diff --git a/monkey/infection_monkey/exploit/__init__.py b/monkey/infection_monkey/exploit/__init__.py
index 84dd81393..7cf1ac4cf 100644
--- a/monkey/infection_monkey/exploit/__init__.py
+++ b/monkey/infection_monkey/exploit/__init__.py
@@ -25,7 +25,7 @@ class HostExploiter(object):
                               'finished': '',
                               'vulnerable_urls': [],
                               'vulnerable_ports': [],
-                              'executed_cmds': []}
+                              'executed_cmds': {}}
         self._exploit_attempts = []
         self.host = host
 
@@ -59,6 +59,9 @@ class HostExploiter(object):
     def add_vuln_port(self, port):
         self._exploit_info['vulnerable_ports'].append(port)
 
+    def add_example_cmd(self, cmd):
+        self._exploit_info['executed_cmds']['example'] = cmd
+
 
 from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter
 from infection_monkey.exploit.wmiexec import WmiExploiter
diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py
index 1e8ac9d8e..570575423 100644
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@@ -49,7 +49,7 @@ class HadoopExploiter(WebRCE):
             return False
         http_thread.join(self.DOWNLOAD_TIMEOUT)
         http_thread.stop()
-        self._exploit_info['executed_cmds'].append(command)
+        self.add_example_cmd(command)
         return True
 
     def exploit(self, url, command):
diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
index 1f21f9ecd..d738cba60 100644
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -76,7 +76,7 @@ class MSSQLExploiter(HostExploiter):
         commands.extend(monkey_args)
         MSSQLExploiter.execute_command(cursor, commands)
         MSSQLExploiter.run_file(cursor, tmp_file_path)
-        self._exploit_info['executed_cmds'].append(commands[-1])
+        self.add_example_cmd(commands[-1])
         return True
 
     @staticmethod
diff --git a/monkey/infection_monkey/exploit/rdpgrinder.py b/monkey/infection_monkey/exploit/rdpgrinder.py
index dcbc01b1d..1e66040fc 100644
--- a/monkey/infection_monkey/exploit/rdpgrinder.py
+++ b/monkey/infection_monkey/exploit/rdpgrinder.py
@@ -343,5 +343,5 @@ class RdpExploiter(HostExploiter):
 
         LOG.info("Executed monkey '%s' on remote victim %r",
                  os.path.basename(src_path), self.host)
-        self._exploit_info['executed_cmds'].append(command)
+        self.add_example_cmd(command)
         return True
diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py
index b308c57fe..9db770905 100644
--- a/monkey/infection_monkey/exploit/shellshock.py
+++ b/monkey/infection_monkey/exploit/shellshock.py
@@ -144,7 +144,7 @@ class ShellShockExploiter(HostExploiter):
             if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
                 LOG.info("Log file does not exist, monkey might not have run")
                 continue
-            self._exploit_info['executed_cmds'].append(cmdline)
+            self.add_example_cmd(cmdline)
             return True
 
         return False
diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py
index 9aafae2a4..226ad8943 100644
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@@ -178,7 +178,7 @@ class SSHExploiter(HostExploiter):
                      self._config.dropper_target_path_linux, self.host, cmdline)
 
             ssh.close()
-            self._exploit_info['executed_cmds'].append(cmdline)
+            self.add_example_cmd(cmdline)
             return True
 
         except Exception as exc:
diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py
index 23a89a96e..f3f13c073 100644
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ b/monkey/infection_monkey/exploit/vsftpd.py
@@ -138,7 +138,7 @@ class VSFTPDExploiter(HostExploiter):
         if backdoor_socket.send(run_monkey):
             LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux,
                      self.host, run_monkey)
-            self._exploit_info['executed_cmds'].append(run_monkey)
+            self.add_example_cmd(run_monkey)
             return True
         else:
             return False
diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py
index 57a4cfa60..053737075 100644
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@@ -420,7 +420,7 @@ class WebRCE(HostExploiter):
             return False
         LOG.info("Execution attempt finished")
 
-        self._exploit_info['executed_cmds'].append(command)
+        self.add_example_cmd(command)
         return resp
 
     def get_monkey_upload_path(self, url_to_monkey):
diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py
index 29bc08981..b9decf433 100644
--- a/monkey/infection_monkey/exploit/wmiexec.py
+++ b/monkey/infection_monkey/exploit/wmiexec.py
@@ -114,7 +114,7 @@ class WmiExploiter(HostExploiter):
 
             result.RemRelease()
             wmi_connection.close()
-
+            self.add_example_cmd(cmdline)
             return success
 
         return False
diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py
index 330b13c71..e85e27415 100644
--- a/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py
+++ b/monkey/monkey_island/cc/services/attack/technique_reports/T1059.py
@@ -13,7 +13,7 @@ class T1059(AttackTechnique):
     used_msg = "Monkey successfully ran commands on exploited machines in the network."
 
     query = [{'$match': {'telem_type': 'exploit',
-                         'data.info.executed_cmds': {'$not': {'$size': 0}}}},
+                         'data.info.executed_cmds.example': {'$exists': True}}},
              {'$project': {'_id': 0,
                            'machine': '$data.machine',
                            'info': '$data.info'}},
diff --git a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js
index 4a65ee34a..466474624 100644
--- a/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js
+++ b/monkey/monkey_island/cc/ui/src/components/attack/techniques/T1059.js
@@ -15,7 +15,7 @@ class T1059 extends React.Component {
       columns: [
         {Header: 'Machine', id: 'machine', accessor: x => RenderMachine(x.data[0].machine), style: { 'whiteSpace': 'unset'}, width: 160 },
         {Header: 'Approx. Time', id: 'time', accessor: x => x.data[0].info.finished, style: { 'whiteSpace': 'unset' }},
-        {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds[0], style: { 'whiteSpace': 'unset' }},
+        {Header: 'Command', id: 'command', accessor: x => x.data[0].info.executed_cmds.example, style: { 'whiteSpace': 'unset' }},
         ]
     }])};