open-menu
closeme
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution From Script File Via Bash.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Indirect Inline Command Execution Via Bash.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Using Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Via FTP.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary DLL Load Using Winword
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Using Office Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Via Cmdl32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed NirCmd.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without CommandLine Parameters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cabinet File Execution Via Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Binary Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Splwow64 Without Params
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Troubleshooting Pack Cmdlet Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Setres.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Execute Python Scripts via Python Installer Binary
calendar
Aug 10, 2024
·
attack.Defense.Evasion
attack.T1202
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Solarmarker File Extension Registry Key Set
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
to-top