open-menu
closeme
Potential Register_App.Vbs LOLScript Abuse
calendar
May 30, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
May 23, 2023
·
attack.execution
attack.defense_evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious CMD Shell Output Redirect
calendar
May 17, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell ScriptBlock
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
RemoteFXvGPUDisablement Abuse Via AtomicTestHarnesses
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DotNET CLR Usage Log Artifact
calendar
May 5, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Web
calendar
Apr 14, 2023
·
attack.execution
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Renamed Execution
calendar
Apr 14, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Apr 14, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Arbitrary Binary Execution
calendar
Apr 14, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Apr 12, 2023
·
attack.defense_evasion
attack.execution
attack.initial_access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Command Execution Using WSL
calendar
Apr 12, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Mofcomp Execution
calendar
Apr 11, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of Squirrel.exe
calendar
Mar 22, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Import LDAP Data Interchange Format File Via Ldifde.EXE
calendar
Mar 15, 2023
·
attack.command_and_control
attack.defense_evasion
attack.t1218
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Mar 15, 2023
·
attack.defense_evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Dotnet-Dump
calendar
Mar 14, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Mar 7, 2023
·
attack.execution
attack.t1218
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Devtoolslauncher.exe Executes Specified Binary
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution via stordiag.exe
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
InfDefaultInstall.exe .inf Execution
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Explorer.exe
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Csi.exe Usage
calendar
Mar 5, 2023
·
attack.execution
attack.t1072
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Vsls-Agent Command With AgentExtensionPath Load
calendar
Mar 5, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Mar 2, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Mar 2, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
OpenWith.exe Executes Specified Binary
calendar
Mar 2, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Mar 2, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Windows Update Client LOLBIN
calendar
Mar 2, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Ie4uinit Lolbin Use From Invalid Path
calendar
Feb 28, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Feb 28, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Application Whitelisting Bypass via Bginfo
calendar
Feb 21, 2023
·
attack.execution
attack.t1059.005
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Application Whitelisting Bypass via Dnx.exe
calendar
Feb 21, 2023
·
attack.defense_evasion
attack.t1218
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Execution via Diskshadow.exe
calendar
Feb 21, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cabinet File Expansion
calendar
Feb 21, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DLL Loaded via CertOC.EXE
calendar
Feb 16, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded via CertOC.EXE
calendar
Feb 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential NTLM Coercion Via Certutil.EXE
calendar
Feb 15, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Feb 14, 2023
·
attack.execution
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Execution via WorkFolders.exe
calendar
Feb 13, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution via Wuauclt
calendar
Feb 13, 2023
·
attack.defense_evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Feb 13, 2023
·
attack.defense_evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Feb 8, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSDT Parent Process
calendar
Feb 7, 2023
·
attack.defense_evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Feb 6, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AgentExecutor PowerShell Execution
calendar
Feb 6, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
««
«
1
2
3
»
»»
to-top