Table 3 Mail clients writing to disk
From: A flexible approach for cyber threat hunting based on kernel audit records
exe.fileName | mail.cmdLine |
|---|---|
/home/admin/.pine-debug1 | pine |
/dev/null | bash |
/home/admin/.pine-debug1 | bash |
/home/admin/.bash_history | bash |
/home/admin/.pine-debug1 | ./pine |
/tmp/tcexfil | ./pine |
/tmp/tcexec | ./pine |