attack.t1027.004

Csc.EXE Execution Form Potentially Suspicious Parent

Nov 6, 2023 · attack.execution attack.t1059.005 attack.t1059.007 attack.defense_evasion attack.t1218.005 attack.t1027.004 ·

Share on:

Detects a potentially suspicious parent of "csc.exe", which could be a sign of payload delivery.

Dynamic .NET Compilation Via Csc.EXE

Nov 6, 2023 · attack.defense_evasion attack.t1027.004 ·

Share on:

Detects execution of "csc.exe" to compile .NET code. Attackers often leverage this to compile code on the fly and use it in other stages.

Application Whitelisting Bypass via Dnx.exe

Feb 21, 2023 · attack.defense_evasion attack.t1218 attack.t1027.004 ·

Share on:

Execute C# code located in the consoleapp folder

Dynamic CSharp Compile Artefact

Feb 17, 2023 · attack.defense_evasion attack.t1027.004 ·

Share on:

When C# is compiled dynamically, a .cmdline file will be created as a part of the process. Certain processes are not typically observed compiling C# code, but can do so without touching disk. This can be used to unpack a payload for execution

Visual Basic Command Line Compiler Usage

Oct 28, 2022 · attack.defense_evasion attack.t1027.004 ·

Share on:

Detects successful code compilation via Visual Basic Command Line Compiler that utilizes Windows Resource to Object Converter.