open-menu
closeme
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
CodePage Modification Via MODE.COM To Russian Language
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
CreateDump Process Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Explorer Process Tree Break
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Forfiles.EXE Child Process Masquerading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - XORDump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Interactive Bash Suspicious Children
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.004
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
New or Renamed User Account with '$' Character
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Taskmgr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Command Line Path Traversal Evasion Attempt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Fake Instance Of Hxtsr.EXE Executed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters in Filename
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential LSASS Process Dump Via Procdump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.credential-access
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Potential ReflectDebugger Content Execution Via WerFault.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential SysInternals ProcDump Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Tmp Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Procdump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Process Execution From A Potentially Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Comsvcs.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1036
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
PUA - Potential PE Metadata Tamper Using Rcedit
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed CreateDump Utility Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed Plink Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calculator Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious CodePage Switch Via CHCP
calendar
Aug 12, 2024
·
attack.t1036
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 12, 2024
·
cve.2021-42287
detection.emerging-threats
attack.defense-evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSDT Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Parents
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Start Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Update Agent Empty Cmdline
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
System Control Panel Item Loaded From Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
System File Execution Location Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Taskmgr as LOCAL_SYSTEM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Binaries Write Suspicious Extensions
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Processes Executing with Unusual Command Lines
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Gootloader JavaScript Execution in AppData Folder (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1036
attack.t1036.003
attack.t1036.008
·
Share on:
twitter
facebook
linkedin
copy
Windows Scripting Host Executing JScript Files with MS-DOS Short Names (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Process Creation With Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.t1036
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Containing Right-to-Left Override
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.t1036
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Bumblebee WmiPrvSE execution pattern
calendar
Jan 8, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of Rcedit Utility to Alter Executable Metadata
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command or Scripting Interpreter Creating EXE File
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
File Creation of Executables in Temp Folders (Event 4663)
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Process Creation without .exe File Extension
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
attack.s1020
·
Share on:
twitter
facebook
linkedin
copy
Svchost Not Matching Normal Execution Parameters
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
to-top