open-menu
closeme
Renamed PingCastle Binary Execution
calendar
Dec 1, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY Via PTY Module
calendar
Nov 4, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Oct 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Capsh Shell Invocation - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Inline Python Execution - Spawn Shell Via OS System Library
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Git - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Rsync - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Env Command - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation Via Ssh - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invocation of Shell via AWK - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - Dynamic Compilation Via Csc.EXE
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2022-26134
·
Share on:
twitter
facebook
linkedin
copy
Azure New CloudShell Created
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Drop DarkGate Loader In C:\Temp Directory
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Forfiles Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Sliver C2 Implant Activity Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Install New Package Via Winget Local Manifest
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Lazarus Group Activity
calendar
Aug 12, 2024
·
attack.g0032
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Aug 12, 2024
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense-evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Image Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Temp Files
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Via FTP.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2021-26084
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Process Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-40444 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Dosfuscation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Lure Document Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Xterm Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Parent Process In Public Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download and Execution Cradles
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY on Windows
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed NirCmd.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
REvil Kaseya Incident Malware Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.g0115
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from Redirected Input Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Script Interpreter Execution From Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Child Process - MacOS
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1189
attack.t1203
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.002
attack.initial-access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created In PerfLogs
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Aug 12, 2024
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RASdial Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scan Loop Network
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Script Execution From Temp Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Sysprep on AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059
attack.lateral-movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Use of FSharp Interpreters
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of OpenConsole
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Pcalua For Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender AMSI Trigger Detected
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detected
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Writing Of Malicious Files To The Fonts Folder
calendar
Aug 12, 2024
·
attack.t1211
attack.t1059
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Wscript Shell Run In CommandLine
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Aug 10, 2024
·
attack.execution
attack.T1059
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
In-memory Downloading and Compiling of Applets as Payloads
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Mac AppleScript Input Prompt
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Qbot Mounted Drive Script Executions
calendar
Mar 26, 2024
·
attack.s0650
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell with Suspect Strings
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Unusual or Suspicious Process Ancestry - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Explorer Spawning Command Shell with Start and Exit Commands
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Creating Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
JavaScript Execution Using MSDOS 8.3 File Notation
calendar
Feb 26, 2024
·
attack.defense_evasion
attack.t1059
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate Autoit3.exe Execution Parameters
calendar
Oct 14, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Quick Execution of a Series of Suspicious Commands
calendar
Apr 21, 2023
·
car.2013-04-002
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Old)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution with Get UUID Option
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wscript.exe Executing Agreement Javascript in AppData Folder
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
to-top