open-menu
closeme
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
COM Object Execution via Xwizard.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
New Capture Session Launched Via DXCap.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Program Executed Using Proxy/Local Command Via SSH.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Hidden Flag Set On File/Directory Via Chflags - MacOS
calendar
Aug 21, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Aug 16, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AddinUtil.EXE Execution From Uncommon Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
BitLockerTogo.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
DeviceCredentialDeployment Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Devtoolslauncher.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution via Rasautou.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execute Files with Msdeploy.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execute MSDT Via Answer File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execute Pcwrun.EXE To Leverage Follina
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution DLL of Choice Using WAB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution via stordiag.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution via WorkFolders.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Using ProtocolHandler.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via InstallUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Gpscript Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Ie4uinit Lolbin Use From Invalid Path
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Import LDAP Data Interchange Format File Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1218
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution By Program Compatibility Wizard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
InfDefaultInstall.exe .inf Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Insensitive Subfolder Search Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Archive
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Script
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Runexehelper Use As Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Unregmp2.exe Use As Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Malicious PE Execution by Microsoft Visual Studio Debugger
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Malicious Windows Script Components File Execution by TAEF Detection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Web
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By AddinUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
OpenWith.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Application Whitelisting Bypass via Dnx.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Via Cmdl32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via Cdb.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1218
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via VSDiagnostics.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Update Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Malware Reconnaissance
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading Via OfflineScannerShell.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential NTLM Coercion Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Password Spraying Attempt Using Dsacls.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution - REG
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Provlaunch.EXE Binary Proxy Execution Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Register_App.Vbs LOLScript Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell ScriptBlock
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Child Process Of 3CXDesktopApp
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Mofcomp Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Over Permissive Permissions Granted Using Dsacls.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of DiskShadow.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious CMD Shell Output Redirect
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Self Extraction Directive File Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Wuauclt Network Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Dotnet-Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Wuauclt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
REGISTER_APP.VBS Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
RemoteFXvGPUDisablement Abuse Via AtomicTestHarnesses
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Renamed MegaSync Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Self Extracting Package Creation Via Iexpress.EXE From Potentially Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Self Extraction Directive File Created In Potentially Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Csi.exe Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1072
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DotNET CLR Usage Log Artifact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSDT Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Provlaunch.EXE Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Vsls-Agent Command With AgentExtensionPath Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Execute Arbitrary PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Execution to Bypass Powershell Restriction
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer VBS Execute Arbitrary PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage - Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Assistive Technology Applications Execution Via AtBroker.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AddinUtil.EXE CommandLine Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of AddinUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Appvlp.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Defaultpack.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Setres.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Link.EXE Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of Scriptrunner.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use Of The SFTP.EXE Binary As A LOLBIN
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of VisualUiaVerifyNative.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Verclsid.exe Runs COM Object
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Arbitrary Binary Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Renamed Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Wlrmdr.EXE Uncommon Argument Or Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
XBAP Execution From Uncommon Locations Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
CMSTP installation of malicious code
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Dumpbin LOLBin use for proxying execution via link.exe
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
MSTeams exe side-loading - Update.exe
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
VSDiagnostics used for proxying execution malicious binaries
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Wermgr.exe spawning without command line arguments
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with DllRegisterServer Function
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Injection into LSASS
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Without a Command Line
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Export Functionalities - Rundll32
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Windows Installer (msiexec.exe) Downloading and Executing Packages
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calc Child Process
calendar
Sep 1, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Injection to Explorer
calendar
Sep 1, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DNS Query From Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Download by Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Network Connection From Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Injection to RegAsm
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.t1218
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with RunDLL32 and DllRegisterServer Function
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.s0650
attack.s0386
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Export Functionalities
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 without Command Line
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
to-top