Tag
medium
advisory
Node.js Spawning Curl or Wget for Command and Control
2 rules 2 TTPsDetection of Node.js directly or via a shell spawning curl or wget, potentially indicating command and control behavior where adversaries download tools or payloads onto the system.
Node.js
command_and_control
nodejs
curl
wget
initial_access
2r
2t
medium
advisory
Potential Data Exfiltration via Wget on Linux Systems
2 rules 1 TTPThis rule detects the use of wget on Linux systems to upload files to an external server, a tactic commonly used for data exfiltration.
Linux
exfiltration
wget
data-theft
2r
1t