open-menu
closeme
Remote Access Tool - ScreenConnect Command Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect File Transfer
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Temporary File
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Conhost.exe CommandLine Path Traversal
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Elise Backdoor Activity
calendar
Aug 12, 2024
·
attack.g0030
attack.g0050
attack.s0081
attack.execution
attack.t1059.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploited CVE-2020-10189 Zoho ManageEngine
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1059.001
attack.t1059.003
attack.s0190
cve.2020-10189
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019-1378
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Was Not Allowed To Run
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.006
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Jlaive In-Memory Assembly Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koadic Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Exploitation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Path Traversal Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Powershell Execute Batch Script
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Executed From Headless ConHost Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Read Contents From Stdin Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Remote Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HWP Sub Processes
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1203
attack.t1059.003
attack.g0032
·
Share on:
twitter
facebook
linkedin
copy
ZxShell Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.defense-evasion
attack.t1218.011
attack.s0412
attack.g0001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE - sdiagnhost.exe spawning command
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE CVE-2022-30190
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell with Suspect Strings
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Unusual or Suspicious Process Ancestry - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Explorer Spawning Command Shell with Start and Exit Commands
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Creating Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Suspicious Process Ancestry (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Explorer Spawning CMD With Start/Exit Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Unusual or Suspicious Process Ancestry
calendar
Nov 9, 2022
·
attack.persistence
attack.t1505
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscation and Escape Characters
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
to-top