attack.t1587.001

VHD Image Download Via Browser
May 5, 2023 · attack.resource_development attack.t1587.001 ·
Share on:
Detects creation of ".vhd"/".vhdx" files by browser processes. Malware can use mountable Virtual Hard Disk ".vhd" files to encapsulate payloads and evade security controls.

Read More
Potential Privilege Escalation To LOCAL SYSTEM
Feb 28, 2023 · attack.resource_development attack.t1587.001 ·
Share on:
Detects unknown program using commandline flags usually used by tools such as PsExec and PAExec to start programs with SYSTEM Privileges

Read More
PsExec/PAExec Escalation to LOCAL SYSTEM
Feb 28, 2023 · attack.resource_development attack.t1587.001 ·
Share on:
Detects suspicious commandline flags used by PsExec and PAExec to escalate a command line to LOCAL_SYSTEM rights

Read More
Potential PsExec Remote Execution
Feb 28, 2023 · attack.resource_development attack.t1587.001 ·
Share on:
Detects potential psexec command that initiate execution on a remote systems via common commandline flags used by the utility

Read More
Creation In User Word Startup Folder
Feb 23, 2023 · attack.resource_development attack.t1587.001 ·
Share on:
Detects the creation of an file in user Word Startup

Read More
PUA - CsExec Execution
Feb 21, 2023 · attack.resource_development attack.t1587.001 attack.execution attack.t1569.002 ·
Share on:
Detects the use of the lesser known remote execution tool named CsExec a PsExec alternative

Read More
ProxyLogon MSExchange OabVirtualDirectory
Feb 1, 2023 · attack.t1587.001 attack.resource_development ·
Share on:
Detects specific patterns found after a successful ProxyLogon exploitation in relation to a Commandlet invocation of Set-OabVirtualDirectory

Read More
Creation of an Executable by an Executable
Jan 26, 2023 · attack.resource_development attack.t1587.001 ·
Share on:
Detects the creation of an executable by another executable

Read More