open-menu
closeme
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32.EXE Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign File Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Code Execution via Pcwutl.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Equation Group DLL_U Export Function Load
calendar
Aug 12, 2024
·
attack.g0020
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
EvilNum APT Golden Chickens Deployment Via OCX Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fireball Archer Install
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - F-Secure C3 Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Execution Via RunDLL32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Loaded Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
NotPetya Ransomware Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.t1070.001
attack.credential-access
attack.t1003.001
car.2016-04-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.command-and-control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Via DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin CPL Execution Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32 Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Process Access via TrolleyExpress Exclusion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Rhadamanthys Stealer Module Launch Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution With Uncommon DLL Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 InstallScreenSaver Execution
calendar
Aug 12, 2024
·
attack.t1218.011
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
RunDLL32 Spawning Explorer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 UNC Path Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1021.002
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
SCR File Write Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
ScreenSaver Registry Key Set
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Shell32 DLL Execution in Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Control Panel DLL Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Activity Invoking Sys File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution With Image Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Setupapi.dll Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Unsigned DLL Loaded by Windows Utility
calendar
Aug 12, 2024
·
attack.t1218.011
attack.t1218.010
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
ZxShell Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.defense-evasion
attack.t1218.011
attack.s0412
attack.g0001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with DllRegisterServer Function
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Injection into LSASS
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Without a Command Line
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Export Functionalities - Rundll32
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Application Bypass with DllRegisterServer Function (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Injection into LSASS (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Suspicious Process Lineage (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Without a Command Line (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with RunDLL32 and DllRegisterServer Function
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.s0650
attack.s0386
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Export Functionalities
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 without Command Line
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
to-top