Tag
medium
advisory
Detection of Obfuscated IP Address Usage in Download Commands
2 rules 2 TTPsThis brief details the use of obfuscated IP addresses within download commands, often employed to evade detection by hiding the true destination of malicious downloads.
Windows
discovery
evasion
obfuscation
2r
2t
medium
advisory
Suspicious HTML File Creation Leading to Potential Payload Delivery
3 rules 3 TTPsThis detection identifies the creation of HTML files with high entropy and large size, followed by execution via a browser process, indicating potential HTML smuggling and malicious payload delivery on Windows systems.
Elastic Defend
html-smuggling
phishing
initial-access
windows
evasion
3r
3t
medium
advisory
Detection of Obfuscated IP Addresses via Command Line Tools
3 rules 1 TTPThe use of command-line tools like ping.exe or arp.exe with obfuscated IP addresses (hex, octal, etc.) in the command line can indicate reconnaissance activity or attempts to evade security controls by masking the true destination.
Windows
reconnaissance
evasion
command-line
3r
1t