open-menu
closeme
Lolbin Ssh.exe Use As Proxy
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Oct 28, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Execute Python Scripts via Python Installer Binary
calendar
Oct 26, 2023
·
attack.Defense.Evasion
attack.T1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Oct 23, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution From Script File Via Bash.EXE
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Indirect Inline Command Execution Via Bash.EXE
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Using Office Application
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Oct 18, 2023
·
attack.execution
attack.t1059.005
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Oct 18, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cmdl32 Execution
calendar
Oct 17, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Troubleshooting Pack Cmdlet Execution
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Use of Setres.exe
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Oct 12, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without CommandLine Parameters
calendar
Sep 16, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 18, 2023
·
attack.execution
attack.t1059.005
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Aug 15, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
LOLBIN Execution Of The FTP.EXE Binary
calendar
Aug 11, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Command Execution Using WSL
calendar
Jun 21, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Jun 1, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary DLL Load Using Winword
calendar
Apr 3, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Splwow64 Without Params
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Mar 2, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Mar 2, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE
calendar
Feb 20, 2023
·
attack.defense_evasion
attack.t1202
cve.2022.30190
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Feb 16, 2023
·
attack.execution
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Feb 13, 2023
·
attack.defense_evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Feb 9, 2023
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Using Msdt.EXE
calendar
Feb 8, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Feb 7, 2023
·
attack.execution
attack.t1059
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cabinet File Execution Via Msdt.EXE
calendar
Feb 7, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Binary Directory
calendar
Feb 1, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Solarmarker File Extension Registry Key Set
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
to-top