open-menu
closeme
Suspicious DNS Query for IP Lookup Service APIs
calendar
Dec 1, 2023
·
attack.reconnaissance
attack.t1590
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection to IP Lookup Service APIs
calendar
Dec 1, 2023
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Data Collection Via OSAScript
calendar
Dec 1, 2023
·
attack.collection
attack.execution
attack.t1115
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Copy Passwd Or Shadow From TMP Path
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Deployment AppX Package Was Blocked By AppLocker
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Deployment Of The AppX Package Was Blocked By The Policy
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
DirLister Execution
calendar
Dec 1, 2023
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows IIS HTTP Logging
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disabled RestrictedAdminMode For RDS - ProcCreation
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Anonfiles.com Domain - DNS Client
calendar
Dec 1, 2023
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Anonfiles.com Domain - Sysmon
calendar
Dec 1, 2023
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Dec 1, 2023
·
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Execution from Suspicious Folder
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Flush Iptables Ufw Chain
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Dec 1, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Github Delete Action Invoked
calendar
Dec 1, 2023
·
attack.impact
attack.collection
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Dec 1, 2023
·
attack.credential_access
attack.defense_evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Outside Collaborator Detected
calendar
Dec 1, 2023
·
attack.persistence
attack.collection
attack.t1098.001
attack.t1098.003
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Dec 1, 2023
·
attack.impact
attack.discovery
attack.collection
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz LSASS Dumper Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Htran/NATBypass Execution
calendar
Dec 1, 2023
·
attack.command_and_control
attack.t1090
attack.s0040
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Inveigh Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - KrbRelay Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - KrbRelayUp Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1558.003
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PowerTool Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SafetyKatz Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharPersist Execution
calendar
Dec 1, 2023
·
attack.persistence
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpLdapWhoami Execution
calendar
Dec 1, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEOP Execution
calendar
Dec 1, 2023
·
cve.2022.41120
attack.t1068
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories - ProcCreation
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Java Payload Strings
calendar
Dec 1, 2023
·
cve.2022.26134
cve.2021.26084
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
JXA In-memory Execution Via OSAScript
calendar
Dec 1, 2023
·
attack.t1059.002
attack.t1059.007
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Ssh.exe Use As Proxy
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Malicious Nishang PowerShell Commandlets
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Service Account Password Dumped
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Mount Execution With Hidepid Parameter
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
New Generic Credentials Added Via Cmdkey.EXE
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
New Github Organization Member Added
calendar
Dec 1, 2023
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Remote Desktop Connection Initiated Via Mstsc.EXE
calendar
Dec 1, 2023
·
attack.lateral_movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Nimbuspwn Exploitation
calendar
Dec 1, 2023
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Nltest.EXE Execution
calendar
Dec 1, 2023
·
attack.discovery
attack.t1016
attack.t1018
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assignment Created
calendar
Dec 1, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.003
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
OSACompile Run-Only Execution
calendar
Dec 1, 2023
·
attack.t1059.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Outdated Dependency Or Vulnerability Alert Disabled
calendar
Dec 1, 2023
·
attack.initial_access
attack.t1195.001
·
Share on:
twitter
facebook
linkedin
copy
PDQ Deploy Remote Adminstartion Tool Execution
calendar
Dec 1, 2023
·
attack.execution
attack.lateral_movement
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - ProcCreation
calendar
Dec 1, 2023
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsModule
calendar
Dec 1, 2023
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsScript
calendar
Dec 1, 2023
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Code Execution Via Node.EXE
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Centos Web Panel Exploitation Attempt - CVE-2022-44877
calendar
Dec 1, 2023
·
attack.initial_access
attack.t1190
cve.2022.44877
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - CLI
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-26809 Exploitation Attempt
calendar
Dec 1, 2023
·
attack.initial_access
attack.t1190
attack.execution
attack.t1569.002
cve.2022.26809
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Via Audio File
calendar
Dec 1, 2023
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Via Dnscmd.EXE
calendar
Dec 1, 2023
·
attack.discovery
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via DeviceEnroller.EXE
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt From Office Application
calendar
Dec 1, 2023
·
attack.execution
attack.defense_evasion
cve.2021.40444
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
calendar
Dec 1, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious AppX Package Installation Attempts
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Password Spraying Attempt Using Dsacls.EXE
calendar
Dec 1, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential PendingFileRenameOperations Tamper
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering - ProcCreation
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Injection Via Msra.EXE
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Tunneling Via SSH
calendar
Dec 1, 2023
·
attack.command_and_control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Potential Recon Activity Via Nltest.EXE
calendar
Dec 1, 2023
·
attack.discovery
attack.t1016
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Renamed Rundll32 Execution
calendar
Dec 1, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious BPF Activity - Linux
calendar
Dec 1, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Svchost Memory Access
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via CommandLine
calendar
Dec 1, 2023
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potentially Over Permissive Permissions Granted Using Dsacls.EXE
calendar
Dec 1, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Powershell Base64 Encoded MpPreference Cmdlet
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Powershell XML Execute Command
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - DefenderCheck Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
PUA - Fast Reverse Proxy (FRP) Execution
calendar
Dec 1, 2023
·
attack.command_and_control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - NPS Tunneling Tool Execution
calendar
Dec 1, 2023
·
attack.command_and_control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Seatbelt Execution
calendar
Dec 1, 2023
·
attack.discovery
attack.t1526
attack.t1087
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
PwnKit Local Privilege Escalation
calendar
Dec 1, 2023
·
attack.privilege_escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Query Usage To Exfil Data
calendar
Dec 1, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed BrowserCore.EXE Execution
calendar
Dec 1, 2023
·
attack.t1528
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed Mavinject.EXE Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Renamed Msdt.EXE Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed NetSupport RAT Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed Plink Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Renamed Remote Utilities RAT (RURAT) Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.collection
attack.command_and_control
attack.discovery
attack.s0592
·
Share on:
twitter
facebook
linkedin
copy
Renamed Sysinternals Sdelete Execution
calendar
Dec 1, 2023
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Renamed Vmnat.exe Execution
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Restricted Software Access By SRP
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
Root Certificate Installed From Susp Locations
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
SafeBoot Registry Key Deleted Via Reg.EXE
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Deleted Via Reg.EXE
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
SQLite Chromium Profile Data DB Access
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1539
attack.t1555.003
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
SQLite Firefox Profile Data DB Access
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1539
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AppX Package Installation Attempt
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AppX Package Locations
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary In User Directory Spawned From Office Application
calendar
Dec 1, 2023
·
attack.execution
attack.t1204.002
attack.g0046
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Digital Signature Of AppX Package
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Git Clone
calendar
Dec 1, 2023
·
attack.reconnaissance
attack.t1593.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hacktool Execution - Imphash
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hacktool Execution - PE Metadata
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS URL GlobalRules Rewrite Via AppCmd
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Instance Of An Office COM Object
calendar
Dec 1, 2023
·
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Script in CommandLine
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shells Spawn by Java Utility Keytool
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SignIns From A Non Registered Device
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Startup Folder Persistence
calendar
Dec 1, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of /dev/tcp
calendar
Dec 1, 2023
·
attack.reconnaissance
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of PsLogList
calendar
Dec 1, 2023
·
attack.discovery
attack.t1087
attack.t1087.001
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
The Windows Defender Firewall Service Failed To Load Group Policy
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Touch Suspicious Service File
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Ufw Force Stop Using Ufw-Init
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AppX Package Locations
calendar
Dec 1, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage
calendar
Dec 1, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage - PsScript
calendar
Dec 1, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets - ScriptBlock
calendar
Dec 1, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Dec 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - Log4J Wstomcat Process Execution
calendar
Nov 29, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Enabling Dev Drive With Disabled AV
calendar
Nov 29, 2023
·
attack.defense.evasion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Nov 28, 2023
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Nov 28, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Nov 28, 2023
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Nov 28, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
cve.2023.4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Nov 28, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
cve.2023.4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Nov 28, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
cve.2023.4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Nov 28, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
cve.2023.4966
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Nov 28, 2023
·
attack.impact
attack.defense_evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Nov 28, 2023
·
attack.impact
attack.defense_evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Nov 28, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Nov 28, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Executed By Parent Process Located In Suspicious Location
calendar
Nov 28, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Extracting Cab Files From Suspicious Paths
calendar
Nov 28, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Nov 28, 2023
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Nov 28, 2023
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Exchange Exploitation Used by HAFNIUM
calendar
Nov 28, 2023
·
attack.initial_access
attack.t1190
attack.g0125
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
HAFNIUM Exchange Exploitation Activity
calendar
Nov 28, 2023
·
attack.persistence
attack.t1546
attack.t1053
attack.g0125
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Nov 28, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 POWERHOLD Execution
calendar
Nov 28, 2023
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Reconnaissance/POWERTRASH Related Activity
calendar
Nov 28, 2023
·
attack.execution
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Related PowerShell Script Created
calendar
Nov 28, 2023
·
attack.execution
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT Mustang Panda Activity Against Australian Gov
calendar
Nov 28, 2023
·
attack.execution
attack.g0129
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - DNS
calendar
Nov 28, 2023
·
attack.command_and_control
attack.g0020
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - Proxy
calendar
Nov 28, 2023
·
attack.command_and_control
attack.g0020
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential POWERTRASH Script Execution
calendar
Nov 28, 2023
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
WMI Module Loaded By Non Uncommon Process
calendar
Nov 27, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2023-46214 Using Public POC Code
calendar
Nov 27, 2023
·
cve.2023.46214
detection.emerging_threats
attack.lateral_movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-46214 Exploitation Attempt
calendar
Nov 27, 2023
·
attack.lateral_movement
attack.t1210
cve.2023.46214
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Patterns
calendar
Nov 27, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1055
stp.1k
·
Share on:
twitter
facebook
linkedin
copy
Potential Access Token Abuse
calendar
Nov 27, 2023
·
attack.defense_evasion
attack.privilege_escalation
attack.t1134.001
stp.4u
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdFind Suspicious Execution
calendar
Nov 27, 2023
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation
calendar
Nov 27, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Permissions Weakness Check
calendar
Nov 27, 2023
·
attack.persistence
attack.t1574.011
stp.2a
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Nov 27, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without DLL File
calendar
Nov 20, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Devtunnels Domain
calendar
Nov 20, 2023
·
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Visual Studio Code Tunnels Domain
calendar
Nov 20, 2023
·
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To DevTunnels Domain
calendar
Nov 20, 2023
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
Nov 20, 2023
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Nov 20, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious EventLog Recon Activity Using Log Query Utilities
calendar
Nov 20, 2023
·
attack.credential_access
attack.discovery
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Domains
calendar
Nov 17, 2023
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Wuauclt Network Connection
calendar
Nov 17, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
EVTX Created In Uncommon Location
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Findstr GPP Passwords
calendar
Nov 15, 2023
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Insensitive Subfolder Search Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Reconnaissance Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Permission Misconfiguration Reconnaissance Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Wuauclt.EXE
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Recon Command Output Piped To Findstr.EXE
calendar
Nov 15, 2023
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation By Uncommon Source Image
calendar
Nov 15, 2023
·
attack.privilege_escalation
attack.defense_evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Renamed Office Binary Execution
calendar
Nov 15, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Security Tools Keyword Lookup Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Appended Extension
calendar
Nov 15, 2023
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Installation via Sdbinst.EXE
calendar
Nov 15, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Update Agent Empty Cmdline
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE
calendar
Nov 15, 2023
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Userinit Child Process
calendar
Nov 15, 2023
·
attack.t1037.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Deleted
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion List Modified
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Reigstry Key - Write Access Requested
calendar
Nov 15, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.execution
attack.t1059
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Proxy)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)
calendar
Nov 15, 2023
·
detection.emerging_threats
attack.initial_access
attack.t1190
cve.2023.22518
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Proxy
calendar
Nov 15, 2023
·
attack.initial_access
attack.t1190
cve.2023.43621
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Web
calendar
Nov 15, 2023
·
attack.initial_access
attack.t1190
cve.2023.43621
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
AppX Package Installation Attempts Via AppInstaller.EXE
calendar
Nov 14, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download And Execution Via IEExec.EXE
calendar
Nov 14, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From Browser Process Via Inline URL
calendar
Nov 14, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using ProtocolHandler.exe
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via InstallUtil.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1218
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Msxsl.EXE Execution
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By IMEWDBLD.EXE
calendar
Nov 14, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Nov 14, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calculator Usage
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Appvlp.EXE
calendar
Nov 14, 2023
·
attack.t1218
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
XBAP Execution From Uncommon Locations Via PresentationHost.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
XSL Script Execution Via WMIC.EXE
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Malleable Amazon Browsing Traffic Profile
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Confluence Exploitation CVE-2019-3398
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2019.3398
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-21972 VSphere Exploitation
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2021.21972
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-21978 Exploitation Attempt
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2021.21978
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-33766 Exchange ProxyToken Exploitation
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2021.33766
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Proxy
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
detection.emerging_threats
cve.2023.46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Webserver
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
detection.emerging_threats
cve.2023.46747
·
Share on:
twitter
facebook
linkedin
copy
Empire UserAgent URI Combo
calendar
Nov 14, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Exchange Exploitation CVE-2021-28480
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2021.28480
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Proxy
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Webserver
calendar
Nov 14, 2023
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-21587 Exploitation Attempt
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2022.21587
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential OWASSRF Exploitation Attempt - Proxy
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential OWASSRF Exploitation Attempt - Webserver
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
ProxyLogon Reset Virtual Directories Based On IIS Log
calendar
Nov 14, 2023
·
cve.2021.26858
detection.emerging_threats
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Zimbra Collaboration Suite Email Server Unauthenticated RCE
calendar
Nov 14, 2023
·
attack.initial_access
attack.t1190
cve.2022.27925
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Excel.EXE DCOM Lateral Movement Via ActivateMicrosoftApp
calendar
Nov 14, 2023
·
attack.t1021.003
attack.lateral_movement
·
Share on:
twitter
facebook
linkedin
copy
APT User Agent
calendar
Nov 13, 2023
·
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process By Web Server Process
calendar
Nov 11, 2023
·
attack.persistence
attack.t1505.003
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Files With System Process Name In Unsuspected Locations
calendar
Nov 10, 2023
·
attack.defense_evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
ISO Image Mounted
calendar
Nov 10, 2023
·
attack.initial_access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
NotPetya Ransomware Activity
calendar
Nov 10, 2023
·
attack.defense_evasion
attack.t1218.011
attack.t1070.001
attack.credential_access
attack.t1003.001
car.2016-04-002
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Portable Gpg.EXE Execution
calendar
Nov 10, 2023
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Potential NT API Stub Patching
calendar
Nov 10, 2023
·
attack.defense_evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Potentially Suspicious Target
calendar
Nov 10, 2023
·
attack.defense_evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Whoami.EXE Execution
calendar
Nov 10, 2023
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Nov 10, 2023
·
attack.execution
attack.defense_evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
smbexec.py Service Installation
calendar
Nov 10, 2023
·
attack.lateral_movement
attack.execution
attack.t1021.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Nov 10, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Nov 10, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Nov 10, 2023
·
attack.execution
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Nov 10, 2023
·
attack.execution
attack.t1059.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Nov 10, 2023
·
attack.execution
attack.t1059.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Shell Process Spawned by Java.EXE
calendar
Nov 10, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Nov 10, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Webshell Detection With Command Line Keywords
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell Hacking Activity Patterns
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell Tool Reconnaissance Activity
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Nov 9, 2023
·
attack.execution
attack.t1059.001
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Office Application Startup - Office Test
calendar
Nov 8, 2023
·
attack.persistence
attack.t1137.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AD User Enumeration From Non-Machine Account
calendar
Nov 8, 2023
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Nov 6, 2023
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense_evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Dynamic .NET Compilation Via Csc.EXE
calendar
Nov 6, 2023
·
attack.defense_evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Malware User Agent
calendar
Nov 6, 2023
·
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Download Activity
calendar
Nov 6, 2023
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Via CLI
calendar
Nov 6, 2023
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
calendar
Nov 6, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Nov 6, 2023
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
Port Forwarding Activity Via SSH.EXE
calendar
Nov 6, 2023
·
attack.command_and_control
attack.lateral_movement
attack.t1572
attack.t1021.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 6, 2023
·
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 6, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 6, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Weak or Abused Passwords In CLI
calendar
Nov 6, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot C2 Activity - Suspicious Process Created By Rundll32.EXE
calendar
Nov 6, 2023
·
attack.command_and_control
attack.t1573
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Discovery Activity - Suspicious Process Created By Rundll32.EXE
calendar
Nov 6, 2023
·
attack.discovery
attack.t1016
attack.t1049
attack.t1087
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Hollowing Activity - Suspicious Process Created By Rundll32.EXE
calendar
Nov 6, 2023
·
attack.defense_evasion
attack.t1055.012
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Disabled AV On Dev Drive via Registry
calendar
Nov 5, 2023
·
attack.defense.evasion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Reconnaissance/Enumeration Via LDAP
calendar
Nov 3, 2023
·
attack.discovery
attack.t1069.002
attack.t1087.002
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Google API
calendar
Nov 3, 2023
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Uncommon PowerShell Hosts
calendar
Nov 3, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Nov 2, 2023
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential_access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Nov 2, 2023
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential_access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - Weblogs
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2022.33891
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Apt GTFOBin Abuse - Linux
calendar
Nov 2, 2023
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Bitbucket Command Injection Via Archive API
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2022.36804
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Browser Started with Remote Debugging
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Capabilities Discovery - Linux
calendar
Nov 2, 2023
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level - PowerShell
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change the Fax Dll
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change User Account Associated with the FAX Service
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change User Agents with WebRequest
calendar
Nov 2, 2023
·
attack.command_and_control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-41773 Exploitation Attempt
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2021.41773
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-31656 VMware Workspace ONE Access Auth Bypass
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2022.31656
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-31659 VMware Workspace ONE Access RCE
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2022.31659
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell
calendar
Nov 2, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Cmdlet History Deleted
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Group Has Been Deleted Via Groupdel
calendar
Nov 2, 2023
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
ImagingDevices Unusual Parent/Child Processes
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Linux Webshell Indicators
calendar
Nov 2, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Log4j RCE CVE-2021-44228 in Fields
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2021.44228
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Defaultpack.exe Use As Proxy
calendar
Nov 2, 2023
·
attack.t1218
attack.defense_evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Runexehelper Use As Proxy
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Unregmp2.exe Use As Proxy
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Connection Strings Decryption
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Net WebClient Casing Anomalies
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
OWASSRF Exploitation Attempt Using Public POC - Proxy
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
OWASSRF Exploitation Attempt Using Public POC - Webserver
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sudoers Files
calendar
Nov 2, 2023
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - Process Creation
calendar
Nov 2, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - PS Script
calendar
Nov 2, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-46169 Exploitation Attempt
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
cve.2022.46169
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Stealing Via Chromium Headless Debugging
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - Linux
calendar
Nov 2, 2023
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - MacOS
calendar
Nov 2, 2023
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Execution Using Reflection.Assembly
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
Potential Keylogger Activity
calendar
Nov 2, 2023
·
attack.collection
attack.credential_access
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Notepad++ Plugins
calendar
Nov 2, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Nov 2, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Session Hijacking Activity
calendar
Nov 2, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Credential Dumping Activity
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential RipZip Attack on Startup Folder
calendar
Nov 2, 2023
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Potential SAM Database Dump
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Nov 2, 2023
·
attack.discovery
attack.persistence
attack.defense_evasion
attack.credential_access
attack.privilege_escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Windows Feature Enabled
calendar
Nov 2, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Windows Feature Enabled - ProcCreation
calendar
Nov 2, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get Clipboard
calendar
Nov 2, 2023
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Powershell Inline Execution From A File
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Remote Session Creation
calendar
Nov 2, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Process Creation
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Nov 2, 2023
·
attack.command_and_control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Named Pipe Impersonation
calendar
Nov 2, 2023
·
attack.lateral_movement
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
Rejetto HTTP File Server RCE
calendar
Nov 2, 2023
·
attack.initial_access
attack.t1190
attack.t1505.003
cve.2014.6287
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Nov 2, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - Security
calendar
Nov 2, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - System
calendar
Nov 2, 2023
·
attack.privilege_escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
SES Identity Has Been Deleted
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AgentExecutor PowerShell Execution
calendar
Nov 2, 2023
·
attack.defense_evasion
attack.t1218
·
Share on: