open-menu
closeme
Potential SquiblyTwo Technique Execution
calendar
May 26, 2023
·
attack.defense_evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Login with WMI
calendar
May 2, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Apr 24, 2023
·
attack.defense_evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Apr 4, 2023
·
attack.execution
attack.defense_evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potential WMI Lateral Movement WmiPrvSE Spawned PowerShell
calendar
Apr 3, 2023
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
WmiPrvSE Spawned A Process
calendar
Apr 3, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec Default Output File
calendar
Mar 9, 2023
·
attack.lateral_movement
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Class Reconnaissance Via Wmic.EXE
calendar
Mar 7, 2023
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Reconnaissance Via Wmic.EXE
calendar
Mar 7, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Script Event Consumer Spawning Process
calendar
Mar 5, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
T1047 Wmiprvse Wbemcomn DLL Hijack
calendar
Feb 27, 2023
·
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Feb 22, 2023
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential Impacket Lateral Movement Activity
calendar
Feb 21, 2023
·
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Computer System Reconnaissance Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.discovery
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Hardware Model Reconnaissance Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Unquoted Service Path Reconnaissance Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Process Reconnaissance Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service Reconnaissance Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Created Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Windows Hotfix Updates Reconnaissance Via Wmic.EXE
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Remote Command Execution
calendar
Feb 16, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Removed Via Wmic.EXE
calendar
Feb 14, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service Started/Stopped Via Wmic.EXE
calendar
Feb 14, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMIC Execution Via Office Process
calendar
Feb 14, 2023
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
WMI Modules Loaded
calendar
Feb 7, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack
calendar
Feb 7, 2023
·
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack - File
calendar
Feb 7, 2023
·
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded Scripts in a WMI Consumer
calendar
Feb 1, 2023
·
attack.execution
attack.t1047
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Event Consumer Created Named Pipe
calendar
Feb 1, 2023
·
attack.t1047
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unquoted Services Path Lookup - PowerShell
calendar
Feb 1, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Remote DCOM/WMI Lateral Movement
calendar
Jan 27, 2023
·
attack.lateral_movement
attack.t1021.003
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMImplant Hack Tool
calendar
Jan 4, 2023
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PSExec and WMI Process Creations Block
calendar
Dec 27, 2022
·
attack.execution
attack.lateral_movement
attack.t1047
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Nov 27, 2022
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Execution
calendar
Oct 25, 2022
·
attack.execution
attack.t1047
attack.t1053.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
to-top