open-menu
closeme
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Jun 1, 2023
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
May 31, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
May 23, 2023
·
attack.execution
attack.defense_evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts - PowerShell Module
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Powershell Code Artifacts
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - PoshModule
calendar
May 15, 2023
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Non Interactive PowerShell Process Spawned
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Module)
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic - PowerShell Module
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - PowerShell Module
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets - ScriptBlock
calendar
May 15, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell
calendar
May 5, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Rundll32
calendar
May 5, 2023
·
attack.defense_evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Keywords
calendar
Apr 21, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Apr 21, 2023
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ScriptBlock
calendar
Apr 21, 2023
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Apr 21, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerView PowerShell Commandlets
calendar
Apr 20, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Apr 14, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts
calendar
Apr 12, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Apr 11, 2023
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Apr 11, 2023
·
attack.execution
attack.defense_evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Powershell ReverseShell Connection
calendar
Apr 11, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Apr 11, 2023
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded IEX Cmdlet
calendar
Apr 11, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
««
«
1
2
3
4
»
»»
to-top