attack.t1036.005

Suspicious Scheduled Task Creation via Masqueraded XML File
Apr 21, 2023 · attack.defense_evasion attack.persistence attack.t1036.005 attack.t1053.005 ·
Share on:
Detects the creation of a scheduled task using the "-XML" flag with a file without the '.xml' extension. This behavior could be indicative of potential defense evasion attempt during persistence

Read More
Files With System Process Name In Unsuspected Locations
Mar 23, 2023 · attack.defense_evasion attack.t1036.005 ·
Share on:
Detects the creation of an executable with a system process name in folders other than the system ones (System32, SysWOW64...etc).

Read More
Windows Processes Suspicious Parent Directory
Mar 5, 2023 · attack.defense_evasion attack.t1036.003 attack.t1036.005 ·
Share on:
Detect suspicious parent processes of well-known Windows processes

Read More
Suspicious Svchost Process
Mar 2, 2023 · attack.defense_evasion attack.t1036.005 ·
Share on:
Detects a suspicious svchost process start

Read More
Potential MsiExec Masquerading
Feb 22, 2023 · attack.defense_evasion attack.t1036.005 ·
Share on:
Detects the execution of msiexec.exe from an uncommon directory

Read More
Flash Player Update from Suspicious Location
Feb 1, 2023 · attack.initial_access attack.t1189 attack.execution attack.t1204.002 attack.defense_evasion attack.t1036.005 ·
Share on:
Detects a flashplayer update from an unofficial location

Read More
Suspicious Files in Default GPO Folder
Oct 26, 2022 · attack.t1036.005 attack.defense_evasion ·
Share on:
Detects the creation of copy of suspicious files (EXE/DLL) to the default GPO storage folder

Read More

Suspicious Scheduled Task Creation via Masqueraded XML File

Files With System Process Name In Unsuspected Locations

Windows Processes Suspicious Parent Directory

Suspicious Svchost Process

Potential MsiExec Masquerading

Flash Player Update from Suspicious Location

Suspicious Files in Default GPO Folder