T1053

https://attack.mitre.org/techniques/T1053/

Sigma:
builtin/security/win_security_atsvc_task.yml:    - attack.t1053.002
builtin/security/win_security_gpo_scheduledtasks.yml:    - attack.t1053.005
builtin/security/win_security_susp_scheduled_task_creation.yml:    - attack.t1053.005
builtin/security/win_security_susp_scheduled_task_delete_or_disable.yml:    - attack.t1053.005
builtin/security/win_security_susp_scheduled_task_update.yml:    - attack.t1053.005
builtin/taskscheduler/win_taskscheduler_execution_from_susp_locations.yml:    - attack.t1053.005
builtin/taskscheduler/win_taskscheduler_lolbin_execution_via_task_scheduler.yml:    - attack.t1053.005
file/file_event/file_event_win_susp_task_write.yml:    - attack.t1053
powershell/powershell_script/posh_ps_cmdlet_scheduled_task.yml:    - attack.t1053.005
process_creation/proc_creation_win_at_interactive_execution.yml:    - attack.t1053.002
process_creation/proc_creation_win_hktl_crackmapexec_execution.yml:    - attack.t1053
process_creation/proc_creation_win_hktl_crackmapexec_execution_patterns.yml:    - attack.t1053
process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml:    - attack.t1053.005
process_creation/proc_creation_win_hktl_sharpersist.yml:    - attack.t1053
process_creation/proc_creation_win_renamed_schtasks_execution.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_appdata_local_system.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_change.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_creation.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_creation_temp_folder.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_curl_and_powershell_combo.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_env_folder.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_folder_combos.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_guid_task_name.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_one_time_only_midnight_task.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_openssh_tunnelling.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_persistence_windows_telemetry.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_powershell_persistence.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_reg_loader.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_reg_loader_encoded.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_schedule_type.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_schedule_type_system.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_schedule_via_masqueraded_xml_file.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_susp_pattern.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_system.yml:    - attack.t1053.005
process_creation/proc_creation_win_schtasks_system_process.yml:    - attack.t1053.005
registry/registry_set/registry_set_taskcache_entry.yml:    - attack.t1053
registry/registry_set/registry_set_taskcache_entry.yml:    - attack.t1053.005
registry/registry_set/registry_set_telemetry_persistence.yml:    - attack.t1053.005


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

T1053 #154

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

T1053 #154

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions