attack.t1059.004 | Detection.FYI

Equation Group Indicators
Feb 1, 2023 · attack.execution attack.g0020 attack.t1059.004 ·
Share on:
Detects suspicious shell commands used in various Equation Group scripts and tools

Read More
JexBoss Command Sequence
Feb 1, 2023 · attack.execution attack.t1059.004 ·
Share on:
Detects suspicious command sequence that JexBoss

Read More
Suspicious Activity in Shell Commands
Feb 1, 2023 · attack.execution attack.t1059.004 ·
Share on:
Detects suspicious shell commands used in various exploit codes (see references)

Read More
Suspicious Commands Linux
Feb 1, 2023 · attack.execution attack.t1059.004 ·
Share on:
Detects relevant commands often related to malware or hacking activity

Read More
Suspicious Reverse Shell Command Line
Feb 1, 2023 · attack.execution attack.t1059.004 ·
Share on:
Detects suspicious shell commands or program code that may be executed or used in command line to establish a reverse shell

Read More
BPFtrace Unsafe Option Usage
Jan 27, 2023 · attack.execution attack.t1059.004 ·
Share on:
Detects the usage of the unsafe bpftrace option

Read More
AWS EC2 Startup Shell Script Change
Oct 25, 2022 · attack.execution attack.t1059.001 attack.t1059.003 attack.t1059.004 ·
Share on:
Detects changes to the EC2 instance startup script. The shell script will be executed as root/SYSTEM every time the specific instances are booted up.

Read More