open-menu
closeme
Operator Bloopers Cobalt Strike Commands
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.003
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Nov 6, 2023
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Path Traversal Via Cmd.EXE
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Conhost.exe CommandLine Path Traversal
calendar
Oct 17, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Command Execution
calendar
Oct 5, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect File Transfer
calendar
Oct 5, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Remote Command Execution
calendar
Oct 5, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Temporary File
calendar
Oct 5, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 28, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.credential_access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Elise Backdoor Activity
calendar
Jun 20, 2023
·
attack.g0030
attack.g0050
attack.s0081
attack.execution
attack.t1059.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Exploited CVE-2020-10189 Zoho ManageEngine
calendar
Jun 20, 2023
·
attack.initial_access
attack.t1190
attack.execution
attack.t1059.001
attack.t1059.003
attack.s0190
cve.2020.10189
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Jun 20, 2023
·
attack.privilege_escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019.1378
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Jun 20, 2023
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
ZxShell Malware
calendar
Jun 20, 2023
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1218.011
attack.s0412
attack.g0001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Suspicious Process Ancestry (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Explorer Spawning CMD With Start/Exit Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Mar 7, 2023
·
attack.execution
attack.command_and_control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Read Contents From Stdin Via Cmd.EXE
calendar
Mar 7, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Mar 2, 2023
·
attack.execution
attack.defense_evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Jlaive In-Memory Assembly Execution
calendar
Feb 22, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koadic Execution
calendar
Feb 11, 2023
·
attack.execution
attack.t1059.003
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HWP Sub Processes
calendar
Feb 1, 2023
·
attack.initial_access
attack.t1566.001
attack.execution
attack.t1203
attack.t1059.003
attack.g0032
·
Share on:
twitter
facebook
linkedin
copy
Powershell Execute Batch Script
calendar
Jan 27, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Unusual or Suspicious Process Ancestry
calendar
Nov 9, 2022
·
attack.persistence
attack.t1505
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscation and Escape Characters
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Was Not Allowed To Run
calendar
Oct 25, 2022
·
attack.execution
attack.t1204.002
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.006
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE CVE-2022-30190
calendar
Jun 2, 2022
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE - sdiagnhost.exe spawning command
calendar
May 30, 2022
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
to-top