Common Information
| Type | Value |
|---|---|
| Value |
User Execution - T1204 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | An adversary may rely upon specific actions by a user in order to gain execution. This may be direct code execution, such as when a user opens a malicious executable delivered via Spearphishing Attachment with the icon and apparent extension of a document file. It also may lead to other execution techniques, such as when a user clicks on a link delivered via Spearphishing Link that leads to exploitation of a browser or application vulnerability via Exploitation for Client Execution. While User Execution frequently occurs shortly after Initial Access it may occur at other phases of an intrusion, such as when an adversary places a file in a shared directory or on a user's desktop hoping that a user will click on it. Detection: Monitor the execution of and command-line arguments for applications that may be used by an adversary to gain Initial Access that require user interaction. This includes compression applications, such as those for zip files, that can be used to Deobfuscate/Decode Files or Information in payloads. Anti-virus can potentially detect malicious documents and files that are downloaded and execuited on the user's computer. Endpoint sensing or network sensing can potentially detect malicious events once the file is opened (such as a Microsoft Word document or PDF reaching out to the internet or spawning Powershell.exe) for techniques such as Exploitation for Client Execution and Scripting. Platforms: Linux, Windows, macOS Data Sources: Anti-virus, Process command-line parameters, Process monitoring Permissions Required: User |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-14 | 24 | Major cyber attacks and data breaches of 2024 | ||
| Details | Website | 2024-11-13 | 55 | HawkEye Malware: Technical Analysis | ||
| Details | Website | 2024-11-13 | 55 | HawkEye Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-11-13 | 55 | HawkEye | PredatorPain | ||
| Details | Website | 2024-11-11 | 35 | Threat Intelligence Report 5th November - 11th November | ||
| Details | Website | 2024-11-08 | 25 | Dark Web Profile: CosmicBeetle (NoName) Ransomware - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-07 | 66 | European diplomats targeted by APT29 (Cozy Bear) with WINELOADER | ||
| Details | Website | 2024-11-07 | 33 | Malicious Inauthentic Falcon Crash Reporter Installer Delivers Malware Named Ciro | ||
| Details | Website | 2024-11-04 | 27 | Jumpy Pisces Threat Intel | ||
| Details | Website | 2024-11-04 | 3 | Sophisticated Phishing Attack Targeting Ukraine Military Sectors | ||
| Details | Website | 2024-11-04 | 35 | G700 : The Next Generation of Craxs RAT - CYFIRMA | ||
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-11-04 | 24 | From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-31 | 10 | UAC-0050 Phishing Attack Detection: The russia-Backed Group Massively Spreads Tax-Related Phishing Emails and Exploit LITEMANAGER - SOC Prime | ||
| Details | Website | 2024-10-30 | 120 | Strela Stealer Targets Europe Stealthily Via WebDav | ||
| Details | Website | 2024-10-29 | 207 | WarmCookie Malware Threat Intel | ||
| Details | Website | 2024-10-26 | 21 | Analyzing the Wannacry Ransomware | ||
| Details | Website | 2024-10-25 | 58 | HeptaX: Unauthorized RDP Connections For Cyberespionage Operations | ||
| Details | Website | 2024-10-24 | 5 | Ransomware and Cyber Extortion in Q3 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-24 | 221 | Operation Cobalt Whisper Targets Industries in Hong Kong and Pakistan | ||
| Details | Website | 2024-10-17 | 16 | Dark Web Profile: Evil Corp - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-10-17 | 16 | Dark Web Profile: Evil Corp | ||
| Details | Website | 2024-10-17 | 100 | Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage | ||
| Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere |