==================================================

CREATED: LINUX-CRON-CURL-TO-BASH (#1322)

Description

Identifies the instances of curl spawning as a cron job to download and execute content.

References

ATT&CK Technique T1168

==================================================

CREATED: LINUX-CRON-WGET-TO-BASH (#1323)

Description

Identifies the instances of wget spawning as a cron job to download and execute content.

References

ATT&CK Technique T1168

==================================================

CREATED: LINUX-CRONTAB-MODIFICATION (#1319)

Description

Identifies processes modifying Linux crontab and anacrontab files. This tactic is commonly used to establish persistence on a Linux system.

References

ATT&CK Technique T1168

Did this answer your question?