open-menu
closeme
Remote Access Tool Services Have Been Installed - Security
calendar
Dec 7, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Modification or Deletion of an AWS RDS Cluster
calendar
Dec 6, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack - Registry
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Rename Of Highly Relevant Binaries
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1036.003
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated Windows Installer
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Exploiting CVE-2019-1388
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1068
cve.2019-1388
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Msiexec Quiet Installation
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Non-privileged Usage of Reg or Powershell
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Permission Check Via Accesschk.EXE
calendar
Dec 1, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Dec 1, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-41379 Exploitation Attempt
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1068
cve.2021-41379
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Service Permissions Weakness
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Session Hijacking Activity
calendar
Dec 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Created as System
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process By Web Server Process
calendar
Dec 1, 2024
·
attack.persistence
attack.t1505.003
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RazerInstaller Explorer Subprocess
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1553
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation via Masqueraded XML File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.persistence
attack.t1036.005
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Dec 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Disk Cleanup
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using DismHost
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using PkgMgr and DISM
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass WSReset
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Setup16.EXE Execution With Custom .Lst File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ShellExec_RunDLL Call Via Ordinal
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of ShellExec_RunDLL
calendar
Dec 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Discovery - Linux
calendar
Dec 1, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - Linux
calendar
Dec 1, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
System Owner or User Discovery - Linux
calendar
Dec 1, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
COM Object Hijacking Via Modification Of Default System CLSID Default Value
calendar
Dec 1, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
All Rules Have Been Deleted From The Windows Firewall Configuration
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
CodePage Modification Via MODE.COM To Russian Language
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1203
cve.2023-38331
·
Share on:
twitter
facebook
linkedin
copy
GCP Access Policy Deleted
calendar
Dec 1, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
GCP Break-glass Container Workload Deployed
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Access Level Modified
calendar
Dec 1, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution - Filter Added
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpMove Tool Execution
calendar
Dec 1, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SOAPHound Execution
calendar
Dec 1, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Peach Sandstorm APT Process Activity Indicators
calendar
Dec 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pikabot Fake DLL Extension Execution Via Rundll32.EXE
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Dropper Script Execution Via WScript/CScript
calendar
Dec 1, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Peach Sandstorm APT C2 Communication Activity
calendar
Dec 1, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Dec 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot C2 Activity
calendar
Dec 1, 2024
·
attack.command-and-control
attack.t1573
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Discovery Activity
calendar
Dec 1, 2024
·
attack.discovery
attack.t1016
attack.t1049
attack.t1087
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Hollowing Activity
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1055.012
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Self Extraction Directive File Created
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Dec 1, 2024
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PUA - PingCastle Execution
calendar
Dec 1, 2024
·
attack.reconnaissance
attack.t1595
·
Share on:
twitter
facebook
linkedin
copy
PUA - PingCastle Execution From Potentially Suspicious Parent
calendar
Dec 1, 2024
·
attack.reconnaissance
attack.t1595
·
Share on:
twitter
facebook
linkedin
copy
Remote CHM File Download/Execution Via HH.EXE
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Mstsc.Exe From Suspicious Location
calendar
Dec 1, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Dec 1, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Self Extraction Directive File Created In Potentially Suspicious Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Dec 1, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
System Control Panel Item Loaded From Uncommon Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
System Disk And Volume Reconnaissance Via Wmic.EXE
calendar
Dec 1, 2024
·
attack.execution
attack.discovery
attack.t1047
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Connection to Active Directory Web Services
calendar
Dec 1, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Windows Filtering Platform Blocked Connection From EDR Agent Binary
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Creation of WerFault.exe/Wer.dll in Unusual Folder
calendar
Nov 29, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM IOCs
calendar
Nov 25, 2024
·
attack.credential-access
attack.command-and-control
attack.t1212
attack.t1071
attack.g0093
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CreateMiniDump Execution
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - GMER Rootkit Detector and Remover Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz LSASS Dumper Execution
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
cve.2023-21746
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Nov 25, 2024
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PPID Spoofing SelectMyParent Tool Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1134.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpEvtMute DLL Load
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEOP Execution
calendar
Nov 25, 2024
·
cve.2022-41120
attack.t1068
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Windows Credential Editor (WCE) Execution
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1003.001
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Execution - Imphash
calendar
Nov 25, 2024
·
attack.credential-access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
HackTool Named File Stream Created
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL Load By Compromised 3CXDesktopApp
calendar
Nov 25, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
PUA - Fast Reverse Proxy (FRP) Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nimgrab Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PUA - NPS Tunneling Tool Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
cve.2021-21551
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA- IOX Tunneling Tool Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution From Unusual Location
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AdFind Execution
calendar
Nov 25, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed NetSupport RAT Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable HackSys Extreme Vulnerable Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable WinRing0 Driver Load
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
WinDivert Driver Load
calendar
Nov 25, 2024
·
attack.collection
attack.defense-evasion
attack.t1599.001
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
ESXi Account Creation Via ESXCLI
calendar
Nov 20, 2024
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
ESXi Admin Permission Assigned To Account Via ESXCLI
calendar
Nov 20, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi Network Configuration Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Storage Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Syslog Configuration Change Via ESXCLI
calendar
Nov 20, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1562.003
·
Share on:
twitter
facebook
linkedin
copy
ESXi System Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM Kill Via ESXCLI
calendar
Nov 20, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM List Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VSAN Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
App Assigned To Azure RBAC/Microsoft Entra Role
calendar
Nov 20, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Potential File Extension Spoofing Using Right-to-Left Override
calendar
Nov 18, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 17, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Python Reverse Shell Execution Via PTY And Socket Modules
calendar
Nov 4, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY Via PTY Module
calendar
Nov 4, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Exploitation Framework Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1203
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Hacktool Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Password Dumper Detection
calendar
Nov 4, 2024
·
attack.credential-access
attack.t1003
attack.t1558
attack.t1003.001
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Ransomware Detection
calendar
Nov 4, 2024
·
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Relevant File Paths Alerts
calendar
Nov 4, 2024
·
attack.resource-development
attack.t1588
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Web Shell Detection
calendar
Nov 4, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Monero Crypto Coin Mining Pool Lookup
calendar
Nov 4, 2024
·
attack.impact
attack.t1496
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created by Outlook Process
calendar
Nov 4, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Paste sharing url in reverse order
calendar
Nov 4, 2024
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Command Executed Via Run Dialog Box - Registry
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created By Uncommon Application
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Portable Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Quick Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Connections Cleanup
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnels Related DNS Requests
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Creation Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Extraction Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Potentially Suspicious Child Process
calendar
Nov 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
DLL Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Firewall Configuration Discovery Via Netsh.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Forfiles.EXE Child Process Masquerading
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EfsPotato Named Pipe Creation
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - NoFilter Execution
calendar
Nov 1, 2024
·
attack.privilege-escalation
attack.t1134
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Decoded From Images
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Direct Syscall of NtOpenProcess
calendar
Nov 1, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AppCompat RegisterAppRestart Layer
calendar
Nov 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious AccessMask Requested From LSASS
calendar
Nov 1, 2024
·
attack.credential-access
car.2019-04-004
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Command Targeting Teams Sensitive Files
calendar
Nov 1, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
PSScriptPolicyTest Creation By Uncommon Process
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed Cloudflared.EXE Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - Task Scheduler
calendar
Nov 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using Ioreg
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using sw_vers
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using System_Profiler
calendar
Nov 1, 2024
·
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
System Integrity Protection (SIP) Disabled
calendar
Nov 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
System Integrity Protection (SIP) Enumeration
calendar
Nov 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - PSClassic
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - ScriptBlockLogging
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon File Created In Office Startup Folder
calendar
Nov 1, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon System Information Discovery Via Wmic.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
New Connection Initiated To Potential Dead Drop Resolver Domain
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Curl.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Wget.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Service Tampering
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet Signing Level Requirements By File Under Validation
calendar
Oct 8, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed Powershell Under Powershell Channel
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non PowerShell WSMAN COM Provider
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certipy Execution
calendar
Oct 8, 2024
·
attack.discovery
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts Pipe
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Local System Accounts Discovery - Linux
calendar
Oct 8, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender Functionalities Via Registry Keys
calendar
Oct 8, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Files
calendar
Oct 8, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious JWT Token Search Via CLI
calendar
Oct 6, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Potential Python DLL SideLoading
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging/Processing Option Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
HTTP Logging Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
New Module Module Added To IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Previously Installed IIS Module Was Removed
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Proxy)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Webserver
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Devtunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Oct 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2023-46214 Using Public POC Code
calendar
Oct 1, 2024
·
cve.2023-46214
detection.emerging-threats
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Webserver
calendar
Oct 1, 2024
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Generic Process Access
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To DevTunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Permission Misconfiguration Reconnaissance Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Portable Gpg.EXE Execution
calendar
Oct 1, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-46214 Exploitation Attempt
calendar
Oct 1, 2024
·
attack.lateral-movement
attack.t1210
cve.2023-46214
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Excel.EXE DCOM Lateral Movement Via ActivateMicrosoftApp
calendar
Oct 1, 2024
·
attack.t1021.003
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Process Code Injection Via DD Utility
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1055.009
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious GrantedAccess Flags On LSASS
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Execution With Potential Decryption Capabilities
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Security Tools Keyword Lookup Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Patching Activity
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Oct 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution Anomaly
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution From Privileged Process
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution With Output Option
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Linux HackTool Execution
calendar
Sep 22, 2024
·
attack.execution
attack.resource-development
attack.t1587
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning Tools Execution
calendar
Sep 22, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - MeshAgent Command Execution via MeshCentral
calendar
Sep 22, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Registry Key - Write Access Requested
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-time Protection Disabled
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Detect MeshAgent Command Execution via MeshCentral
calendar
Sep 21, 2024
·
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Search for Antivirus process
calendar
Sep 20, 2024
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Remote Access Software Domain From Non-Browser App
calendar
Sep 13, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To BTunnels Domains
calendar
Sep 13, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
PwnKit Local Privilege Escalation
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Sep 13, 2024
·
attack.execution
attack.privilege-escalation
attack.resource-development
attack.t1587
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DInjector PowerShell Cradle Execution
calendar
Sep 13, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LPE InstallerFileTakeOver PoC CVE-2021-41379
calendar
Sep 13, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Possible CVE-2021-1675 Print Spooler Exploitation
calendar
Sep 13, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Exploit CVE-2019-0708
calendar
Sep 13, 2024
·
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Potential SAM Database Dump
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Scanner PoC for CVE-2019-0708 RDP RCE Vuln
calendar
Sep 13, 2024
·
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rejected SMB Guest Logon From IP
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Cicada Ransomware PSExec File Creation
calendar
Sep 9, 2024
·
attack.lateral-movement
attack.execution
attack.t1570
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Cicada3301 Ransomware Execution via PSExec
calendar
Sep 9, 2024
·
attack.execution
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets
calendar
Sep 9, 2024
·
attack.defense-evasion
attack.impact
attack.t1578
attack.t1578.003
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
IISReset Used to Stop IIS Services
calendar
Sep 9, 2024
·
attack.impact
attack.defense-evasion
attack.t1562
attack.t1562.001
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Right-to-Left Override
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Startup/Logon Script Added to Group Policy Object
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Persistence and Execution at Scale via GPO Scheduled Task
calendar
Sep 6, 2024
·
attack.persistence
attack.lateral-movement
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Abuse for Privilege Addition
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Process Deletion of Its Own Executable
calendar
Sep 3, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dism Remove Online Package
calendar
Sep 3, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Feature Enabled Via DISM
calendar
Sep 3, 2024
·
attack.persistence
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Installation - PsScript
calendar
Sep 3, 2024
·
attack.persistence
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Incoming Connection
calendar
Sep 2, 2024
·
attack.persistence
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Capsh Shell Invocation - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Inline Python Execution - Spawn Shell Via OS System Library
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution GCC - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Find - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Flock - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Git - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Nice - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Rsync - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Apt - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Env Command - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation Via Ssh - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invocation of Shell via AWK - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vim GTFOBin Abuse - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Versioning Disable
calendar
Sep 2, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Certificate Use With No Strong Mapping
calendar
Sep 2, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Sep 2, 2024
·
attack.persistence
attack.t1136.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DLL Sideloading Indicators
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DNS Communication Indicators
calendar
Sep 2, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Process Activity Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation - Registry
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2020-1472 - Execution of ZeroLogon PoC
calendar
Sep 2, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
cve.2020-1472
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicators Of CVE-2023-20198
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP URL Via Curl.EXE
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32 - GuLoader Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Kerberoasting Activity - Initial Query
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Creation Via Taskmgr.EXE
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
New Okta User Created
calendar
Sep 2, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Via CLI
calendar
Sep 2, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Okta 2023 Breach Indicator Of Compromise
calendar
Sep 2, 2024
·
attack.credential-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Functions Access Through Proxy
calendar
Sep 2, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
OneNote.EXE Execution of Malicious Embedded Scripts
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Onyx Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-44228 Exploitation Attempt - VMware Horizon
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2021-44228
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-22954 Exploitation Attempt - VMware Workspace ONE Access Remote Code Execution
calendar
Sep 2, 2024
·
attack.execution
attack.initial-access
attack.t1059.006
attack.t1190
cve.2022-22954
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Sep 2, 2024
·
attack.persistence
attack.t1505.001
cve.2023-27363
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
calendar
Sep 2, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 2
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 3
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
<