open-menu
closeme
Potential Arbitrary Command Execution Via FTP.EXE
calendar
Apr 26, 2024
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Use of FSharp Interpreters
calendar
Apr 26, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Wscript Shell Run In CommandLine
calendar
Apr 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
In-memory Downloading and Compiling of Applets as Payloads
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Mac AppleScript Input Prompt
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Qbot Mounted Drive Script Executions
calendar
Mar 26, 2024
·
attack.s0650
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell with Suspect Strings
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Unusual or Suspicious Process Ancestry - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Explorer Spawning Command Shell with Start and Exit Commands
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Creating Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Lure Document Execution
calendar
Mar 25, 2024
·
attack.execution
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Renamed NirCmd.EXE Execution
calendar
Mar 11, 2024
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Forfiles Command Execution
calendar
Mar 11, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Mar 1, 2024
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Mar 1, 2024
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Mar 1, 2024
·
attack.execution
attack.defense_evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Install New Package Via Winget Local Manifest
calendar
Mar 1, 2024
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Xterm Reverse Shell
calendar
Mar 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download and Execution Cradles
calendar
Mar 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created In PerfLogs
calendar
Mar 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
JavaScript Execution Using MSDOS 8.3 File Notation
calendar
Feb 26, 2024
·
attack.defense_evasion
attack.t1059
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Uncommon Parent Process
calendar
Feb 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Process Patterns
calendar
Feb 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Feb 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Child Process - MacOS
calendar
Feb 1, 2024
·
attack.initial_access
attack.execution
attack.t1189
attack.t1203
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Feb 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Jan 29, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Jan 29, 2024
·
attack.defense_evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Jan 12, 2024
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Jan 10, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Sliver C2 Implant Activity Pattern
calendar
Jan 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Dosfuscation Activity
calendar
Jan 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Jan 1, 2024
·
attack.execution
attack.privilege_escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Inline Command Execution
calendar
Jan 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Jan 1, 2024
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Dec 21, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Dec 21, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender AMSI Trigger Detected
calendar
Dec 21, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detected
calendar
Dec 21, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Writing Of Malicious Files To The Fonts Folder
calendar
Dec 4, 2023
·
attack.t1211
attack.t1059
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Dec 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Nov 2, 2023
·
attack.t1566
attack.t1566.002
attack.initial_access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Use of Pcalua For Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Oct 26, 2023
·
attack.execution
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Oct 26, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Script Interpreter Execution From Suspicious Folder
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Oct 18, 2023
·
attack.g0010
attack.execution
attack.t1059
attack.lateral_movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Oct 18, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Oct 17, 2023
·
attack.initial_access
attack.execution
attack.t1190
attack.t1059
cve.2022.26134
·
Share on:
twitter
facebook
linkedin
copy
Azure New CloudShell Created
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Oct 17, 2023
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Parent in Public Folder Suspicious Process
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Oct 17, 2023
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense_evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY on Windows
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Script Execution From Temp Folder
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of OpenConsole
calendar
Oct 17, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate Autoit3.exe Execution Parameters
calendar
Oct 14, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Oct 12, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Jul 31, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Jul 27, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Jul 17, 2023
·
attack.execution
attack.T1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scan Loop Network
calendar
Jun 26, 2023
·
attack.execution
attack.t1059
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Lazarus Group Activity
calendar
Jun 20, 2023
·
attack.g0032
attack.execution
attack.t1059
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt
calendar
Jun 20, 2023
·
attack.initial_access
attack.execution
attack.t1190
attack.t1059
cve.2021.26084
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-40444 Exploitation Attempt
calendar
Jun 20, 2023
·
attack.execution
attack.t1059
cve.2021.40444
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
REvil Kaseya Incident Malware Patterns
calendar
Jun 20, 2023
·
attack.execution
attack.t1059
attack.g0115
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Image Load
calendar
Jun 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Quick Execution of a Series of Suspicious Commands
calendar
Apr 21, 2023
·
car.2013-04-002
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RASdial Activity
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Sysprep on AppData Folder
calendar
Mar 5, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Mar 2, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Feb 9, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Feb 7, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from Redirected Input Stream
calendar
Feb 3, 2023
·
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Feb 1, 2023
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Old)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution with Get UUID Option
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wscript.exe Executing Agreement Javascript in AppData Folder
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Temp Files
calendar
Oct 13, 2022
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
to-top