ATT&CK Technique | ID | Operating System | URL | Source Repository |
---|---|---|---|---|
T1053.005 | CAR-2013-01-002 | windows | https://car.mitre.org/analytics/CAR-2013-01-002 | CAR |
T1053.005 | CAR-2013-04-002 | windows,linux,mac | https://car.mitre.org/analytics/CAR-2013-04-002 | CAR |
T1053.005 | CAR-2013-08-001 | windows | https://car.mitre.org/analytics/CAR-2013-08-001 | CAR |
T1053.005 | CAR-2015-04-002 | windows | https://car.mitre.org/analytics/CAR-2015-04-002 | CAR |
T1053.005 | CAR-2020-09-001 | windows | https://car.mitre.org/analytics/CAR-2020-09-001 | CAR |
T1053.005 | 7feb7972-7ac3-11eb-bac8-acde48001122 | windows | https://github.com/splunk/security_content/blob/5c22609da7571bb08495cf84c86acef383250bb4/detections/endpoint/suspicious_scheduled_task_from_public_directory.yml | Splunk |
T1053.005 | 1297fb80-f42a-4b4a-9c8a-88c066437cf6 | windows | https://github.com/splunk/security_content/blob/5c22609da7571bb08495cf84c86acef383250bb4/detections/endpoint/schtasks_used_for_forcing_a_reboot.yml | Splunk |
T1053.005 | d5af132c-7c17-439c-9d31-13d55340f36c | windows | https://github.com/splunk/security_content/blob/5c22609da7571bb08495cf84c86acef383250bb4/detections/endpoint/scheduled_task_deleted_or_created_via_cmd.yml | Splunk |
T1053.005 | 1297fb80-f42a-4b4a-9c8a-88c066237cf6 | windows | https://github.com/splunk/security_content/blob/5c22609da7571bb08495cf84c86acef383250bb4/detections/endpoint/schtasks_scheduling_job_on_remote_system.yml | Splunk |
T1053.005 | 203ef0ea-9bd8-11eb-8201-acde48001122 | windows | https://github.com/splunk/security_content/blob/25a4be5d980d2e98883a840bf075bd575cf8681f/detections/endpoint/winevent_scheduled_task_created_to_spawn_shell.yml | Splunk |
T1053.005 | 5d9c6eee-988c-11eb-8253-acde48001122 | windows | https://github.com/splunk/security_content/blob/25a4be5d980d2e98883a840bf075bd575cf8681f/detections/endpoint/winevent_scheduled_task_created_within_public_path.yml | Splunk |
T1053.005 | 523c2684-a101-11eb-916b-acde48001122 | windows | https://github.com/splunk/security_content/blob/503e6acd96c84f6701811029201294a29f1ef21c/detections/endpoint/schedule_task_with_http_command_arguments.yml | Splunk |
T1053.005 | 523c2684-a101-11eb-916b-acde48001122 | windows | https://github.com/splunk/security_content/blob/25a4be5d980d2e98883a840bf075bd575cf8681f/detections/endpoint/shedule_task_with_http_command_arguments.yml | Splunk |
T1059.001 | CAR-2014-04-003 | windows | https://car.mitre.org/analytics/CAR-2014-04-003 | CAR |
T1059.001 | CAR-2014-11-004 | windows | https://car.mitre.org/analytics/CAR-2014-11-004 | CAR |
T1059.001 | ac7102b4-9e1e-4802-9b4f-17c5524c015c | windows | https://github.com/SigmaHQ/sigma/blob/1ff5e226ad8bed34916c16ccc77ba281ca3203ae/rules/windows/pipe_created/sysmon_powershell_execution_pipe.yml | Sigma |
T1059.001 | e9f55347-2928-4c06-88e5-1a7f8169942e | windows | https://github.com/SigmaHQ/sigma/blob/f16aca7a353bb01d9862ea1f2a10fa0d866e83c3/rules/windows/process_creation/win_invoke_obfuscation_via_var%2B%2B.yml | Sigma |
T1059.001 | 056a7ee1-4853-4e67-86a0-3fd9ceed7555 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_via_rundll.yml | Sigma |
T1059.001 | 6c96fc76-0eb1-11eb-adc1-0242ac120002 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_stdin%2B.yml | Sigma |
T1059.001 | fdb62a13-9a81-4e5c-a38f-ea93a16f6d7c | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_encoded_frombase64string.yml | Sigma |
T1059.001 | e32d4572-9826-4738-b651-95fa63747e8a | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_powershell_frombase64string.yml | Sigma |
T1059.001 | e312efd0-35a1-407f-8439-b8d434b438a6 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_susp_powershell_encoded_param.yml | Sigma |
T1059.001 | e1561947-b4e3-4a74-9bdd-83baed21bdb5 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_via_use_clip.yml | Sigma |
T1059.001 | 88f680b8-070e-402c-ae11-d2914f2257f1 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_encoded_iex.yml | Sigma |
T1059.001 | a6d67db4-6220-436d-8afc-f3842fe05d43 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/powershell/powershell_dnscat_execution.yml | Sigma |
T1059.001 | 9c14c9fa-1a63-4a64-8e57-d19280559490 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_via_stdin.yml | Sigma |
T1059.001 | 27aec9c9-dbb0-4939-8422-1742242471d0 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_var%2B.yml | Sigma |
T1059.001 | 3d304fda-78aa-43ed-975c-d740798a49c1 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/powershell/powershell_suspicious_invocation_generic.yml | Sigma |
T1059.001 | b222df08-0e07-11eb-adc1-0242ac120002 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_clip%2B.yml | Sigma |
T1059.001 | ac20ae82-8758-4f38-958e-b44a3140ca88 | windows | https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_invoke_obfuscation_via_use_mhsta.yml | Sigma |
Showing 1 to 30 of 294 entries