open-menu
closeme
File In Suspicious Location Encoded To Base64 Via Certutil.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Encoded To Base64 Via Certutil.EXE
calendar
Jan 6, 2025
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Dec 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Aug 12, 2024
·
attack.t1027
attack.defense-evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text -MacOs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Decoded From Base64/Hex Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Email Attachment)
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.t1027
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Ping Hex IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encoded PowerShell Patterns In CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via WCHAR
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Winnti Dropper Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Invoke Keyword
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Reflective Assembly Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PUA - Potential PE Metadata Tamper Using Rcedit
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded And Obfuscated Reflection Assembly Load Function Call
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From Direct IP Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-Variable.exe Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Commands May 2020
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059.001
attack.t1053.005
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Gamarue Rundll32.exe Long Commandlines
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
attack.t1027.010
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
ZIP File Spawning JavaScript
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Event 4663)
calendar
Sep 1, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ISO, VHD, LNK or IMG File Extracted from Zip (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.defense_evasion
attack.t1027
attack.t1027.006
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Web Browser Creates Zip Archive File (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.defense_evasion
attack.t1027
attack.t1027.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of Rcedit Utility to Alter Executable Metadata
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Sysmon)
calendar
Nov 18, 2022
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscation and Escape Characters
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
to-top