attack.t1027.004 | Detection.FYI

Application Whitelisting Bypass via Dnx.exe
Feb 21, 2023 · attack.defense_evasion attack.t1218 attack.t1027.004 ·
Share on:
Execute C# code located in the consoleapp folder

Read More
Suspicious Csc.exe Source File Folder
Feb 21, 2023 · attack.defense_evasion attack.t1027.004 ·
Share on:
Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData)

Read More
Suspicious Parent of Csc.exe
Feb 21, 2023 · attack.execution attack.t1059.005 attack.t1059.007 attack.defense_evasion attack.t1218.005 attack.t1027.004 ·
Share on:
Detects a suspicious parent of csc.exe, which could by a sign of payload delivery

Read More
Dynamic CSharp Compile Artefact
Feb 17, 2023 · attack.defense_evasion attack.t1027.004 ·
Share on:
When C# is compiled dynamically, a .cmdline file will be created as a part of the process. Certain processes are not typically observed compiling C# code, but can do so without touching disk. This can be used to unpack a payload for execution

Read More
Visual Basic Command Line Compiler Usage
Oct 28, 2022 · attack.defense_evasion attack.t1027.004 ·
Share on:
Detects successful code compilation via Visual Basic Command Line Compiler that utilizes Windows Resource to Object Converter.

Read More