open-menu
closeme
Potentially Suspicious JWT Token Search Via CLI
calendar
Oct 6, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Potential Python DLL SideLoading
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging/Processing Option Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
HTTP Logging Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
New Module Module Added To IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Previously Installed IIS Module Was Removed
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
COM Object Hijacking Via Modification Of Default System CLSID Default Value
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Proxy)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Webserver
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Devtunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Oct 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2023-46214 Using Public POC Code
calendar
Oct 1, 2024
·
cve.2023-46214
detection.emerging-threats
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Webserver
calendar
Oct 1, 2024
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Generic Process Access
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To DevTunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Permission Misconfiguration Reconnaissance Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Portable Gpg.EXE Execution
calendar
Oct 1, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-46214 Exploitation Attempt
calendar
Oct 1, 2024
·
attack.lateral-movement
attack.t1210
cve.2023-46214
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Excel.EXE DCOM Lateral Movement Via ActivateMicrosoftApp
calendar
Oct 1, 2024
·
attack.t1021.003
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Process Code Injection Via DD Utility
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1055.009
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious GrantedAccess Flags On LSASS
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Execution With Potential Decryption Capabilities
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - Security
calendar
Oct 1, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Security Tools Keyword Lookup Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Patching Activity
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Oct 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution Anomaly
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution From Privileged Process
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution With Output Option
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Linux HackTool Execution
calendar
Sep 22, 2024
·
attack.execution
attack.resource-development
attack.t1587
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning Tools Execution
calendar
Sep 22, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - MeshAgent Command Execution via MeshCentral
calendar
Sep 22, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Renamed Powershell Under Powershell Channel
calendar
Sep 22, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Registry Key - Write Access Requested
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-time Protection Disabled
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Detect MeshAgent Command Execution via MeshCentral
calendar
Sep 21, 2024
·
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Search for Antivirus process
calendar
Sep 20, 2024
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Remote Access Software Domain From Non-Browser App
calendar
Sep 13, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To BTunnels Domains
calendar
Sep 13, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
PwnKit Local Privilege Escalation
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Sep 13, 2024
·
attack.execution
attack.privilege-escalation
attack.resource-development
attack.t1587
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DInjector PowerShell Cradle Execution
calendar
Sep 13, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LPE InstallerFileTakeOver PoC CVE-2021-41379
calendar
Sep 13, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Possible CVE-2021-1675 Print Spooler Exploitation
calendar
Sep 13, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Exploit CVE-2019-0708
calendar
Sep 13, 2024
·
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Potential SAM Database Dump
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Scanner PoC for CVE-2019-0708 RDP RCE Vuln
calendar
Sep 13, 2024
·
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rejected SMB Guest Logon From IP
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Cicada Ransomware PSExec File Creation
calendar
Sep 9, 2024
·
attack.lateral-movement
attack.execution
attack.t1570
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Cicada3301 Ransomware Execution via PSExec
calendar
Sep 9, 2024
·
attack.execution
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets
calendar
Sep 9, 2024
·
attack.defense-evasion
attack.impact
attack.t1578
attack.t1578.003
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
IISReset Used to Stop IIS Services
calendar
Sep 9, 2024
·
attack.impact
attack.defense-evasion
attack.t1562
attack.t1562.001
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Right-to-Left Override
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Startup/Logon Script Added to Group Policy Object
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Persistence and Execution at Scale via GPO Scheduled Task
calendar
Sep 6, 2024
·
attack.persistence
attack.lateral-movement
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Abuse for Privilege Addition
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Process Deletion of Its Own Executable
calendar
Sep 3, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dism Remove Online Package
calendar
Sep 3, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Feature Enabled Via DISM
calendar
Sep 3, 2024
·
attack.persistence
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Installation - PsScript
calendar
Sep 3, 2024
·
attack.persistence
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Incoming Connection
calendar
Sep 2, 2024
·
attack.persistence
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Capsh Shell Invocation - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Inline Python Execution - Spawn Shell Via OS System Library
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution GCC - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Find - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Flock - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Git - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Nice - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Rsync - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Apt - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Env Command - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation Via Ssh - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invocation of Shell via AWK - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vim GTFOBin Abuse - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Versioning Disable
calendar
Sep 2, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Certificate Use With No Strong Mapping
calendar
Sep 2, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Sep 2, 2024
·
attack.persistence
attack.t1136.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DLL Sideloading Indicators
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DNS Communication Indicators
calendar
Sep 2, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Process Activity Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation - Registry
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2020-1472 - Execution of ZeroLogon PoC
calendar
Sep 2, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
cve.2020-1472
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicators Of CVE-2023-20198
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP URL Via Curl.EXE
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32 - GuLoader Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Kerberoasting Activity - Initial Query
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Creation Via Taskmgr.EXE
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
New Okta User Created
calendar
Sep 2, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Via CLI
calendar
Sep 2, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Okta 2023 Breach Indicator Of Compromise
calendar
Sep 2, 2024
·
attack.credential-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Functions Access Through Proxy
calendar
Sep 2, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
OneNote.EXE Execution of Malicious Embedded Scripts
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Onyx Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-44228 Exploitation Attempt - VMware Horizon
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2021-44228
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-22954 Exploitation Attempt - VMware Workspace ONE Access Remote Code Execution
calendar
Sep 2, 2024
·
attack.execution
attack.initial-access
attack.t1059.006
attack.t1190
cve.2022-22954
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Sep 2, 2024
·
attack.persistence
attack.t1505.001
cve.2023-27363
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
calendar
Sep 2, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 2
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 3
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream - CLI
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Proxy
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2023-43621
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Web
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2023-43621
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - Dynamic Compilation Via Csc.EXE
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Okta Password in AlternateID Field
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created By Non-PowerShell Process
calendar
Sep 2, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Execution Policy Enabled
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Initial Execution From External Drive
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Subsequent Execution of Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Command Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect File Transfer
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Temporary File
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed VsCode Code Tunnel Execution - File Indicator
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery Via Powershell Script
calendar
Sep 2, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Serpent Backdoor Payload Execution Via Scheduled Task
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LNK Double Extension File Created
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Sysmon as Execution Parent
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.t1068
cve.2022-41120
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Remote File Creation
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Service Installation
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Shell Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
A Rule Has Been Deleted From The Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet Signing Level Requirements By File Under Validation
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AppX Package Locations
calendar
Aug 29, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon New Firewall Rule Added In Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - macOS
calendar
Aug 29, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Filter Driver Disallowed On Dev Drive - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Emotet Loader Execution Via .LNK File
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Activity
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Explorer Folder Opened Using Explorer Folder Shortcut Via Shell
calendar
Aug 29, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpWSUS/WSUSpendu Execution
calendar
Aug 29, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SOAPHound Execution
calendar
Aug 29, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key - CommandLine
calendar
Aug 29, 2024
·
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Via .NET Reflection
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-29072 Exploitation Attempt
calendar
Aug 29, 2024
·
attack.execution
cve.2022-29072
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - File Activity
calendar
Aug 29, 2024
·
attack.initial-access
attack.t1190
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Local Kerberos Relay over LDAP
calendar
Aug 29, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering - ProcCreation
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Connection to Active Directory Web Services
calendar
Aug 29, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Cab File Extraction Via Wusa.EXE From Potentially Suspicious Paths
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
COM Object Execution via Xwizard.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
New Capture Session Launched Via DXCap.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Injection Via AccCheckConsole
calendar
Aug 29, 2024
·
attack.execution
detection.threat-hunting
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious EventLog Recon Activity Using Log Query Utilities
calendar
Aug 29, 2024
·
attack.credential-access
attack.discovery
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump via RdrLeakDiag.EXE
calendar
Aug 29, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Program Executed Using Proxy/Local Command Via SSH.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Relevant Anti-Virus Signature Keywords In Application Log
calendar
Aug 29, 2024
·
attack.resource-development
attack.t1588
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Sigverif.EXE Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Executed By Parent Process Located In Suspicious Location
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Xwizard.EXE Execution From Non-Default Location
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Reconnaissance/Enumeration Via LDAP
calendar
Aug 27, 2024
·
attack.discovery
attack.t1069.002
attack.t1087.002
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Disable Important Scheduled Task
calendar
Aug 26, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Service Tampering
calendar
Aug 26, 2024
·
attack.defense-evasion
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Put.io - DNS Client
calendar
Aug 23, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder
calendar
Aug 23, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location
calendar
Aug 23, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
New Connection Initiated To Potential Dead Drop Resolver Domain
calendar
Aug 23, 2024
·
attack.command-and-control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE
calendar
Aug 23, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Curl.EXE
calendar
Aug 23, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Wget.EXE
calendar
Aug 23, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Websites - File Stream
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote AppX Package Locations
calendar
Aug 23, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download From File Sharing Websites - File Stream
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Driver Added To Disallowed Images In HVCI - Registry
calendar
Aug 21, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Hidden Flag Set On File/Directory Via Chflags - MacOS
calendar
Aug 21, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
User Risk and MFA Registration Policy Updated
calendar
Aug 21, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Multi Factor Authentication Disabled For User Account
calendar
Aug 21, 2024
·
attack.credential-access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Data Export From MSSQL Table Via BCP.EXE
calendar
Aug 20, 2024
·
attack.execution
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32.EXE Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Aug 16, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LaZagne Execution
calendar
Aug 16, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Capture Wi-Fi password
calendar
Aug 14, 2024
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Powershell
calendar
Aug 13, 2024
·
attack.defense-evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
7Zip Compressing Dump Files
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Added to a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Removed From a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A New Trust Was Created To A Domain
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Security-Enabled Global Group Was Deleted
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abused Debug Privilege by Arbitrary Parent Processes
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Access To ADMIN$ Network Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Access to Browser Login Data
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Access To Crypto Currency Wallets By Uncommon Applications
calendar
Aug 12, 2024
·
attack.t1003
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Access To Potentially Sensitive Sysvol Files By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows Credential History File By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows DPAPI Master Keys By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Account Created And Deleted Within A Close Time Frame
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Account Disabled or Blocked for Sign in Attempts
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Account Lockout
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Certificate Services Denied Certificate Enrollment Request
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Computers Enumeration With Get-AdComputer
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Database Snapshot Via ADExplorer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Group Enumeration With Get-AdGroup
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Kerberos DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Parsing DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Replication from Non Machine Account
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Csvde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Activity from Anonymous IP Addresses
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity from Infrequent Country
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity from Suspicious IP Addresses
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity Performed by Terminated User
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - PoshModule
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - ScriptBlock
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
AD Object WriteDAC Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
AD Privileged Users or Groups Reconnaissance
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability with Risky EKU
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add or Remove Computer from DC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Add SafeBoot Keys Via Reg Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Cmdlet
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Script
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Added Credentials to Existing Application
calendar
Aug 12, 2024
·
attack.t1098.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Added Owner To Application
calendar
Aug 12, 2024
·
attack.t1552
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
AddinUtil.EXE Execution From Uncommon Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Addition of SID History to Active Directory Object
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1134.005
·
Share on:
twitter
facebook
linkedin
copy
ADFS Database Named Pipe Connection By Uncommon Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Admin User Remote Logon
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1078.001
attack.t1078.002
attack.t1078.003
car.2016-04-005
·
Share on:
twitter
facebook
linkedin
copy
ADS Zone.Identifier Deleted By Uncommon Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
ADSelfService Exploitation
calendar
Aug 12, 2024
·
cve.2021-40539
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
ADSI-Cache File Creation By Uncommon Tool
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Advanced IP Scanner - File Event
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT File Artifact
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
All Backups Deleted Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
All Rules Have Been Deleted From The Windows Firewall Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Allow Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts Pipe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated MSI Spawned Cmd And Powershell
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated Windows Installer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
AMSI Bypass Pattern Assembly GetType
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Loaded Via LOLBIN Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Anomalous Token
calendar
Aug 12, 2024
·
attack.t1528
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Anomalous User Activity
calendar
Aug 12, 2024
·
attack.t1098
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1528
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Exploitation Framework Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Hacktool Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Password Dumper Detection
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1558
attack.t1003.001
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Ransomware Detection
calendar
Aug 12, 2024
·
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Relevant File Paths Alerts
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Web Shell Detection
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Remote Access Software Service Installation
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Temporary Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Apache Segmentation Fault
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - ProcessCreation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-33891
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - Weblogs
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-33891
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Apache Threading Error
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.t1190
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
App Granted Microsoft Permissions
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
App Role Added
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.privilege-escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application Removed Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Terminated Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Uninstalled
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Aug 12, 2024
·