open-menu
closeme
DarkGate
calendar
Sep 21, 2023
·
Share on:
twitter
facebook
linkedin
copy
Disabling Multi Factor Authentication
calendar
Sep 18, 2023
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added
calendar
Sep 18, 2023
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added - Exchange
calendar
Sep 18, 2023
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
SCR File Write Event
calendar
Sep 18, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without CommandLine Parameters
calendar
Sep 16, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Access To .Reg/.Hive Files By Uncommon Application
calendar
Sep 15, 2023
·
attack.t1112
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Access To Browser Credential Files By Uncommon Application
calendar
Sep 15, 2023
·
attack.t1003
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows Credential History File By Uncommon Application
calendar
Sep 15, 2023
·
attack.credential_access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows DPAPI Master Keys By Uncommon Application
calendar
Sep 15, 2023
·
attack.credential_access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Credential Manager Access By Uncommon Application
calendar
Sep 15, 2023
·
attack.t1003
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Sep 15, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Uncommon Script Extension Execution
calendar
Sep 15, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of DiskShadow.EXE
calendar
Sep 15, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activated Too Frequently
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activation Doesn't Require MFA
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Are Not Being Used
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Assigned Outside PIM
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Stale Accounts In A Privileged Role
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Too Many Global Admins
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Elevated System Shell
calendar
Sep 14, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Extract Credentials From IIS Application Pool Configuration Files
calendar
Sep 13, 2023
·
attack.CredentialAccess
attack.T1552.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Files
calendar
Sep 13, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Sysmon as Execution Parent
calendar
Sep 13, 2023
·
attack.privilege_escalation
attack.t1068
cve.2022.41120
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Sep 11, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Malicious IP Address Sign-In Failure Rate
calendar
Sep 11, 2023
·
attack.t1090
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Malicious IP Address Sign-In Suspicious
calendar
Sep 11, 2023
·
attack.t1090
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Primary Refresh Token Access Attempt
calendar
Sep 11, 2023
·
attack.t1528
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Okta Identity Provider Created
calendar
Sep 11, 2023
·
attack.persistence
attack.t1098.001
·
Share on:
twitter
facebook
linkedin
copy
Okta New Admin Console Behaviours
calendar
Sep 11, 2023
·
attack.initial_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Okta Suspicious Activity Reported by End-user
calendar
Sep 11, 2023
·
attack.resource_development
attack.t1586.003
·
Share on:
twitter
facebook
linkedin
copy
Okta User Session Start Via An Anonymising Proxy Service
calendar
Sep 11, 2023
·
attack.defense_evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Suspicious Invocation
calendar
Sep 10, 2023
·
attack.defense_evasion
attack.impact
attack.t1070
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added In Windows Firewall Exception List
calendar
Sep 10, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scripting in a WMI Consumer
calendar
Sep 10, 2023
·
attack.execution
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Dead Drop Resolvers
calendar
Sep 8, 2023
·
attack.command_and_control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Epmap Connection
calendar
Sep 7, 2023
·
attack.lateral_movement
·
Share on:
twitter
facebook
linkedin
copy
ESXi Syslog Configuration Change Via ESXCLI
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.t1562.001
attack.t1562.003
·
Share on:
twitter
facebook
linkedin
copy
7Zip Compressing Dump Files
calendar
Sep 7, 2023
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Copy from Admin Share
calendar
Sep 7, 2023
·
attack.lateral_movement
attack.collection
attack.exfiltration
attack.t1039
attack.t1048
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File
calendar
Sep 7, 2023
·
attack.execution
cve.2023.38331
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
calendar
Sep 7, 2023
·
detection.emerging_threats
attack.execution
attack.t1203
cve.2023.38331
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - .REV File Creation
calendar
Sep 7, 2023
·
attack.execution
cve.2023.40477
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - WinRAR Application Crash
calendar
Sep 7, 2023
·
attack.execution
cve.2023.40477
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
FoggyWeb Backdoor DLL Loading
calendar
Sep 7, 2023
·
attack.resource_development
attack.t1587
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.t1218.011
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols
calendar
Sep 7, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols Via CLI
calendar
Sep 7, 2023
·
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
LOL-Binary Copied From System Directory
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
LOLBIN Execution From Abnormal Drive
calendar
Sep 7, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
LSASS Dump Keyword In CommandLine
calendar
Sep 7, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Old TLS1.0/TLS1.1 Protocol Version Enabled
calendar
Sep 7, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor DLL Loading Activity
calendar
Sep 7, 2023
·
attack.persistence
attack.t1574.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Browser Data Stealing
calendar
Sep 7, 2023
·
attack.credential_access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via LSASS Process Clone
calendar
Sep 7, 2023
·
attack.credential_access
attack.t1003
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution
calendar
Sep 7, 2023
·
attack.execution
cve.2023.36874
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
calendar
Sep 7, 2023
·
attack.execution
cve.2023.36874
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location
calendar
Sep 7, 2023
·
attack.execution
cve.2023.36874
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via CommandLine
calendar
Sep 7, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of WinRAR.EXE
calendar
Sep 7, 2023
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Windows App Activity
calendar
Sep 7, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Spawned Via Explorer.EXE
calendar
Sep 7, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Manage Engine ServiceDesk
calendar
Sep 7, 2023
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Copy From or To System Directory
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Winrar Compressing Dump Files
calendar
Sep 7, 2023
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Winrar Execution in Non-Standard Folder
calendar
Sep 7, 2023
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Sep 6, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Electron Application Child Processes
calendar
Sep 6, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ADS Zone.Identifier Deleted By Uncommon Application
calendar
Sep 6, 2023
·
attack.defense_evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
ESXi Account Creation Via ESXCLI
calendar
Sep 6, 2023
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
ESXi Admin Permission Assigned To Account Via ESXCLI
calendar
Sep 6, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi Network Configuration Discovery Via ESXCLI
calendar
Sep 6, 2023
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Storage Information Discovery Via ESXCLI
calendar
Sep 6, 2023
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi System Information Discovery Via ESXCLI
calendar
Sep 6, 2023
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM Kill Via ESXCLI
calendar
Sep 6, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM List Discovery Via ESXCLI
calendar
Sep 6, 2023
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VSAN Information Discovery Via ESXCLI
calendar
Sep 6, 2023
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
SQL Injection Strings In URI
calendar
Sep 6, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Anomalous Token
calendar
Sep 6, 2023
·
attack.t1528
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Anomalous User Activity
calendar
Sep 6, 2023
·
attack.t1098
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Account Credential Leaked
calendar
Sep 6, 2023
·
attack.t1589
attack.reconnaissance
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Password Spray Activity
calendar
Sep 6, 2023
·
attack.t1110
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
SAML Token Issuer Anomaly
calendar
Sep 6, 2023
·
attack.t1606
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Sign-In From Malware Infected IP
calendar
Sep 6, 2023
·
attack.t1090
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Forwarding Identity Protection
calendar
Sep 6, 2023
·
attack.t1140
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Manipulation Rules
calendar
Sep 6, 2023
·
attack.t1140
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
New Port Forwarding Rule Added Via Netsh.EXE
calendar
Sep 1, 2023
·
attack.lateral_movement
attack.defense_evasion
attack.command_and_control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Uninstaller Execution
calendar
Sep 1, 2023
·
detection.emerging_threats
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Path Traversal Exploitation Attempts
calendar
Sep 1, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Event 4663)
calendar
Sep 1, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Network Connections Where There Should Not Be (Notepad)
calendar
Sep 1, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket DCOMExec Connection Attempt - Zeek
calendar
Sep 1, 2023
·
attack.s0357
attack.execution
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket Secretsdump.py Activity
calendar
Sep 1, 2023
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Shrpubw Execution from Unexpected File Path
calendar
Sep 1, 2023
·
attack.persistence
attack.t1574
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious 'Admin' Local User Creation with Net Command
calendar
Sep 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1136.001
attack.t1136
attack.t1078
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious BlackCat-Related Exfiltration Command
calendar
Sep 1, 2023
·
attack.exfiltration
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calc Child Process
calendar
Sep 1, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Arguments from Explorer or Wermgr
calendar
Sep 1, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Injection to Explorer
calendar
Sep 1, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Aug 29, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Added to a Security-Enabled Global Group
calendar
Aug 28, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Removed From a Security-Enabled Global Group
calendar
Aug 28, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Rule Has Been Deleted From The Windows Firewall Exception List
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
A Security-Enabled Global Group Was Deleted
calendar
Aug 28, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Abusing IEExec To Download Payloads
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Add or Remove Computer from DC
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
ADSelfService Exploitation
calendar
Aug 28, 2023
·
cve.2021.40539
detection.emerging_threats
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
All Rules Have Been Deleted From The Windows Firewall Configuration
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Apache Threading Error
calendar
Aug 28, 2023
·
attack.initial_access
attack.lateral_movement
attack.t1190
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell
calendar
Aug 28, 2023
·
attack.credential_access
attack.execution
attack.t1552.004
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Cross Site Scripting Strings
calendar
Aug 28, 2023
·
attack.initial_access
attack.t1189
·
Share on:
twitter
facebook
linkedin
copy
Device Installation Blocked
calendar
Aug 28, 2023
·
attack.initial_access
attack.t1200
·
Share on:
twitter
facebook
linkedin
copy
Execution of Powershell Script in Public Folder
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Modified In The Windows Firewall Exception List
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Gzip Archive Decode Via PowerShell
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 28, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.credential_access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Aug 28, 2023
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Interactive Bash Suspicious Children
calendar
Aug 28, 2023
·
attack.execution
attack.defense_evasion
attack.t1059.004
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
ISO or Image Mount Indicator in Recent Files
calendar
Aug 28, 2023
·
attack.initial_access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Java Payload Strings
calendar
Aug 28, 2023
·
cve.2022.26134
cve.2021.26084
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
JNDIExploit Pattern
calendar
Aug 28, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Indicators
calendar
Aug 28, 2023
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Pool Connections
calendar
Aug 28, 2023
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Linux Reverse Shell Indicator
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
calendar
Aug 28, 2023
·
cve.2023.34362
detection.emerging_threats
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Exception Rule Added For A Suspicious Folder
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Nohup Execution
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Outgoing Logon with New Credentials
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.lateral_movement
attack.t1550
·
Share on:
twitter
facebook
linkedin
copy
Parent in Public Folder Suspicious Process
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Email Attachment)
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.initial_access
attack.t1027
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 28, 2023
·
attack.command_and_control
attack.defense_evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 28, 2023
·
detection.emerging_threats
attack.execution
attack.defense_evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - Process Creation
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - PS Script
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27997 Exploitation Indicators
calendar
Aug 28, 2023
·
cve.2023.27997
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL File Download Via PowerShell Invoke-WebRequest
calendar
Aug 28, 2023
·
attack.command_and_control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
calendar
Aug 28, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Execution Using Reflection.Assembly
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Tmp Folder
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious PowerShell Child Processes
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Inline Execution From A File
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Aug 28, 2023
·
attack.command_and_control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
ProxyLogon Reset Virtual Directories Based On IIS Log
calendar
Aug 28, 2023
·
cve.2021.26858
detection.emerging_threats
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Aug 28, 2023
·
attack.execution
attack.defense_evasion
attack.privilege_escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Suspicious Execution
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.discovery
attack.persistence
attack.privilege_escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Aug 28, 2023
·
attack.persistence
attack.privilege_escalation
attack.discovery
attack.defense_evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Rename Common File to DLL File
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1036.008
·
Share on:
twitter
facebook
linkedin
copy
Replay Attack Detected
calendar
Aug 28, 2023
·
attack.credential_access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without DLL File
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Server Side Template Injection Strings
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1221
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 28, 2023
·
cve.2021.42287
detection.emerging_threats
attack.defense_evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download from Office Domain
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1105
attack.t1608
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dropbox API Usage
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious FromBase64String Usage On Gzip Archive - Process Creation
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious FromBase64String Usage On Gzip Archive - Ps Script
calendar
Aug 28, 2023
·
attack.command_and_control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hacktool Execution - Imphash
calendar
Aug 28, 2023
·
attack.credential_access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hacktool Execution - PE Metadata
calendar
Aug 28, 2023
·
attack.credential_access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS Module Registration
calendar
Aug 28, 2023
·
attack.persistence
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Interactive PowerShell as SYSTEM
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kernel Dump Using Dtrace
calendar
Aug 28, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell IEX Execution Patterns
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Parents
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Aug 28, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Redirection to Local Admin Share
calendar
Aug 28, 2023
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SysAidServer Child
calendar
Aug 28, 2023
·
attack.lateral_movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Aug 28, 2023
·
attack.credential_access
attack.defense_evasion
attack.privilege_escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Update Agent Empty Cmdline
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious X509Enrollment - Process Creation
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious X509Enrollment - Ps Script
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
The Windows Defender Firewall Service Failed To Load Group Policy
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Aug 28, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
User with Privileges Logon
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.lateral_movement
attack.credential_access
attack.t1558
attack.t1649
attack.t1550
·
Share on:
twitter
facebook
linkedin
copy
Windows Binaries Write Suspicious Extensions
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Firewall Has Been Reset To Its Default Configuration
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Settings Have Been Changed
calendar
Aug 28, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Aug 28, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
WScript or CScript Dropper - File
calendar
Aug 28, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Visual Studio Tools for Office
calendar
Aug 28, 2023
·
attack.t1137.006
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Nullsoft Scriptable Installer Script (NSIS) execution
calendar
Aug 26, 2023
·
attack.execution
attack.T1106
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Search-ms and WebDAV Suspicious Indicators in URL
calendar
Aug 25, 2023
·
attack.initial_access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Container Residence Discovery Via Proc Virtual FS
calendar
Aug 24, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Docker Container Discovery Via Dockerenv Listing
calendar
Aug 24, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Container Discovery Via Inodes Listing
calendar
Aug 24, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Rename Of Highly Relevant Binaries
calendar
Aug 24, 2023
·
attack.defense_evasion
attack.t1036.003
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution Location Of Wermgr.EXE
calendar
Aug 24, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Aug 24, 2023
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Disabling Python warnings for executing untrusted code
calendar
Aug 24, 2023
·
attack.Defense-Evansion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
Dynamic .NET Compilation Via Csc.EXE
calendar
Aug 23, 2023
·
attack.defense_evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE
calendar
Aug 23, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Anonymous IP Address
calendar
Aug 23, 2023
·
attack.t1528
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Devil Bait Potential C2 Communication Traffic
calendar
Aug 23, 2023
·
attack.command_and_control
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Powershell download and load assembly
calendar
Aug 23, 2023
·
Share on:
twitter
facebook
linkedin
copy
Masquerading as Linux Crond Process
calendar
Aug 22, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Download And Compile Of Payloads
calendar
Aug 22, 2023
·
attack.command_and_control
attack.execution
attack.t1059.007
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via DseditGroup
calendar
Aug 22, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Dscl
calendar
Aug 22, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Sysadminctl
calendar
Aug 22, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Potential Suspicious Child Process
calendar
Aug 22, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Execution
calendar
Aug 22, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Root Account Enable Via Dsenableroot
calendar
Aug 22, 2023
·
attack.t1078
attack.t1078.001
attack.t1078.003
attack.initial_access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious WebDAV LNK Execution
calendar
Aug 22, 2023
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-21554 QueueJumper Exploitation
calendar
Aug 18, 2023
·
attack.privilege_escalation
attack.execution
cve.2023.21554
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 18, 2023
·
attack.execution
attack.t1059.005
attack.defense_evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Assembly DLL Creation Via AspNetCompiler
calendar
Aug 18, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Assembly Loading Via CL_LoadAssembly.ps1
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution From Script File Via Bash.EXE
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Indirect Inline Command Execution Via Bash.EXE
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom DB Path Registry Configuration
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom VBScript Registry Configuration
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom WMI Query Registry Configuration
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Script Proxy Execution Via CL_Mutexverifiers.ps1
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ASP.NET Compilation Via AspNetCompiler
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process of AspNetCompiler
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Mfdetours.DLL Sideloading
calendar
Aug 18, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Execution Proxy Via CL_Invocation.ps1
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Websites
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Binary Suspicious Communication Endpoint
calendar
Aug 17, 2023
·
attack.lateral_movement
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Curl.EXE
calendar
Aug 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Wget.EXE
calendar
Aug 17, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote AppX Package Locations
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download From File Sharing Websites
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installed
calendar
Aug 17, 2023
·
attack.t1562.001
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT - Registry
calendar
Aug 17, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Blackbyte Ransomware Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Aug 17, 2023
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using Event Viewer
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Change Winevt Event Access Permission Via Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Changing RDP Port to Non Standard Number
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Classes Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
ClickOnce Trust Prompt Tampering
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations in Registry
calendar
Aug 17, 2023
·
attack.execution
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
COM Hijack via Sdclt
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.t1546
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
COM Hijacking via TreatAs
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Common Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CrashControl CrashDump Disabled
calendar
Aug 17, 2023
·
attack.t1564
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CurrentControlSet Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion NT Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits
calendar
Aug 17, 2023
·
attack.credential_access
attack.t1566
attack.t1203
cve.2021.33771
cve.2021.31979
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
DHCP Callout DLL Installation
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Administrative Share Creation at Startup
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Disable Exploit Guard Network Protection on Windows Defender
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Macro Runtime Scan Scope
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Microsoft Defender Firewall via Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Privacy Settings Experience in Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable PUA Protection on Windows Defender
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Sysmon Event Logging Via Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Tamper Protection on Windows Defender
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable UAC Using Registry
calendar
Aug 17, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender Functionalities Via Registry Keys
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Event Logging Via Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Firewall by Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Security Center Notifications
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disabled RestrictedAdminMode For RDS
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disabled Windows Defender Eventlog
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Enable Microsoft Dynamic Data Exchange
calendar
Aug 17, 2023
·
attack.execution
attack.t1559.002
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For rpcrt4.dll
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For SCM
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Sysmon Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Execution DLL of Choice Using WAB.EXE
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Hide Schedule Task Via Index Value Tamper
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
IE Change Domain Zone
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer DisableFirstRunCustomize Enabled
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Lolbas OneDriveStandaloneUpdater.exe Proxy Download
calendar
Aug 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Lsass Full Dump Request Via DumpType Registry Settings
calendar
Aug 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Macro Enabled In A Potentially Suspicious Document
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office Protected View Disabled
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Modification of Explorer Hidden Keys
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Modification of IE Registry Settings
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
NET NGenAssemblyUsageLog Registry Key Tamper
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New Application in AppCompat
calendar
Aug 17, 2023
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New File Association Using Exefile
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
New ODBC Driver Registered
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New Root or CA or AuthRoot Certificate to Store
calendar
Aug 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
New RUN Key Pointing to Suspicious Folder
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Office Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macros Auto-Enabled
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled - Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 17, 2023
·
attack.persistence
attack.command_and_control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Outlook Security Settings Updated - Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Outlook Task/Note Reminder Received
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
cve.2023.23397
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Disk Cleanup Handler - Autorun
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Hhctrl.ocx
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI COM Server Hijacking
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Associations Tamper
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Attachments Tamper
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential AutoLogger Sessions Tampering
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT Windows User Creation
calendar
Aug 17, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - REG
calendar
Aug 17, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential Encrypted Registry Blob Related To SNAKE Malware
calendar
Aug 17, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EventLog File Location Tampering
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Using DebugPath
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via App Paths Default Property
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AutodialDLL
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via CHM Helper DLL
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via COM Hijacking From Suspicious Locations
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via COM Search Order Hijacking
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via DLLPathOverride
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Excel Add-in - Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via LSA Extensions
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Mpnotify
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 17, 2023
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 17, 2023
·
attack.persistence
attack.command_and_control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Pages
calendar
Aug 17, 2023
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Scrobj.dll COM Hijacking
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database In Uncommon Location
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via TypedPaths
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution - REG
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential PSFactoryBuffer COM Hijacking
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware Activity Using LegalNotice Message
calendar
Aug 17, 2023
·
attack.impact
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via DbgManagedDebugger
calendar
Aug 17, 2023
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via Windows Telemetry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features - Registry
calendar
Aug 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ODBC Driver Registered
calendar
Aug 17, 2023
·
attack.persistence
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell as a Service in Registry
calendar
Aug 17, 2023
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Logging Disabled Via Registry Key Tampering
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Register New IFiltre For Persistence
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Registry Disable System Restore
calendar
Aug 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Registry Explorer Policy Modification
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Hide Function from User
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification to Hidden File Extension
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Explorer Run Key
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Registry Persitence via Service in Safe Mode
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Running Chrome VPN Extensions via the Registry 2 VPN Extension
calendar
Aug 17, 2023
·
attack.persistence
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Scheduled TaskCache Change by Uncommon Program
calendar
Aug 17, 2023
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on: