactive PowerShell Process Spawned
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD HTTP No Authentication RCE
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.lateral_movement
attack.t1068
attack.t1190
attack.t1203
attack.t1021.006
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Path Traversal Via Cmd.EXE
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1218
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity Via CommandLine Tools
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Encoded PowerShell Patterns In CommandLine
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Perl Reverse Shell Execution
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Powershell ReverseShell Connection
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Oct 18, 2023
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Keywords
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential WMI Lateral Movement WmiPrvSE Spawned PowerShell
calendar
Oct 18, 2023
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of WinRAR.EXE
calendar
Oct 18, 2023
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious WebDAV LNK Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ADRecon Execution
calendar
Oct 18, 2023
·
attack.discovery
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded IEX Cmdlet
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Invoke Keyword
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Oct 18, 2023
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download Pattern
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - NSudo Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Python Inline Command Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Uninstaller Execution
calendar
Oct 18, 2023
·
detection.emerging_threats
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (Network)
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Script Interpreter Execution From Suspicious Folder
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Start Windows Service Via Net.EXE
calendar
Oct 18, 2023
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.005
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Csi.exe Usage
calendar
Oct 18, 2023
·
attack.execution
attack.t1072
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Electron Application Child Processes
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded PowerShell Command Line
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution Of PDQDeployRunner
calendar
Oct 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mshta.EXE Execution Patterns
calendar
Oct 18, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Child Process
calendar
Oct 18, 2023
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parent Process
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scripting in a WMI Consumer
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WindowsTerminal Child Processes
calendar
Oct 18, 2023
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WSMAN Provider Image Loads
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Tasks Folder Evasion
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.execution
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Oct 18, 2023
·
attack.g0010
attack.execution
attack.t1059
attack.lateral_movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Oct 18, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AMSI Bypass Pattern Assembly GetType
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Shell Command Execution Via Settingcontent-Ms
calendar
Oct 17, 2023
·
attack.t1204
attack.t1566.001
attack.execution
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Oct 17, 2023
·
attack.initial_access
attack.execution
attack.t1190
attack.t1059
cve.2022.26134
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Oct 17, 2023
·
attack.execution
attack.t1203
attack.privilege_escalation
attack.t1068
attack.defense_evasion
attack.t1211
attack.credential_access
attack.t1212
attack.lateral_movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Azure New CloudShell Created
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Base64 MZ Header In CommandLine
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Oct 17, 2023
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Conhost.exe CommandLine Path Traversal
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Oct 17, 2023
·
attack.t1055
attack.t1218
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - System
calendar
Oct 17, 2023
·
attack.credential_access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
DNS Events Related To Mining Pools
calendar
Oct 17, 2023
·
attack.execution
attack.t1569.002
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Equation Editor Network Connection
calendar
Oct 17, 2023
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Excel Network Connections
calendar
Oct 17, 2023
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat as Parent
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute MSDT Via Answer File
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execute Pcwrun.EXE To Leverage Follina
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution of Powershell Script in Public Folder
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Loading Diagcab Package From Remote Path
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Oct 17, 2023
·
attack.lateral_movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Oct 17, 2023
·
attack.t1055
attack.t1218
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Web
calendar
Oct 17, 2023
·
attack.execution
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
MSSQL XPCmdshell Option Change
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSSQL XPCmdshell Suspicious Execution
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Nohup Execution
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand - Auditd
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
PAExec Service Installation
calendar
Oct 17, 2023
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Parent in Public Folder Suspicious Process
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Oct 17, 2023
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense_evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Powershell MsXml COM Object
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Run in AppData
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PSAsyncShell - Asynchronous TCP Reverse Shell
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY on Windows
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Renamed PsExec Service Execution
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 UNC Path Execution
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
attack.t1021.002
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Schtasks From Suspicious Folders
calendar
Oct 17, 2023
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Script Event Consumer Spawning Process
calendar
Oct 17, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Sliver C2 Default Service Installation
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Add Scheduled Task Parent
calendar
Oct 17, 2023
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Application Installed
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cmdl32 Execution
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Interactive PowerShell as SYSTEM
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Modification Of Scheduled Tasks
calendar
Oct 17, 2023
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - Powershell Script
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download and Execute Pattern
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell IEX Execution Patterns
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Name As GUID
calendar
Oct 17, 2023
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Execution AppData Folder
calendar
Oct 17, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Schedule Type With High Privileges
calendar
Oct 17, 2023
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Schedule Types
calendar
Oct 17, 2023
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Script Execution From Temp Folder
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Use of Forfiles For Execution
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of FSharp Interpreters
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of OpenConsole
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Scriptrunner.exe
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use Of The SFTP.EXE Binary As A LOLBIN
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Wab Execution From Non Default Location
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wab/Wabmig Unusual Parent Or Child Processes
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unquoted Services Path Lookup - PowerShell
calendar
Oct 17, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WScript or CScript Dropper - File
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Wusa Extracting Cab Files
calendar
Oct 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation IPC Access
calendar
Oct 15, 2023
·
attack.execution
attack.t1569
cve.2021.1675
cve.2021.34527
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Possible CVE-2021-1675 Print Spooler Exploitation
calendar
Oct 15, 2023
·
attack.execution
attack.t1569
cve.2021.1675
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Oct 15, 2023
·
attack.defense_evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate Autoit3.exe Execution Parameters
calendar
Oct 14, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Oct 12, 2023
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Oct 12, 2023
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Oct 12, 2023
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Oct 12, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Oct 12, 2023
·
attack.execution
attack.defense_evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Oct 12, 2023
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy