File and Directory Permissions Modification

Adversaries may modify file or directory permissions to evade defenses.

Executes dropped EXE

Renames itself

Unexpected DNS network traffic destination

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Creates/modifies Cron job

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Enumerates running processes

Discovers information about currently running processes on the system