Tag
medium
advisory
Suspicious Linux C2 Activity: Network Connection Followed by File Creation
2 rules 2 TTPsThis brief identifies suspicious Command and Control (C2) activity on Linux systems where a C2 agent, such as Poseidon or Athena, connects outbound from a sensitive temporary directory and subsequently creates a file in a similar location, indicative of receiving and executing commands from a C2 framework like Mythic.
command-and-control
execution
linux
endpoint-detection
2r
2t
high
advisory
Windows Credential Access from Browser Password Store Detection
1 rule 3 TTPsThis brief describes a detection for suspicious activity on Windows systems where an uncommon or unauthorized process attempts to access browser user data profiles, a common behavior observed in Trojan Stealers like SnakeKeylogger to harvest sensitive browser information and credentials for exfiltration.
credential-access
stealer
windows
endpoint-detection
1r
3t