attack.t1053

HackTool - CrackMapExec Execution Patterns
Feb 22, 2023 · attack.execution attack.t1047 attack.t1053 attack.t1059.003 attack.t1059.001 attack.s0106 ·
Share on:
Detects various execution patterns of the CrackMapExec pentesting framework

Read More
HackTool - SharPersist Execution
Feb 4, 2023 · attack.persistence attack.t1053 ·
Share on:
Detects the execution of the hacktool SharPersist - used to deploy various different kinds of persistence mechanisms

Read More
Suspicious Scheduled Task Write to System32 Tasks
Feb 1, 2023 · attack.persistence attack.execution attack.t1053 ·
Share on:
Detects the creation of tasks from processes executed from suspicious locations

Read More
Remote Schedule Task Lateral Movement via ATSvc
Jan 27, 2023 · attack.lateral_movement attack.t1053 attack.t1053.002 ·
Share on:
Detects remote RPC calls to create or execute a scheduled task via ATSvc

Read More
Remote Schedule Task Lateral Movement via ITaskSchedulerService
Jan 27, 2023 · attack.lateral_movement attack.t1053 attack.t1053.002 ·
Share on:
Detects remote RPC calls to create or execute a scheduled task

Read More
Remote Schedule Task Lateral Movement via SASec
Jan 27, 2023 · attack.lateral_movement attack.t1053 attack.t1053.002 ·
Share on:
Detects remote RPC calls to create or execute a scheduled task via SASec

Read More
Cisco Modify Configuration
Jan 4, 2023 · attack.persistence attack.impact attack.t1490 attack.t1505 attack.t1565.002 attack.t1053 ·
Share on:
Modifications to a config that will serve an adversary's impacts or persistence

Read More
Scheduled TaskCache Change by Uncommon Program
Oct 26, 2022 · attack.persistence attack.t1053 attack.t1053.005 ·
Share on:
Monitor the creation of a new key under 'TaskCache' when a new scheduled task is registered by a process that is not svchost.exe, which is suspicious

Read More