Hunting for malicious scheduled tasks - Threat hunting with hints of incident response
Tags
attack-pattern: Data Powershell - T1059.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Scheduled Task - T1053.005 Powershell - T1086 Regsvr32 - T1117 Rundll32 - T1085 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 95089057-a9dd-4930-b404-32a20090d236
Fingerprint 670419706f7656de
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 6, 2024, 12:22 p.m.
Added to db Oct. 6, 2024, 3:20 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Hunting for malicious scheduled tasks
Title Hunting for malicious scheduled tasks - Threat hunting with hints of incident response
Detected Hints/Tags/Attributes 26/1/7
Source URLs
Redirection Url
Details Source https://threathunt.blog/hunting-for-malicious-scheduled-tasks/?utm_source=rss&utm_medium=rss&utm_campaign=hunting-for-malicious-scheduled-tasks
URL Provider
Details Provider Source level domain
Details threathunt.blog threathunt.blog
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 252 | Threat hunting with hints of incident response https://threathunt.blog/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 249 
schtasks.exe
Details File 1122 
svchost.exe
Details File 2125 
cmd.exe
Details File 1208 
powershell.exe
Details File 1018 
rundll32.exe
Details File 459 
regsvr32.exe
Details File 97 
mpcmdrun.exe