open-menu
closeme
Application Removed Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Terminated Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Computer System Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential Impacket Lateral Movement Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Hardware Model Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Class Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Unquoted Service Path Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential WMI Lateral Movement WmiPrvSE Spawned PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Process Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
PSExec and WMI Process Creations Block
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1047
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote DCOM/WMI Lateral Movement
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.003
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Script Event Consumer Spawning Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service Started/Stopped Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Successful Account Login Via WMI
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded Scripts in a WMI Consumer
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMIC Execution Via Office Process
calendar
Aug 12, 2024
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
System Disk And Volume Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1047
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
T1047 Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 PowerShell Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Windows Hotfix Updates Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Event Consumer Created Named Pipe
calendar
Aug 12, 2024
·
attack.t1047
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WMIC Remote Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unquoted Services Path Lookup - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec Default Output File
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMImplant Hack Tool
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
WmiPrvSE Spawned A Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Lineage - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Unusual Module Loads - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.discovery
attack.t1087
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Powershell Cmdlets (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Process Lineage (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unusual Module Loads (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Office Applications
calendar
Apr 21, 2023
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
to-top