open-menu
closeme
Unusual Parent Process For Cmd.EXE
calendar
Dec 6, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Writing Of Malicious Files To The Fonts Folder
calendar
Dec 4, 2023
·
attack.t1211
attack.t1059
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Dec 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Nov 2, 2023
·
attack.t1566
attack.t1566.002
attack.initial_access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Use of Pcalua For Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Oct 26, 2023
·
attack.execution
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Oct 26, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Oct 18, 2023
·
attack.execution
attack.defense_evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Inline Command Execution
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Script Interpreter Execution From Suspicious Folder
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Oct 18, 2023
·
attack.g0010
attack.execution
attack.t1059
attack.lateral_movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Oct 18, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Oct 17, 2023
·
attack.initial_access
attack.execution
attack.t1190
attack.t1059
cve.2022.26134
·
Share on:
twitter
facebook
linkedin
copy
Azure New CloudShell Created
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Oct 17, 2023
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Parent in Public Folder Suspicious Process
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Oct 17, 2023
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense_evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY on Windows
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Script Execution From Temp Folder
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Forfiles For Execution
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of FSharp Interpreters
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of OpenConsole
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate Autoit3.exe Execution Parameters
calendar
Oct 14, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Oct 12, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
LOLBIN Execution Of The FTP.EXE Binary
calendar
Aug 11, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Jul 31, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Jul 27, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Jul 17, 2023
·
attack.execution
attack.T1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scan Loop Network
calendar
Jun 26, 2023
·
attack.execution
attack.t1059
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Lazarus Group Activity
calendar
Jun 20, 2023
·
attack.g0032
attack.execution
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt
calendar
Jun 20, 2023
·
attack.initial_access
attack.execution
attack.t1190
attack.t1059
cve.2021.26084
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-40444 Exploitation Attempt
calendar
Jun 20, 2023
·
attack.execution
attack.t1059
cve.2021.40444
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
REvil Kaseya Incident Malware Patterns
calendar
Jun 20, 2023
·
attack.execution
attack.t1059
attack.g0115
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Image Load
calendar
Jun 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Wscript Shell Run In CommandLine
calendar
May 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download and Execution Cradles
calendar
May 9, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created In PerfLogs
calendar
May 5, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Xterm Reverse Shell
calendar
Apr 25, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Quick Execution of a Series of Suspicious Commands
calendar
Apr 21, 2023
·
car.2013-04-002
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Apr 19, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Install New Package Via Winget Local Manifest
calendar
Apr 19, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Apr 18, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Apr 18, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Apr 12, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Uncommon Parent Process
calendar
Apr 11, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Child Process - MacOS
calendar
Apr 5, 2023
·
attack.initial_access
attack.execution
attack.t1189
attack.t1203
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Process Patterns
calendar
Apr 3, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Dosfuscation Activity
calendar
Mar 7, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Sliver C2 Implant Activity Pattern
calendar
Mar 5, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RASdial Activity
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Sysprep on AppData Folder
calendar
Mar 5, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Mar 2, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Feb 21, 2023
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Feb 13, 2023
·
attack.execution
attack.privilege_escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Feb 9, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Feb 7, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from Redirected Input Stream
calendar
Feb 3, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Feb 1, 2023
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Old)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender AMSI Trigger Detected
calendar
Dec 7, 2022
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detected
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution with Get UUID Option
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wscript.exe Executing Agreement Javascript in AppData Folder
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Temp Files
calendar
Oct 13, 2022
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
to-top