open-menu
closeme
PowerShell Suspicious .NET Methods
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1140
attack.t1574
attack.t1574.013
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Decoded From Images
calendar
Dec 21, 2023
·
attack.defense_evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Forwarding Identity Protection
calendar
Oct 28, 2023
·
attack.t1140
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Pipe to Shell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Shebang In CLI
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Shell Pipe to Shell
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Tar File From Untrusted Direct IP Via Wget
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1140
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Oct 17, 2023
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense_evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Manipulation Rules
calendar
Sep 6, 2023
·
attack.t1140
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 28, 2023
·
detection.emerging_threats
attack.execution
attack.defense_evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Compressed Files From Temp.sh Using Wget
calendar
Jun 20, 2023
·
attack.defense_evasion
attack.t1140
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - SSL Certificate Exfiltration Via Openssl
calendar
Jun 20, 2023
·
attack.defense_evasion
attack.t1140
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Decompress Commands
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Ping Hex IP
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Commandline Obfuscation Using Escape Characters
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
MSHTA Suspicious Execution 01
calendar
Feb 22, 2023
·
attack.defense_evasion
attack.t1140
attack.t1218.005
attack.execution
attack.t1059.007
cve.2020.1599
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Feb 1, 2023
·
attack.t1027
attack.defense_evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Nov 29, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding in CMD or Powershell
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
to-top