attack.t1071 | Detection.FYI

Suspicious Installer Package Child Process
Feb 21, 2023 · attack.t1059 attack.t1059.007 attack.t1071 attack.t1071.001 attack.execution attack.command_and_control ·
Share on:
Detects the execution of suspicious child processes from macOS installer package parent process. This includes osascript, JXA, curl and wget amongst other interpreters

Read More
HackTool - SILENTTRINITY Stager DLL Load
Feb 17, 2023 · attack.command_and_control attack.t1071 ·
Share on:
Detects SILENTTRINITY stager dll loading activity

Read More
HackTool - SILENTTRINITY Stager Execution
Feb 17, 2023 · attack.command_and_control attack.t1071 ·
Share on:
Detects SILENTTRINITY stager use via PE metadata

Read More
GALLIUM Artefacts - Builtin
Jan 2, 2023 · attack.credential_access attack.command_and_control attack.t1071 ·
Share on:
Detects artefacts associated with activity group GALLIUM - Microsoft Threat Intelligence Center indicators released in December 2019.

Read More