Skip to content

Hide Navigation Hide TOC

Scheduled Cron Task/Job - Linux (6b14bac8-3e3a-4324-8109-42f0546a347f)

Detects abuse of the cron utility to perform task scheduling for initial or recurring execution of malicious code. Detection will focus on crontab jobs uploaded from the tmp folder.

Cluster A Galaxy A Cluster B Galaxy B Level
Scheduled Cron Task/Job - Linux (6b14bac8-3e3a-4324-8109-42f0546a347f) Sigma-Rules Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 1
Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern Cron - T1053.003 (2acf44aa-542f-4366-b4eb-55ef5747759c) Attack Pattern 2