open-menu
closeme
Potentially Suspicious Command Executed Via Run Dialog Box - Registry
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed Powershell Under Powershell Channel
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non PowerShell WSMAN COM Provider
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts Pipe
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Installation - PsScript
calendar
Sep 3, 2024
·
attack.persistence
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Initial Execution From External Drive
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Subsequent Execution of Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Activity
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Powershell Code Artifacts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Aug 12, 2024
·
attack.t1027
attack.defense-evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1552.004
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Cmd.EXE Missing Space Characters Execution Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-24527 Microsoft Connected Cache LPE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1059.001
cve.2022-24527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Detection of PowerShell Execution via Sqlps.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Snap-Ins Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat as Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execution of Powershell Script in Public Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Exploited CVE-2020-10189 Zoho ManageEngine
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1059.001
attack.t1059.003
attack.s0190
cve.2020-10189
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Was Not Allowed To Run
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.006
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Bloodhound/Sharphound Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Covenant PowerShell Launcher
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1564.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec PowerShell Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell Launch Parameters
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden Powershell in Link File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories - ProcCreation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Base64 Encoded PowerShell Keywords in Command Lines
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Nishang PowerShell Commandlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Keywords
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious ShellIntel PowerShell Commandlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
MERCURY APT Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Net WebClient Casing Anomalies
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
New PowerShell Instance Created
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Non Interactive PowerShell Process Spawned
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Nslookup PowerShell Download Cradle
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
NTFS Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Exploitation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 POWERHOLD Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.defense-evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity Via CommandLine Tools
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL File Download Via PowerShell Invoke-WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encoded PowerShell Patterns In CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via WCHAR
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Powershell ReverseShell Connection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential POWERTRASH Script Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote PowerShell Session Initiated
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Keywords
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via PowerShell Scripts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential WMI Lateral Movement WmiPrvSE Spawned PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious WebDAV LNK Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ADRecon Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded IEX Cmdlet
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Invoke Keyword
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Reflective Assembly Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Called from an Executable Version Mismatch
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Aug 12, 2024
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Create Local User
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Credential Prompt
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Downgrade Attack - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell DownloadFile
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1104
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Powershell Executed From Headless ConHost Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Inline Execution From A File
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell MsXml COM Object
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell PSAttack
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Remote Session Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Run in AppData
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ShellCode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Powershell XML Execute Command
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerView PowerShell Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PSAsyncShell - Asynchronous TCP Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote LSASS Process Access Through Windows Remote Management
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1059.001
attack.lateral-movement
attack.t1021.006
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Classic)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Module)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session Host Process (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Sessions Network Connections (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Encoded Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Silence.EDA Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1071.004
attack.t1572
attack.impact
attack.t1529
attack.g0091
attack.s0363
·
Share on:
twitter
facebook
linkedin
copy
SQL Client Tools PowerShell Session Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded And Obfuscated Reflection Assembly Load Function Call
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded PowerShell Command Line
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Powershell with Base64
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Execution From Internet Hosted WebDav Share
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Interactive PowerShell as SYSTEM
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - Powershell Script
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download and Execute Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Encoded Command Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell IEX Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocation From Script Engines
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parameter Substring
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrinterPorts Creation (CVE-2020-1048)
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1059.001
cve.2020-1048
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Execution AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WSMAN Provider Image Loads
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command Line - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
TropicTrooper Campaign November 2018
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Commands May 2020
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059.001
attack.t1053.005
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 PowerShell Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WMImplant Hack Tool
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
attack.persistence
attack.T1176
attack.T1053.005
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin initial execution from external drive
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin subsequent execution of commands
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Custom Cobalt Strike Command Execution
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WebDAV LNK Execution
calendar
Aug 5, 2023
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Powershell Base64 Encoding (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Encoded Command Switch (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Commandlets (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Jan 8, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Nov 29, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding in CMD or Powershell
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
to-top