open-menu
closeme
ESXi Account Creation Via ESXCLI
calendar
Nov 20, 2024
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
ESXi Admin Permission Assigned To Account Via ESXCLI
calendar
Nov 20, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi Network Configuration Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Storage Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi Syslog Configuration Change Via ESXCLI
calendar
Nov 20, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1562.003
·
Share on:
twitter
facebook
linkedin
copy
ESXi System Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM Kill Via ESXCLI
calendar
Nov 20, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ESXi VM List Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
ESXi VSAN Information Discovery Via ESXCLI
calendar
Nov 20, 2024
·
attack.discovery
attack.t1033
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
App Assigned To Azure RBAC/Microsoft Entra Role
calendar
Nov 20, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Potential File Extension Spoofing Using Right-to-Left Override
calendar
Nov 18, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 17, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Nov 13, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Python Reverse Shell Execution Via PTY And Socket Modules
calendar
Nov 4, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY Via PTY Module
calendar
Nov 4, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Exploitation Framework Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1203
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Hacktool Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Password Dumper Detection
calendar
Nov 4, 2024
·
attack.credential-access
attack.t1003
attack.t1558
attack.t1003.001
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Ransomware Detection
calendar
Nov 4, 2024
·
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Relevant File Paths Alerts
calendar
Nov 4, 2024
·
attack.resource-development
attack.t1588
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Web Shell Detection
calendar
Nov 4, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Monero Crypto Coin Mining Pool Lookup
calendar
Nov 4, 2024
·
attack.impact
attack.t1496
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created by Outlook Process
calendar
Nov 4, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Paste sharing url in reverse order
calendar
Nov 4, 2024
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Command Executed Via Run Dialog Box - Registry
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created By Uncommon Application
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Portable Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Quick Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Connections Cleanup
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnels Related DNS Requests
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Creation Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Extraction Via Tar.EXE
calendar
Nov 1, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Potentially Suspicious Child Process
calendar
Nov 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
DLL Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Firewall Configuration Discovery Via Netsh.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Forfiles.EXE Child Process Masquerading
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EfsPotato Named Pipe Creation
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - NoFilter Execution
calendar
Nov 1, 2024
·
attack.privilege-escalation
attack.t1134
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool Named File Stream Created
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Decoded From Images
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Direct Syscall of NtOpenProcess
calendar
Nov 1, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AppCompat RegisterAppRestart Layer
calendar
Nov 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious AccessMask Requested From LSASS
calendar
Nov 1, 2024
·
attack.credential-access
car.2019-04-004
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Command Targeting Teams Sensitive Files
calendar
Nov 1, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
PSScriptPolicyTest Creation By Uncommon Process
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Renamed Cloudflared.EXE Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - Task Scheduler
calendar
Nov 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Greedy Compression Using Rar.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using Ioreg
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using sw_vers
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using System_Profiler
calendar
Nov 1, 2024
·
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
System Integrity Protection (SIP) Disabled
calendar
Nov 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
System Integrity Protection (SIP) Enumeration
calendar
Nov 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - PSClassic
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - ScriptBlockLogging
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon File Created In Office Startup Folder
calendar
Nov 1, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon System Information Discovery Via Wmic.EXE
calendar
Nov 1, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
COM Object Hijacking Via Modification Of Default System CLSID Default Value
calendar
Oct 25, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
New Connection Initiated To Potential Dead Drop Resolver Domain
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From File Sharing Domain Via PowerShell.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Curl.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Domain Via Wget.EXE
calendar
Oct 25, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Service Tampering
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet Signing Level Requirements By File Under Validation
calendar
Oct 8, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed Powershell Under Powershell Channel
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non PowerShell WSMAN COM Provider
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certipy Execution
calendar
Oct 8, 2024
·
attack.discovery
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts Pipe
calendar
Oct 8, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Local System Accounts Discovery - Linux
calendar
Oct 8, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender Functionalities Via Registry Keys
calendar
Oct 8, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Files
calendar
Oct 8, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious JWT Token Search Via CLI
calendar
Oct 6, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Potential Python DLL SideLoading
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging/Processing Option Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
HTTP Logging Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
New Module Module Added To IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Previously Installed IIS Module Was Removed
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Proxy)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Webserver
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Devtunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Oct 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2023-46214 Using Public POC Code
calendar
Oct 1, 2024
·
cve.2023-46214
detection.emerging-threats
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
F5 BIG-IP iControl Rest API Command Execution - Webserver
calendar
Oct 1, 2024
·
attack.execution
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Generic Process Access
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Malicious Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To DevTunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Permission Misconfiguration Reconnaissance Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Portable Gpg.EXE Execution
calendar
Oct 1, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-46214 Exploitation Attempt
calendar
Oct 1, 2024
·
attack.lateral-movement
attack.t1210
cve.2023-46214
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Excel.EXE DCOM Lateral Movement Via ActivateMicrosoftApp
calendar
Oct 1, 2024
·
attack.t1021.003
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Process Code Injection Via DD Utility
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1055.009
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Electron Application CommandLine
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious GrantedAccess Flags On LSASS
calendar
Oct 1, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Execution With Potential Decryption Capabilities
calendar
Oct 1, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - Security
calendar
Oct 1, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Security Tools Keyword Lookup Via Findstr.EXE
calendar
Oct 1, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Patching Activity
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process For Cmd.EXE
calendar
Oct 1, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Driver Load By Name
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.t1543.003
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution Anomaly
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution From Privileged Process
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Whoami.EXE Execution With Output Option
calendar
Oct 1, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Linux HackTool Execution
calendar
Sep 22, 2024
·
attack.execution
attack.resource-development
attack.t1587
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning Tools Execution
calendar
Sep 22, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - MeshAgent Command Execution via MeshCentral
calendar
Sep 22, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Registry Key - Write Access Requested
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-time Protection Disabled
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Detect MeshAgent Command Execution via MeshCentral
calendar
Sep 21, 2024
·
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Search for Antivirus process
calendar
Sep 20, 2024
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Remote Access Software Domain From Non-Browser App
calendar
Sep 13, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To BTunnels Domains
calendar
Sep 13, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
PwnKit Local Privilege Escalation
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Sep 13, 2024
·
attack.execution
attack.privilege-escalation
attack.resource-development
attack.t1587
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DInjector PowerShell Cradle Execution
calendar
Sep 13, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LPE InstallerFileTakeOver PoC CVE-2021-41379
calendar
Sep 13, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - PoshModule
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Possible CVE-2021-1675 Print Spooler Exploitation
calendar
Sep 13, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Exploit CVE-2019-0708
calendar
Sep 13, 2024
·
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Potential SAM Database Dump
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Scanner PoC for CVE-2019-0708 RDP RCE Vuln
calendar
Sep 13, 2024
·
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rejected SMB Guest Logon From IP
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Cicada Ransomware PSExec File Creation
calendar
Sep 9, 2024
·
attack.lateral-movement
attack.execution
attack.t1570
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Cicada3301 Ransomware Execution via PSExec
calendar
Sep 9, 2024
·
attack.execution
attack.t1569
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets
calendar
Sep 9, 2024
·
attack.defense-evasion
attack.impact
attack.t1578
attack.t1578.003
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
IISReset Used to Stop IIS Services
calendar
Sep 9, 2024
·
attack.impact
attack.defense-evasion
attack.t1562
attack.t1562.001
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Right-to-Left Override
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Startup/Logon Script Added to Group Policy Object
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Persistence and Execution at Scale via GPO Scheduled Task
calendar
Sep 6, 2024
·
attack.persistence
attack.lateral-movement
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Abuse for Privilege Addition
calendar
Sep 6, 2024
·
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Process Deletion of Its Own Executable
calendar
Sep 3, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dism Remove Online Package
calendar
Sep 3, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Feature Enabled Via DISM
calendar
Sep 3, 2024
·
attack.persistence
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Installation - PsScript
calendar
Sep 3, 2024
·
attack.persistence
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Incoming Connection
calendar
Sep 2, 2024
·
attack.persistence
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Capsh Shell Invocation - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Inline Python Execution - Spawn Shell Via OS System Library
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution GCC - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Find - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Flock - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Git - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Nice - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution via Rsync - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Apt - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation via Env Command - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Shell Invocation Via Ssh - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invocation of Shell via AWK - Linux
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Vim GTFOBin Abuse - Linux
calendar
Sep 2, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Versioning Disable
calendar
Sep 2, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Certificate Use With No Strong Mapping
calendar
Sep 2, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Sep 2, 2024
·
attack.persistence
attack.t1136.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DLL Sideloading Indicators
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DNS Communication Indicators
calendar
Sep 2, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Process Activity Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation - Registry
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2020-1472 - Execution of ZeroLogon PoC
calendar
Sep 2, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
cve.2020-1472
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicators Of CVE-2023-20198
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP URL Via Curl.EXE
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32 - GuLoader Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Kerberoasting Activity - Initial Query
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Creation Via Taskmgr.EXE
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
New Okta User Created
calendar
Sep 2, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Via CLI
calendar
Sep 2, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Okta 2023 Breach Indicator Of Compromise
calendar
Sep 2, 2024
·
attack.credential-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Functions Access Through Proxy
calendar
Sep 2, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
OneNote.EXE Execution of Malicious Embedded Scripts
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Onyx Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-44228 Exploitation Attempt - VMware Horizon
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2021-44228
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-22954 Exploitation Attempt - VMware Workspace ONE Access Remote Code Execution
calendar
Sep 2, 2024
·
attack.execution
attack.initial-access
attack.t1059.006
attack.t1190
cve.2022-22954
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Sep 2, 2024
·
attack.persistence
attack.t1505.001
cve.2023-27363
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
calendar
Sep 2, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 2
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 3
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream - CLI
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Proxy
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2023-43621
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Web
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2023-43621
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - Dynamic Compilation Via Csc.EXE
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Okta Password in AlternateID Field
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created By Non-PowerShell Process
calendar
Sep 2, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Execution Policy Enabled
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Initial Execution From External Drive
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Subsequent Execution of Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Command Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect File Transfer
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Temporary File
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed VsCode Code Tunnel Execution - File Indicator
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery Via Powershell Script
calendar
Sep 2, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Serpent Backdoor Payload Execution Via Scheduled Task
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LNK Double Extension File Created
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Sysmon as Execution Parent
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.t1068
cve.2022-41120
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Remote File Creation
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Service Installation
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Shell Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
A Rule Has Been Deleted From The Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AppX Package Locations
calendar
Aug 29, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon New Firewall Rule Added In Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - macOS
calendar
Aug 29, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Filter Driver Disallowed On Dev Drive - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Emotet Loader Execution Via .LNK File
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Activity
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Explorer Folder Opened Using Explorer Folder Shortcut Via Shell
calendar
Aug 29, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpWSUS/WSUSpendu Execution
calendar
Aug 29, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SOAPHound Execution
calendar
Aug 29, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key - CommandLine
calendar
Aug 29, 2024
·
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Via .NET Reflection
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-29072 Exploitation Attempt
calendar
Aug 29, 2024
·
attack.execution
cve.2022-29072
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - File Activity
calendar
Aug 29, 2024
·
attack.initial-access
attack.t1190
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Local Kerberos Relay over LDAP
calendar
Aug 29, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering - ProcCreation
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Connection to Active Directory Web Services
calendar
Aug 29, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Cab File Extraction Via Wusa.EXE From Potentially Suspicious Paths
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
COM Object Execution via Xwizard.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
New Capture Session Launched Via DXCap.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Injection Via AccCheckConsole
calendar
Aug 29, 2024
·
attack.execution
detection.threat-hunting
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious EventLog Recon Activity Using Log Query Utilities
calendar
Aug 29, 2024
·
attack.credential-access
attack.discovery
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump via RdrLeakDiag.EXE
calendar
Aug 29, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Program Executed Using Proxy/Local Command Via SSH.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Relevant Anti-Virus Signature Keywords In Application Log
calendar
Aug 29, 2024
·
attack.resource-development
attack.t1588
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Sigverif.EXE Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Wusa.EXE Executed By Parent Process Located In Suspicious Location
calendar
Aug 29, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Xwizard.EXE Execution From Non-Default Location
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Reconnaissance/Enumeration Via LDAP
calendar
Aug 27, 2024
·
attack.discovery
attack.t1069.002
attack.t1087.002
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Disable Important Scheduled Task
calendar
Aug 26, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Put.io - DNS Client
calendar
Aug 23, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location
calendar
Aug 23, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote AppX Package Locations
calendar
Aug 23, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Driver Added To Disallowed Images In HVCI - Registry
calendar
Aug 21, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Hidden Flag Set On File/Directory Via Chflags - MacOS
calendar
Aug 21, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
User Risk and MFA Registration Policy Updated
calendar
Aug 21, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Multi Factor Authentication Disabled For User Account
calendar
Aug 21, 2024
·
attack.credential-access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Data Export From MSSQL Table Via BCP.EXE
calendar
Aug 20, 2024
·
attack.execution
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32.EXE Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution of UDL File
calendar
Aug 16, 2024
·
attack.execution
attack.t1218.011
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Aug 16, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LaZagne Execution
calendar
Aug 16, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Capture Wi-Fi password
calendar
Aug 14, 2024
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Powershell
calendar
Aug 13, 2024
·
attack.defense-evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
7Zip Compressing Dump Files
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Added to a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Removed From a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A New Trust Was Created To A Domain
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Security-Enabled Global Group Was Deleted
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Abusable DLL Potential Sideloading From Suspicious Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abused Debug Privilege by Arbitrary Parent Processes
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Access To ADMIN$ Network Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Access to Browser Login Data
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Access To Crypto Currency Wallets By Uncommon Applications
calendar
Aug 12, 2024
·
attack.t1003
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Access To Potentially Sensitive Sysvol Files By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows Credential History File By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows DPAPI Master Keys By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Account Created And Deleted Within A Close Time Frame
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Account Disabled or Blocked for Sign in Attempts
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Account Lockout
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Certificate Services Denied Certificate Enrollment Request
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Computers Enumeration With Get-AdComputer
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Database Snapshot Via ADExplorer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Group Enumeration With Get-AdGroup
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Kerberos DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Parsing DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Replication from Non Machine Account
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Csvde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Activity from Anonymous IP Addresses
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity from Infrequent Country
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity from Suspicious IP Addresses
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity Performed by Terminated User
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - PoshModule
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
AD Groups Or Users Enumeration Using PowerShell - ScriptBlock
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
AD Object WriteDAC Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
AD Privileged Users or Groups Reconnaissance
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability with Risky EKU
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add or Remove Computer from DC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Add SafeBoot Keys Via Reg Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Cmdlet
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Add Windows Capability Via PowerShell Script
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Added Credentials to Existing Application
calendar
Aug 12, 2024
·
attack.t1098.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Added Owner To Application
calendar
Aug 12, 2024
·
attack.t1552
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
AddinUtil.EXE Execution From Uncommon Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Addition of SID History to Active Directory Object
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1134.005
·
Share on:
twitter
facebook
linkedin
copy
ADFS Database Named Pipe Connection By Uncommon Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Admin User Remote Logon
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1078.001
attack.t1078.002
attack.t1078.003
car.2016-04-005
·
Share on:
twitter
facebook
linkedin
copy
ADS Zone.Identifier Deleted By Uncommon Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
ADSelfService Exploitation
calendar
Aug 12, 2024
·
cve.2021-40539
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
ADSI-Cache File Creation By Uncommon Tool
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Advanced IP Scanner - File Event
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT File Artifact
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
All Backups Deleted Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
All Rules Have Been Deleted From The Windows Firewall Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Allow Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Alternate PowerShell Hosts - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated MSI Spawned Cmd And Powershell
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Always Install Elevated Windows Installer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
AMSI Bypass Pattern Assembly GetType
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Loaded Via LOLBIN Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Anomalous Token
calendar
Aug 12, 2024
·
attack.t1528
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Anomalous User Activity
calendar
Aug 12, 2024
·
attack.t1098
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1528
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Remote Access Software Service Installation
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Temporary Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Apache Segmentation Fault
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - ProcessCreation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-33891
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - Weblogs
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-33891
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Apache Threading Error
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.t1190
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
App Granted Microsoft Permissions
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.privilege-escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application Removed Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Terminated Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Application Uninstalled
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Aug 12, 2024
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
AppX Package Installation Attempts Via AppInstaller.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
APT PRIVATELOG Image Load Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
APT27 - Emissary Panda Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign File Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT31 Judgement Panda Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.credential-access
attack.g0128
attack.t1003.001
attack.t1560.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT40 Dropbox Tool User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Binary Execution Using GUP Utility
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via ConfigSecurityPolicy.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via GfxDownloadWrapper.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary Shell Command Execution Via Settingcontent-Ms
calendar
Aug 12, 2024
·
attack.t1204
attack.t1566.001
attack.execution
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Arcadyan Router Exploitations
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-20090
cve.2021-20091
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Aruba Network Service Potential DLL Sideloading
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
AspNetCompiler Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Assembly DLL Creation Via AspNetCompiler
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Assembly Loading Via CL_LoadAssembly.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Atera Agent Installation
calendar
Aug 12, 2024
·
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Bitbucket Command Injection Via Archive API
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-36804
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Confluence CVE-2022-26134
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2022-26134
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture via PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audio Capture via SoundRecorder
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.privilege-escalation
attack.t1068
attack.defense-evasion
attack.t1211
attack.credential-access
attack.t1212
attack.lateral-movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via NT Resource Kit Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Auditing Configuration Changes on Linux Host
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
Authentications To Important Apps Using Single Factor Authentication
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Bookmarks Using Get-ChildItem PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Command PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Command Prompt
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
AWS Attached Malicious Lambda Layer
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Config Disabling Channel/Recorder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Console GetSigninToken Potential Abuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.007
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Disable EBS Encryption
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Startup Shell Script Change
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS ECS Task Definition That Queries The Credential Endpoint
calendar
Aug 12, 2024
·
attack.persistence
attack.t1525
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS Fileshare Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS Fileshare Mount Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
AWS EKS Cluster Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
AWS Glue Development Endpoint Activity
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS GuardDuty Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Backdoor Users Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Identity Center Identity Provider Change
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Master Password Change
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
AWS Root Credentials
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Data Management Tampering
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS SecurityHub Findings Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
AWS Snapshot Backup Exfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS STS AssumeRole Misuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS STS GetSessionToken Misuse
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1548
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Suspicious SAML Activity
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
attack.lateral-movement
attack.t1548
attack.privilege-escalation
attack.t1550
attack.t1550.001
·
Share on:
twitter
facebook
linkedin
copy
AWS User Login Profile Was Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory Hybrid Health AD FS New Server
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1578
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory Hybrid Health AD FS Service Delete
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1578.003
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Account Credential Leaked
calendar
Aug 12, 2024
·
attack.t1589
attack.reconnaissance
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Health Monitoring Agent Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Health Service Agents Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Only Single Factor Authentication Required
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Credential Modified
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Gateway Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Security Group Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Container Registry Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Device No Longer Managed or Compliant
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Device or Configuration Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Azure DNS Zone Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Domain Federation Settings Modified
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Rule Collection Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Rule Configuration Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Key Vault Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Keyvault Key Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Keyvault Secrets Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Admission Controller
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Cluster Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Events Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Network Policy Change
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Pods Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes RoleBinding/ClusterRoleBinding Modified and Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Secret or Config Object Access
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Sensitive Role Access
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Service Account Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Firewall Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Security Configuration Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure New CloudShell Created
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Azure Owner Removed From Application or Service Principal
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Point-to-site VPN Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Created
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Removed
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Subscription Permission Elevation Via ActivityLogs
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Subscription Permission Elevation Via AuditLogs
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Azure Suppression Rule Created
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Unusual Authentication Interruption
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Azure Virtual Network Device Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Virtual Network Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure VPN Connection Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Backup Catalog Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Backup Files Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Powershell Code Artifacts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Aug 12, 2024
·
attack.t1027
attack.defense-evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Base64 MZ Header In CommandLine
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Bash Interactive Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Audit Log Configuration Updated
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Full Data Export Triggered
calendar
Aug 12, 2024
·
attack.collection
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Permission Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Secret Scanning Rule Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global SSH Settings Changed
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.t1562.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Project Secret Scanning Allowlist Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Secret Scanning Exempt Repository Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Secret Scanning Rule Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Unauthorized Access To A Resource
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1586
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Unauthorized Full Data Export Triggered
calendar
Aug 12, 2024
·
attack.collection
attack.resource-development
attack.t1213.003
attack.t1586
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Details Export Attempt Detected
calendar
Aug 12, 2024
·
attack.collection
attack.reconnaissance
attack.discovery
attack.t1213
attack.t1082
attack.t1591.004
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Login Failure
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Login Failure Via SSH
calendar
Aug 12, 2024
·
attack.t1021.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Permissions Export Attempt
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1213
attack.t1082
attack.t1591.004
·
Share on:
twitter
facebook
linkedin
copy
Bitlocker Key Retrieval
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
BitLockerTogo.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From Direct IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download To Potential Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Downloading File Potential Suspicious Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job With Uncommon Or Suspicious Remote TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon TLD
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Blackbyte Ransomware Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
BlueSky Ransomware Artefacts
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
BPFDoor Abnormal Process ID or Lock File Accessed
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Bpfdoor TCP Ports Redirect
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
BPFtrace Unsafe Option Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Browser Execution In Headless Mode
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Browser Started with Remote Debugging
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Buffer Overflow Attempts
calendar
Aug 12, 2024
·
attack.t1068
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Bulk Deletion Changes To Privileged Account Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using Event Viewer
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via CMSTP
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via Fodhelper.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via WSReset.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
C# IL Code Compilation Via Ilasm.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Removed by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Updated by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Capabilities Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Capture Credentials with Rpcping.exe
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Cat Sudoers
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1592.004
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported From Local Certificate Store
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1552.004
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell - ScriptBlock
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Certificate Private Key Acquired
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Certificate Request Export to Exchange Webserver
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Certificate-Based Authentication Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Chafer Malware URL Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association To Executable Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change PowerShell Policies to an Insecure Level - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Change the Fax Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
attack.persistence
attack.defense-evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Change User Account Associated with the FAX Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change User Agents with WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Change Winevt Channel Access Permission Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Changes to Device Registration Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484
·
Share on:
twitter
facebook
linkedin
copy
Changes To PIM Settings
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Changing Existing Service ImagePath Value Via Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Chmod Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Headless Execution To Mockbin Like Site
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Cisco ASA FTD Exploit CVE-2020-3452
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2020-3452
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Clear Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Cisco Collect Data
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.collection
attack.t1087.001
attack.t1552.001
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Cisco Crypto Commands
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.t1553.004
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Cisco Denial of Service
calendar
Aug 12, 2024
·
attack.impact
attack.t1495
attack.t1529
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Cisco Disabling Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Cisco Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
attack.t1201
attack.t1057
attack.t1018
attack.t1082
attack.t1016
attack.t1049
attack.t1033
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Cisco Duo Successful MFA Authentication Via Bypass Code
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Cisco File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070.004
attack.t1561.001
attack.t1561.002
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Local Accounts
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Cisco Modify Configuration
calendar
Aug 12, 2024
·
attack.persistence
attack.impact
attack.t1490
attack.t1505
attack.t1565.002
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Cisco Show Commands Input
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
Cisco Sniffing
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Cisco Stage Data
calendar
Aug 12, 2024
·
attack.collection
attack.lateral-movement
attack.command-and-control
attack.exfiltration
attack.t1074
attack.t1105
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Citrix ADS Exploitation CVE-2020-8193 CVE-2020-8195
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-8193
cve.2020-8195
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Citrix Netscaler Attack CVE-2019-19781
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2019-19781
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Clear Linux Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Clearing Windows Console History
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Cleartext Protocol Usage
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Cleartext Protocol Usage Via Netflow
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
ClickOnce Trust Prompt Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection of Image Data with Xclip Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection with Xclip Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Collection with Xclip Tool - Auditd
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Clipboard Data Collection Via OSAScript
calendar
Aug 12, 2024
·
attack.collection
attack.execution
attack.t1115
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
CLR DLL Loaded Via Office Applications
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Cmd.EXE Missing Space Characters Execution Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
attack.execution
attack.t1559.001
attack.g0069
attack.g0080
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Registry Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Cobalt Strike DNS Beaconing
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Pattern Regex
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Patterns
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
stp.1k
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - Security
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - System
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Code Executed Via Office Add-in XLL File
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Code Execution via Pcwutl.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Code Injection by ld.so Preload
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Driver Load With Revoked Certificate
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Image Load With Revoked Certificate
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Blocked Image/Driver Load For Policy Violation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Disallowed File For Protected Processes Has Been Blocked
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Revoked Image Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Revoked Kernel Driver Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unmet WHQL Requirements For Loaded Kernel Module
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unsigned Image Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodeIntegrity - Unsigned Kernel Module Loaded
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
CodePage Modification Via MODE.COM To Russian Language
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COM Hijack via Sdclt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
COM Hijacking via TreatAs
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Commands to Clear or Remove the Syslog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Commands to Clear or Remove the Syslog - Builtin
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Common Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Communication To LocaltoNet Tunneling Service Initiated
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.t1090
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Communication To LocaltoNet Tunneling Service Initiated - Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.t1090
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service Initiated
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Communication To Uncommon Destination Ports
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Compress Data and Lock With Password for Exfiltration With 7-ZIP
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compress Data and Lock With Password for Exfiltration With WINZIP
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Computer Discovery And Export Via Get-ADComputer Cmdlet - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Computer Password Change Via Ksetup.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Computer System Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
ComRAT Network Communication
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.g0010
·
Share on:
twitter
facebook
linkedin
copy
Confluence Exploitation CVE-2019-3398
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2019-3398
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Conhost.exe CommandLine Path Traversal
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Connection Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Console CodePage Lookup Via CHCP
calendar
Aug 12, 2024
·
attack.discovery
attack.t1614.001
·
Share on:
twitter
facebook
linkedin
copy
Container Residence Discovery Via Proc Virtual FS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Container With A hostPath Mount Created
calendar
Aug 12, 2024
·
attack.t1611
·
Share on:
twitter
facebook
linkedin
copy
Conti NTDS Exfiltration Command
calendar
Aug 12, 2024
·
attack.collection
attack.t1560
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Conti Volume Shadow Listing
calendar
Aug 12, 2024
·
attack.t1587.001
attack.resource-development
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Copy .DMP/.DUMP Files From Remote Share Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Copy From Or To Admin Share Or Sysvol Folder
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.exfiltration
attack.t1039
attack.t1048
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Copy From VolumeShadowCopy Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Copy Passwd Or Shadow From TMP Path
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Copying Sensitive Files with Credential Data
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
car.2013-07-001
attack.s0404
·
Share on:
twitter
facebook
linkedin
copy
CosmicDuke Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CrashControl CrashDump Disabled
calendar
Aug 12, 2024
·
attack.t1564
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Create Volume Shadow Copy with Powershell
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
CreateDump Process Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Exe for Service with Unquoted Path
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Diagcab
calendar
Aug 12, 2024
·
attack.resource-development
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Local Hidden User Account by Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of A Local User Account
calendar
Aug 12, 2024
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Creation Of a Suspicious ADS File Outside a Browser Download
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Creation Of An User Account
calendar
Aug 12, 2024
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Creation of an WerFault.exe in Unusual Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Pod In System Namespace
calendar
Aug 12, 2024
·
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Cred Dump Tools Dropped Files
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.t1003.002
attack.t1003.003
attack.t1003.004
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Activity By Python Based Tool
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0349
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Attempt Via Svchost
calendar
Aug 12, 2024
·
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Attempt Via WerFault
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - Security
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - System
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Credential Manager Access By Uncommon Applications
calendar
Aug 12, 2024
·
attack.t1003
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Credentials from Password Stores - Keychain
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.001
·
Share on:
twitter
facebook
linkedin
copy
Credentials In Files
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Credentials In Files - Linux
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
CredUI.DLL Loaded By Uncommon Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Critical Hive In Suspicious Location Access Bits Cleared
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Crontab Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Cross Site Scripting Strings
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1189
·
Share on:
twitter
facebook
linkedin
copy
Crypto Miner User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense-evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Cscript/Wscript Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
CSExec Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
CSExec Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Curl Usage on Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Curl Web Request With Potential Custom User-Agent
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
CurrentControlSet Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion NT Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
CVE-2010-5278 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2010-5278
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-0688 Exchange Exploitation via Web Log
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-0688
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-0688 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-0688
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-0688 Exploitation via Eventlog
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-0688
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-10148 SolarWinds Orion API Auth Bypass
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-10148
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-5902 F5 BIG-IP Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-5902
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation IPC Access
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
cve.2021-1675
cve.2021-34527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-21972 VSphere Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-21972
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-21978 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-21978
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-26858 Exchange Exploitation
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
cve.2021-26858
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1566
attack.t1203
cve.2021-33771
cve.2021-31979
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits by Sourgum
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1566
attack.t1203
cve.2021-33771
cve.2021-31979
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-33766 Exchange ProxyToken Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-33766
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
cve.2021-40539
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-41773 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-41773
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-44077 POC Default Dropped File
calendar
Aug 12, 2024
·
attack.execution
cve.2021-44077
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-24527 Microsoft Connected Cache LPE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1059.001
cve.2022-24527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-31656 VMware Workspace ONE Access Auth Bypass
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-31656
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-31659 VMware Workspace ONE Access RCE
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-31659
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-1389 Potential Exploitation Attempt - Unauthenticated Command Injection In TP-Link Archer AX21
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-1389
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-23397 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.initial-access
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File
calendar
Aug 12, 2024
·
attack.execution
cve.2023-38331
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.t1203
cve.2023-38331
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - .REV File Creation
calendar
Aug 12, 2024
·
attack.execution
cve.2023-40477
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - WinRAR Application Crash
calendar
Aug 12, 2024
·
attack.execution
cve.2023-40477
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1212 Exploitation - Progress Kemp LoadMaster Unauthenticated Command Injection
calendar
Aug 12, 2024
·
attack.initial-access
cve.2024-1212
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1708 - ScreenConnect Path Traversal Exploitation
calendar
Aug 12, 2024
·
attack.persistence
cve.2024-1708
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - Security
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
cve.2024-1708
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1709 - ScreenConnect Authentication Bypass Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Drop DarkGate Loader In C:\Temp Directory
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkSide Ransomware Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Data Compressed
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Data Copied To Clipboard Via Clip.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
Data Exfiltration to Unsanctioned Apps
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Data Exfiltration with Wget
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
DCERPC SMB Spoolss Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
DCOM InternetExplorer.Application Iertutil DLL Hijack - Security
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
DD File Overwrite
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text -MacOs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Default Cobalt Strike Certificate
calendar
Aug 12, 2024
·
attack.command-and-control
attack.s0154
·
Share on:
twitter
facebook
linkedin
copy
Default Credentials Usage
calendar
Aug 12, 2024
·
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Default RDP Port Changed to Non Standard Port
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Delegated Permissions Granted For All Users
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Delete All Scheduled Tasks
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Delete Important Scheduled Task
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume Shadow Copies Via WMI With PowerShell
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume Shadow Copies via WMI with PowerShell - PS Script
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Deleted Data Overwritten Via Cipher.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell - PS Script
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Denied Access To Remote Desktop
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Deny Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Deployment AppX Package Was Blocked By AppLocker
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Deployment Deleted From Kubernetes Cluster
calendar
Aug 12, 2024
·
attack.t1498
·
Share on:
twitter
facebook
linkedin
copy
Deployment Of The AppX Package Was Blocked By The Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Detect Virtualbox Driver Installation OR Starting Of VMs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.006
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Detected Windows Software Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518
·
Share on:
twitter
facebook
linkedin
copy
Detected Windows Software Discovery - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518
·
Share on:
twitter
facebook
linkedin
copy
Detection of PowerShell Execution via Sqlps.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Device Installation Blocked
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1200
·
Share on:
twitter
facebook
linkedin
copy
Device Registration or Join Without MFA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
DeviceCredentialDeployment Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Devil Bait Potential C2 Communication Traffic
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Devtoolslauncher.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DEWMODE Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DHCP Callout DLL Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DHCP Server Error Failed Loading the CallOut DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DHCP Server Loaded the CallOut DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
DiagTrackEoP Default Login Username
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Direct Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Directory Removal Via Rmdir
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Directory Service Restore Mode(DSRM) Registry Value Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
DirectorySearcher Powershell Exploitation
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
DirLister Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Disable Administrative Share Creation at Startup
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Disable Exploit Guard Network Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Macro Runtime Scan Scope
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Microsoft Defender Firewall via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable of ETW Trace - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562.006
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Disable Or Stop Services
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Powershell Command History
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Disable Privacy Settings Experience in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable PUA Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Events Logging Adding Reg Key MiniNt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable System Firewall
calendar
Aug 12, 2024
·
attack.t1562.004
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Tamper Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender AV Security Monitoring
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Event Logging Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Firewall by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows IIS HTTP Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable-WindowsOptionalFeature Command PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled IE Security Features
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled MFA to Bypass Authentication Mechanisms
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabled Volume Snapshots
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled Windows Defender Eventlog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabling Multi Factor Authentication
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools - Builtin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Discovery of a System Time
calendar
Aug 12, 2024
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Discovery Using AzureHound
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.004
attack.t1526
·
Share on:
twitter
facebook
linkedin
copy
Disk Image Creation Via Hdiutil - MacOS
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Disk Image Mounting Via Hdiutil - MacOS
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Displaying Hidden Files Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Django Framework Exceptions
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution via Rasautou.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution Via Register-cimprovider.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
DLL Load By System Process From Suspicious Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
DLL Load via LSASS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1547.008
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded From Suspicious Location Via Cmspt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading by VMware Xfer Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Dllhost.EXE Execution Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
DllUnregisterServer Function Call Via Msiexec.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
DNS Events Related To Mining Pools
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
DNS Exfiltration and Tunneling Tools Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.001
attack.command-and-control
attack.t1071.004
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
DNS HybridConnectionManager Service Bus
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Anonfiles.com Domain - DNS Client
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Anonfiles.com Domain - Sysmon
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Request By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Request To OneLaunch Update Service
calendar
Aug 12, 2024
·
attack.collection
attack.t1056
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To AzureWebsites.NET By Non-Browser Process
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
DNS Query to External Service Interaction Domains
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.reconnaissance
attack.t1595.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To MEGA Hosting Website
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To MEGA Hosting Website - DNS Client
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Ufile.io
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Ufile.io - DNS Client
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Tor .Onion Address - Sysmon
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.003
·
Share on:
twitter
facebook
linkedin
copy
DNS RCE CVE-2020-1350
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1569.002
cve.2020-1350
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DNS Server Discovery Via LDAP Query
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
DNS Server Error Failed Loading the ServerLevelPluginDLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DNS TOR Proxies
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
DNS TXT Answer with Possible Execution Strings
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Docker Container Discovery Via Dockerenv Listing
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Domain Trust Discovery Via Dsquery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
DotNET Assembly DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
DotNet CLR DLL Loaded By Scripting Applications
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Download File To Potentially Suspicious Directory Via Wget
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Download from Suspicious Dyndns Hosts
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
attack.t1568
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Blacklist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Whitelist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Backup Keys And Certificate Export Activity IOC
calendar
Aug 12, 2024
·
attack.t1555
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Domain Backup Key Extraction
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.004
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Domain Master Key Backup Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.004
·
Share on:
twitter
facebook
linkedin
copy
DPRK Threat Actor - C2 Communication DNS Indicators
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Driver Load From A Temporary Directory
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Driver/DLL Installation Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
DriverQuery.EXE Execution
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Drop Binaries Into Spool Drivers Color Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Droppers Exploiting CVE-2017-11882
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-11882
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Dropping Of Password Filter DLL
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556.002
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
DSInternals Suspicious PowerShell Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Dump Credentials from Windows Credential Manager With PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Dump Ntds.dit To Suspicious Location
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Dumping of Sensitive Hives Via Reg.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.005
car.2013-07-001
·
Share on:
twitter
facebook
linkedin
copy
Dumping Process via Sqldumper.exe
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpStack.log Defender Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dynamic .NET Compilation Via Csc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Dynamic CSharp Compile Artefact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Elise Backdoor Activity
calendar
Aug 12, 2024
·
attack.g0030
attack.g0050
attack.s0081
attack.execution
attack.t1059.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Email Exifiltration Via Powershell
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Enable Microsoft Dynamic Data Exchange
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.002
·
Share on:
twitter
facebook
linkedin
copy
Enable Windows Remote Management
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Enabled User Right in AD to Control User Objects
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
End User Consent
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
End User Consent Blocked
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Enumerate All Information With Whoami.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Enumerate Credentials from Windows Credential Manager With PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Enumeration for 3rd Party Creds From CLI
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
Enumeration for Credentials in Registry
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
Equation Group C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
attack.t1041
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Equation Group DLL_U Export Function Load
calendar
Aug 12, 2024
·
attack.g0020
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Equation Group Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.g0020
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Gather Credentials
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Steals Browser Information
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Volume Shadow Copy Service Keys
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For rpcrt4.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For SCM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Sysmon Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Tamper In .NET Processes Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Trace Evasion Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562.006
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
EventLog EVTX File Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
EvilNum APT Golden Chickens Deployment Via OCX Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
EVTX Created In Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Exchange Exploitation CVE-2021-28480
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-28480
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exchange Exploitation Used by HAFNIUM
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.g0125
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Cmdlet History Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Snap-Ins Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
Exchange Set OabVirtualDirectory ExternalUrl Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Executable from Webdav
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat as Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Files with Msdeploy.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execute From Alternate Data Streams
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Execute Invoke-command on Remote Host
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Execute MSDT Via Answer File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execute Pcwrun.EXE To Leverage Follina
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution DLL of Choice Using WAB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Non-Existing File
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Execution of Powershell Script in Public Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Script Located In Potentially Suspicious Directory
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution via stordiag.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution via WorkFolders.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2015-1641
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
cve.2015-1641
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-0261
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-0261
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-8759
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-8759
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit Framework User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicator Of CVE-2022-42475
calendar
Aug 12, 2024
·
attack.initial-access
cve.2022-42475
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation of CVE-2021-26814 in Wazuh
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-21978
cve.2021-26814
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploited CVE-2020-10189 Zoho ManageEngine
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1059.001
attack.t1059.003
attack.s0190
cve.2020-10189
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting CVE-2019-1388
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
cve.2019-1388
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019-1378
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Explorer NOUACCHECK Flag
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Explorer Process Tree Break
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Exports Critical Registry Keys To a File
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Exports Registry Key To a File
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Exports Registry Key To an Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
External Disk Drive Or USB Storage Device Was Recognized By The System
calendar
Aug 12, 2024
·
attack.t1091
attack.t1200
attack.lateral-movement
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
External Remote RDP Logon from Public IP
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1133
attack.t1078
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
External Remote SMB Logon from Public IP
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1133
attack.t1078
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Extracting Information with PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Failed Authentications From Countries You Do Not Operate Out Of
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Failed Code Integrity Checks
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Failed DNS Zone Transfer
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1590.002
·
Share on:
twitter
facebook
linkedin
copy
Failed Logon From Public IP
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.t1078
attack.t1190
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Failed MSExchange Transport Agent Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
Fax Service DLL Search Order Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - MacOS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
File And SubFolder Enumeration Via Dir Command
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
File Creation Date Changed to Another Year
calendar
Aug 12, 2024
·
attack.t1070.006
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
File Creation In Suspicious Directory By Msdt.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
File Decoded From Base64/Hex Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Decryption Using Gpg4win
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Deleted Via Sysinternals SDelete
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Deletion Via Del
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Download And Execution Via IEExec.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From Browser Process Via Inline URL
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using Notepad++ GUP Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using ProtocolHandler.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To A Suspicious Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To An Uncommon Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download via CertOC.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via InstallUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Nscurl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download with Headless Browser
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Encryption Using Gpg4win
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File Encryption/Decryption Via Gpg4win From Suspicious Locations
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
File In Suspicious Location Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File or Folder Permissions Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
File Recovery From Backup Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
File Time Attribute Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
File Time Attribute Change - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
File Was Not Allowed To Run
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.006
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
File With Suspicious Extension Downloaded Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File With Uncommon Extension Created By An Office Application
calendar
Aug 12, 2024
·
attack.t1204.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Files Added To An Archive Using Rar.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Files With System DLL Name In Unsuspected Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Files With System Process Name In Unsuspected Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Filter Driver Unloaded Via Fltmc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Findstr GPP Passwords
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Finger.EXE Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Fireball Archer Install
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Firewall Disabled via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Deleted Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Update Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Remote Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Remote Named Pipe - Zeek
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Flash Player Update from Suspicious Location
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1189
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
FlowCloud Registry Markers
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Flush Iptables Ufw Chain
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
FoggyWeb Backdoor DLL Loading
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Folder Removed From Exploit Guard ProtectedFolders List - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Custom Protocol Handler Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Custom Protocol Handler DLL Registry Set
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - File Creation Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - JavaScript Constrained File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Process Creation Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Forfiles Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Formbook Process Creation
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fortinet CVE-2018-13379 Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2018-13379
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fortinet CVE-2021-22123 Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-22123
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Behavior Set SymlinkEvaluation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Drive Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1120
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Suspicious Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Function Call From Undocumented COM Interface EditionUpgradeManager
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
GAC DLL Loaded Via Office Applications
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM Artefacts - Builtin
calendar
Aug 12, 2024
·
attack.credential-access
attack.command-and-control
attack.t1071
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM IOCs
calendar
Aug 12, 2024
·
attack.credential-access
attack.command-and-control
attack.t1212
attack.t1071
attack.g0093
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Gatekeeper Bypass via Xattr
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.001
·
Share on:
twitter
facebook
linkedin
copy
GatherNetworkInfo.VBS Reconnaissance Script Output
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
GCP Access Policy Deleted
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
GCP Break-glass Container Workload Deployed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Get-ADUser Enumeration Using UserAccountControl Flags
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Github Delete Action Invoked
calendar
Aug 12, 2024
·
attack.impact
attack.collection
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Fork Private Repositories Setting Enabled/Cleared
calendar
Aug 12, 2024
·
attack.persistence
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Outside Collaborator Detected
calendar
Aug 12, 2024
·
attack.persistence
attack.collection
attack.t1098.001
attack.t1098.003
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Push Protection Bypass Detected
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Github Push Protection Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Github Repository/Organization Transferred
calendar
Aug 12, 2024
·
attack.persistence
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Github Secret Scanning Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github SSH Certificate Configuration Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor IOC
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Potential C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Service Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud DNS Zone Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Firewall Modified or Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Admission Controller
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes RoleBinding
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Secrets Modified or Deleted
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Re-identifies Sensitive Information
calendar
Aug 12, 2024
·
attack.impact
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Service Account Disabled or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Service Account Modified
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud SQL Database Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Storage Buckets Enumeration
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Storage Buckets Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud VPN Tunnel Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Full Network Traffic Packet Capture
calendar
Aug 12, 2024
·
attack.collection
attack.t1074
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Access Level Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Removed
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Granted Domain API Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace MFA Disabled
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Role Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Role Privilege Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace User Granted Admin Privileges
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
GoToAssist Temporary Installation Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Gpresult Display Group Policy Information
calendar
Aug 12, 2024
·
attack.discovery
attack.t1615
·
Share on:
twitter
facebook
linkedin
copy
Gpscript Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Grafana Path Traversal Exploitation CVE-2021-43798
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-43798
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Granting Of Permissions To An Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Greedy File Deletion Using Del
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Griffon Malware Attack Pattern
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Group Has Been Deleted Via Groupdel
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Group Membership Reconnaissance Via Whoami.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Guacamole Two Users Sharing Session Anomaly
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Guest Account Enabled Via Sysadminctl
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
attack.t1078.001
·
Share on:
twitter
facebook
linkedin
copy
Guest User Invited By Non Approved Inviters
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Guest Users Invited To Tenant By Non Approved Inviters
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
GUI Input Capture - macOS
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Gzip Archive Decode Via PowerShell
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Hack Tool User Agent
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.credential-access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
HackTool - ADCSPwn Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - BabyShark Agent Default URL Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Bloodhound/Sharphound Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CACTUSTORCH Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1055.012
attack.t1059.005
attack.t1059.007
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certify Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike BOF Injection Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike Malleable Profile Patterns - Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Covenant PowerShell Launcher
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1564.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.s0106
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec File Indicators
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec PowerShell Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Process Patterns
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CreateMiniDump Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Credential Dumping Tools Named Pipe Created
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DiagTrackEoP Default Named Pipe
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Dumpert Process Dumper Default File
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Dumpert Process Dumper Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution - Filter Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell Launch Parameters
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell UAC Bypass
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire UserAgent URI Combo
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Evil-WinRm Execution - PowerShell Module
calendar
Aug 12, 2024
·
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
HackTool - F-Secure C3 Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - GMER Rootkit Detector and Remover Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz Duplicating LSASS Handle
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz LSASS Dumper Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Hashcat Password Cracker Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Htran/NATBypass Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
attack.s0040
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Hydra Password Bruteforce Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impacket Tools Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Inveigh Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Inveigh Execution Artefacts
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Jlaive In-Memory Assembly Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koadic Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koh Default Named Pipe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1528
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - KrbRelay Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - KrbRelayUp Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
attack.lateral-movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LittleCorporal Generated Maldoc Injection
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
cve.2023-21746
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Mimikatz Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Mimikatz Kirbi File Creation
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
HackTool - NPPSpy Hacktool Usage
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PCHunter Execution
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1082
attack.t1057
attack.t1012
attack.t1083
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential CobaltStrike Process Injection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential Impacket Lateral Movement Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential Remote Credential Dumping Activity Via CrackMapExec Or Impacket-Secretsdump
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PowerTool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Powerup Write Hijack DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PPID Spoofing SelectMyParent Tool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1134.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PurpleSharp Execution
calendar
Aug 12, 2024
·
attack.t1587
attack.resource-development
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Pypykatz Credentials Dumping Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Quarks PwDump Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - QuarksPwDump Dump File
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RemoteKrbRelay Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RemoteKrbRelay SMB Relay Secrets Dump Module Indicators
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Rubeus Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1558.003
attack.lateral-movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Rubeus Execution - ScriptBlock
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1558.003
attack.lateral-movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SafetyKatz Dump Indicator
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SafetyKatz Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SecurityXploded Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpChisel Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpDPAPI Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharPersist Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpEvtMute DLL Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpEvtMute Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpImpersonation Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpLDAPmonitor Execution
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpLdapWhoami Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpMove Tool Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpUp PrivEsc Tool Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1615
attack.t1569.002
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpView Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
attack.t1069.002
attack.t1482
attack.t1135
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SILENTTRINITY Stager DLL Load
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SILENTTRINITY Stager Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Sliver C2 Implant Activity Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEnte Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEOP Execution
calendar
Aug 12, 2024
·
cve.2022-41120
attack.t1068
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
HackTool - TruffleSnout Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Typical HiveNightmare SAM File Export
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
cve.2021-36934
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Windows Credential Editor (WCE) Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - winPEAS Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1082
attack.t1087
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinRM Access Via Evil-WinRM
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Wmiexec Default Powershell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
HackTool - XORDump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Execution - Imphash
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Execution - PE Metadata
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Hacktool Ruler
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1087
attack.t1114
attack.t1059
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool Service Registration or Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
HAFNIUM Exchange Exploitation Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.t1053
attack.g0125
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Hardware Model Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Harvesting Of Wifi Credentials Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Hermetic Wiper TG Process Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1021.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden Executable In NTFS Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Hidden Files and Directories
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden Powershell in Link File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden User Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Hide Schedule Task Via Index Value Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Hiding Files with Attrib.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Hijack Legit RDP Session to Move Laterally
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
History File Deletion
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Host Without Firewall
calendar
Aug 12, 2024
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
HTTP Request With Empty User Agent
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Installation - Registry
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1608
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Running
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
Hypervisor Enforced Code Integrity Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hypervisor Enforced Paging Translation Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
IE Change Domain Zone
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols Via CLI
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Ie4uinit Lolbin Use From Invalid Path
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
IIS Native-Code Module Command Line Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
IIS WebServer Access Logs Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
ImagingDevices Unusual Parent/Child Processes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Impacket PsExec Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Import LDAP Data Interchange Format File Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1218
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Import PowerShell Modules From Suspicious Directories - ProcCreation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Event Auditing Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Service Terminated Unexpectedly
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Service Terminated With Error
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Imports Registry Key From a File
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Imports Registry Key From an ADS
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Increased Failed Authentications Of Any Type
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Indicator Removal on Host - Clear Mac System Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution By Program Compatibility Wizard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution From Script File Via Bash.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Indirect Inline Command Execution Via Bash.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
InfDefaultInstall.exe .inf Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Ingress/Egress Security Group Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Insecure Proxy/DOH Transfer Via Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Insecure Transfer Via Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Insensitive Subfolder Search Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Install New Package Via Winget Local Manifest
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Install Root Certificate
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Installation of TeamViewer Desktop
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Interactive AT Job
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Interactive Bash Suspicious Children
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.004
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Interesting Service Enumeration Via Sc.EXE
calendar
Aug 12, 2024
·
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer DisableFirstRunCustomize Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Invocation of Active Directory Diagnostic Tool (ntdsutil.exe)
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
ISO File Created Within Temp Folders
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
ISO Image Mounted
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
ISO or Image Mount Indicator in Recent Files
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Potential Suspicious Child Process
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Java Payload Strings
calendar
Aug 12, 2024
·
cve.2022-26134
cve.2021-26084
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Java Running with Remote Debugging
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
JexBoss Command Sequence
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
JNDIExploit Pattern
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
JScript Compiler Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
JXA In-memory Execution Via OSAScript
calendar
Aug 12, 2024
·
attack.t1059.002
attack.t1059.007
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Autorun Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Configuration Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Execution Via RunDLL32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Loaded Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kavremover Dropped Binary LOLBIN Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
KDC RC4-HMAC Downgrade CVE-2022-37966
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Manipulation
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Network Traffic RC4 Ticket Encryption
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Kernel Memory Dump Via LiveKD
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
KrbRelayUp Service Installation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Admission Controller Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes CronJob/Job Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Events Deleted
calendar
Aug 12, 2024
·
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Rolebinding Modification
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Secrets Enumeration
calendar
Aug 12, 2024
·
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Secrets Modified or Deleted
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Unauthorized or Unauthenticated Access
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Launch Agent/Daemon Execution Via Launchctl
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1569.001
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Launch-VsDevShell.PS1 Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216.001
·
Share on:
twitter
facebook
linkedin
copy
Lazarus Group Activity
calendar
Aug 12, 2024
·
attack.g0032
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus System Binary Masquerading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Archive
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Script
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Leviathan Registry Key Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Pipe to Shell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Shebang In CLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Capabilities Discovery
calendar
Aug 12, 2024
·
attack.collection
attack.privilege-escalation
attack.t1123
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Linux Command History Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Indicators
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Pool Connections
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Linux Doas Conf File Creation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Linux Doas Tool Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Linux Keylogging with Pam.d
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Linux Network Service Scanning - Auditd
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Linux Package Uninstall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Linux Recon Indicators
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1592.004
attack.credential-access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Linux Remote System Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Linux Reverse Shell Indicator
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Linux Shell Pipe to Shell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Webshell Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Live Memory Dump Using Powershell
calendar
Aug 12, 2024
·
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Kernel Memory Dump File Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LoadBalancer Security Group Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Loaded Module Enumeration Via Tasklist.EXE
calendar
Aug 12, 2024
·
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Loading Diagcab Package From Remote Path
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Loading of Kernel Module via Insmod
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Local Accounts Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Local File Read Using Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local Network Connection Initiated By Script Interpreter
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Local Privilege Escalation Indicator TabTip
calendar
Aug 12, 2024
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Local System Accounts Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Locked Workstation
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
LockerGoga Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Log4j RCE CVE-2021-44228 Generic
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Log4j RCE CVE-2021-44228 in Fields
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-44228
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Logged-On User Password Change Via Ksetup.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Logging Configuration Changes on Linux Host
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
Login to Disabled Account
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Logon from a Risky IP Address
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
LOL-Binary Copied From System Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
LOLBAS Data Exfiltration by DataSvcUtil.exe
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
Lolbas OneDriveStandaloneUpdater.exe Proxy Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
LOLBIN Execution From Abnormal Drive
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Runexehelper Use As Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Unregmp2.exe Use As Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
LSA PPL Protection Disabled Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.010
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access Detected via Attack Surface Reduction
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access From Non System Account
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access From Potentially White-Listed Processes
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
LSASS Dump Keyword In CommandLine
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Lsass Full Dump Request Via DumpType Registry Settings
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Memory Access by Tool With Dump Keyword In Name
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Lsass Memory Dump via Comsvcs DLL
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Dump Artefact In CrashDumps Folder
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Reconnaissance Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
MacOS Emond Launch Daemon
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.014
·
Share on:
twitter
facebook
linkedin
copy
MacOS Network Service Scanning
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Macos Remote System Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
MacOS Scripting Interpreter AppleScript
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Macro Enabled In A Potentially Suspicious Document
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Mailbox Export to Exchange Webserver
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Malicious Base64 Encoded PowerShell Keywords in Command Lines
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL Load By Compromised 3CXDesktopApp
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious IP Address Sign-In Failure Rate
calendar
Aug 12, 2024
·
attack.t1090
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Malicious IP Address Sign-In Suspicious
calendar
Aug 12, 2024
·
attack.t1090
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Malicious Named Pipe Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Malicious Nishang PowerShell Commandlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PE Execution by Microsoft Visual Studio Debugger
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ProcessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Commandlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1482
attack.t1087
attack.t1087.001
attack.t1087.002
attack.t1069.001
attack.t1069.002
attack.t1069
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Keywords
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious ShellIntel PowerShell Commandlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious Usage Of IMDS Credentials Outside Of AWS Infrastructure
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078
attack.t1078.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious Windows Script Components File Execution by TAEF Detection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Malware Shellcode in Verclsid Target Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malware User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
ManageEngine Endpoint Central Dctask64.EXE Potential Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Manipulation of User Computer or Group Security Principals Across AD
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.002
·
Share on:
twitter
facebook
linkedin
copy
Masquerading as Linux Crond Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Mavinject Inject DLL Into Running Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
MaxMpxCt Registry Value Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Measurable Increase Of Successful Authentications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
MERCURY APT Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mesh Agent Service Installation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Metasploit SMB Authentication
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - Security
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation - System
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 - Impossible Travel Activity
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 - Potential Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 - Unusual Volume of File Deletion
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 - User Restricted from Sending Email
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1199
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Defender Blocked from Loading Unsigned DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Defender Tamper Protection Trigger
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Excel Add-In Loaded From Uncommon Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Connection Strings Decryption
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Service Account Password Dumped
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Malware Protection Engine Crash
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1211
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Malware Protection Engine Crash - WER
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1211
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office Protected View Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Teams Sensitive File Access By Uncommon Applications
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Microsoft VBA For Outlook Addin Loaded Via Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz DC Sync
calendar
Aug 12, 2024
·
attack.credential-access
attack.s0002
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Use
calendar
Aug 12, 2024
·
attack.s0002
attack.lateral-movement
attack.credential-access
car.2013-07-001
car.2019-04-004
attack.t1003.002
attack.t1003.004
attack.t1003.001
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - AsperaFaspex Suspicious Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - Log4J Wstomcat Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - ManageEngine Suspicious Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1053.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
MMC Spawning Windows Shell
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
MMC20 Lateral Movement
calendar
Aug 12, 2024
·
attack.execution
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Modification of IE Registry Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Modification of ld.so.preload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings - ScriptBlockLogging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify System Firewall
calendar
Aug 12, 2024
·
attack.t1562.004
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Modifying Crontab
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Monitoring For Persistence Via BITS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit - System
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mount Execution With Hidepid Parameter
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
calendar
Aug 12, 2024
·
cve.2023-34362
detection.emerging-threats
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
MSExchange Transport Agent Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
MSExchange Transport Agent Installation - Builtin
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
MSHTA Suspicious Execution 01
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1218.005
attack.execution
attack.t1059.007
cve.2020-1599
·
Share on:
twitter
facebook
linkedin
copy
Mshtml.DLL RunHTMLApplication Suspicious Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Suspicious Locations
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Web
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Msiexec Quiet Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
MsiExec Web Install
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
MSMQ Corrupted Packet Encountered
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Add Account To Sysadmin Role
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Disable Audit Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Extended Stored Procedure Backdoor Maggie
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Server Failed Logon
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Server Failed Logon From External Network
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
MSSQL SPProcoption Set
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
MSSQL XPCmdshell Option Change
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSSQL XPCmdshell Suspicious Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Mstsc.EXE Execution From Uncommon Parent
calendar
Aug 12, 2024
·
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Mstsc.EXE Execution With Local RDP File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Msxsl.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Multifactor Authentication Denied
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1110
attack.t1621
·
Share on:
twitter
facebook
linkedin
copy
Multifactor Authentication Interrupted
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1110
attack.t1621
·
Share on:
twitter
facebook
linkedin
copy
Mustang Panda Dropper
calendar
Aug 12, 2024
·
attack.t1587.001
attack.resource-development
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Named Pipe Created Via Mkfifo
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Narrator's Feedback-Hub Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
NET NGenAssemblyUsageLog Registry Key Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Net WebClient Casing Anomalies
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Netcat The Powershell Version
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1095
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Netsh Allow Group Policy on Microsoft Defender Firewall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
NetSupport Manager Service Install
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To Portmap.IO Domain
calendar
Aug 12, 2024
·
attack.t1041
attack.command-and-control
attack.t1090.002
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Network Communication With Crypto Mining Pool
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By AddinUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Eqnedt32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By IMEWDBLD.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To AzureWebsites.NET By Non-Browser Process
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Cloudflared Tunnels Domains
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Mega.nz
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated Via Notepad.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Network Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087
attack.t1082
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - Linux
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
New ActiveScriptEventConsumer Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
New Application in AppCompat
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom DB Path Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom VBScript Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom WMI Query Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New CA Policy by Non-approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
New Custom Shim Database Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppCertDlls Registry Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppInit_DLLs Registry Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
New DLL Registered Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed Via Dnscmd.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added - Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New File Association Using Exefile
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
New File Exclusion Added To Time Machine Via Tmutil - MacOS
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added In Windows Firewall Exception List Via WmiPrvSE.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
attack.s0246
·
Share on:
twitter
facebook
linkedin
copy
New Generic Credentials Added Via Cmdkey.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
New Github Organization Member Added
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Kernel Driver Via SC.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Kind of Network (NKN) Detection
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
New Kubernetes Service Account Created
calendar
Aug 12, 2024
·
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
New Network ACL Entry Added
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
New Network Route Added
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
New Network Trace Capture Started Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
New ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New or Renamed User Account with '$' Character
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
New Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
New PDQDeploy Service - Client Side
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New PDQDeploy Service - Server Side
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Port Forwarding Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
New PortProxy Registry Entry Added
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
New PowerShell Instance Created
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Taskmgr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
New Remote Desktop Connection Initiated Via Mstsc.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Authority Added
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Installed Via CertMgr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Installed Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
New Root or CA or AuthRoot Certificate to Store
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
New RUN Key Pointing to Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using PowerShell
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New TimeProviders Registered With Uncommon DLL Name
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE With Never Expire Option
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
New Virtual Smart Card Created Via TpmVscMgr.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Nginx Core Dump
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Ngrok Usage with Remote Desktop Service
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Nimbuspwn Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Nltest.EXE Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
attack.t1018
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
No Suitable Encryption Key Found For Generating Kerberos Ticket
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Node Process Executions
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Nohup Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Non Interactive PowerShell Process Spawned
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Non-privileged Usage of Reg or Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
NotPetya Ransomware Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.t1070.001
attack.credential-access
attack.t1003.001
car.2016-04-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Nslookup PowerShell Download Cradle
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Nslookup PowerShell Download Cradle - ProcessCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
NtdllPipe Like Activity Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
NTDS Exfiltration Filename Patterns
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Created
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Ntdsutil Abuse
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTFS Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
NTFS Vulnerability Exploitation
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.001
·
Share on:
twitter
facebook
linkedin
copy
NTLM Brute Force
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
NTLM Logon
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
NTLMv1 Logon Between Client and Server
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Number Of Resource Creation Or Deployment Activities
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated IP Download Activity
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
OceanLotus Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Octopus Scanner Malware
calendar
Aug 12, 2024
·
attack.t1195
attack.t1195.001
·
Share on:
twitter
facebook
linkedin
copy
Odbcconf.EXE Suspicious DLL Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection Over Uncommon Ports
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection To Non-Local IP
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Office Application Startup - Office Test
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.002
·
Share on:
twitter
facebook
linkedin
copy
Office Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macro File Creation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macro File Creation From Suspicious Process
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macro File Download
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macros Warning Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assigned to an User or Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assignment Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Okta API Token Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Okta API Token Revoked
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Application Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Application Sign-On Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta FastPass Phishing Detection
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Okta Identity Provider Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.001
·
Share on:
twitter
facebook
linkedin
copy
Okta MFA Reset or Deactivated
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.defense-evasion
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
Okta Network Zone Deactivated or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta New Admin Console Behaviours
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Okta Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Policy Rule Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Security Threat Detected
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Okta Suspicious Activity Reported by End-user
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1586.003
·
Share on:
twitter
facebook
linkedin
copy
Okta Unauthorized Access to App
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta User Account Locked Out
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Okta User Session Start Via An Anonymising Proxy Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
Old TLS1.0/TLS1.1 Protocol Version Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD HTTP No Authentication RCE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.lateral-movement
attack.t1068
attack.t1190
attack.t1203
attack.t1021.006
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteShellCommand
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
OneLogin User Account Locked
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
OneLogin User Assumed Another User
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
OneNote Attachment File Dropped In Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - FTP Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.exfiltration
attack.t1190
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - GIT Clone Request
calendar
Aug 12, 2024
·
attack.collection
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - HTTP GET Request
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - HTTP POST Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - HTTPPROXY Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.defense-evasion
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - MSSQL Login Attempt Via SQLAuth
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - MSSQL Login Attempt Via Windows Authentication
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - MySQL Login Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - NTP Monlist Request
calendar
Aug 12, 2024
·
attack.impact
attack.t1498
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - REDIS Action Command Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1003
attack.t1213
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SIP Request
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SMB File Open Request
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.t1021
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SNMP OID Request
calendar
Aug 12, 2024
·
attack.discovery
attack.lateral-movement
attack.t1016
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SSH Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.persistence
attack.t1133
attack.t1021
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SSH New Connection Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.persistence
attack.t1133
attack.t1021
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - Telnet Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.command-and-control
attack.t1133
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - TFTP Request
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1041
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - VNC Connection Attempt
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
OpenSSH Server Listening On Socket
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
OpenWith.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.t1505.003
cve.2018-2894
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit CVE-2020-14882
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2020-14882
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit CVE-2021-2109
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2021-2109
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OS Architecture Discovery Via Grep
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Osacompile Execution By Potentially Suspicious Applet/Osascript
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
OSACompile Run-Only Execution
calendar
Aug 12, 2024
·
attack.t1059.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Cmstp.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Microsoft Dialer
calendar
Aug 12, 2024
·
attack.execution
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Script Interpreter
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.command-and-control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Outbound RDP Connections Over Non-Standard Tools
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Outdated Dependency Or Vulnerability Alert Disabled
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1195.001
·
Share on:
twitter
facebook
linkedin
copy
Outgoing Logon with New Credentials
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1550
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Outlook Security Settings Updated - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Outlook Task/Note Reminder Received
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Overwriting the File with Dev Zero or Null
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
OWASSRF Exploitation Attempt Using Public POC - Proxy
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
OWASSRF Exploitation Attempt Using Public POC - Webserver
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PAExec Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Pandemic Registry Key
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PaperCut MF/NG Exploitation Related Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PaperCut MF/NG Potential Exploitation
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pass the Hash Activity 2
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Password Change on Directory Service Restore Mode (DSRM) Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Password Dumper Activity on LSASS
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Password Dumper Remote Thread in LSASS
calendar
Aug 12, 2024
·
attack.credential-access
attack.s0005
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Discovery With Get-AdDefaultDomainPasswordPolicy
calendar
Aug 12, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Password Policy Enumerated
calendar
Aug 12, 2024
·
attack.discovery
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Email Attachment)
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.t1027
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Password Reset By User Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Password Spray Activity
calendar
Aug 12, 2024
·
attack.t1110
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Path To Screensaver Binary Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Path Traversal Exploitation Attempts
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Aug 12, 2024
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense-evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Image Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Temp Files
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PDF File Created By RegEdit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PDQ Deploy Remote Adminstartion Tool Execution
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
Peach Sandstorm APT Process Activity Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Periodic Backup For System Registry Hives Enabled
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Perl Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Permission Check Via Accesschk.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Cron Files
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Disk Cleanup Handler - Autorun
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Hhctrl.ocx
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sticky Key Backdoor
calendar
Aug 12, 2024
·
attack.t1546.008
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sudoers Files
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via TypedPaths - CommandLine
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PetitPotam Suspicious Kerberos TGT Request
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Phishing Pattern ISO in Archive
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Php Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Pikabot Fake DLL Extension Execution Via Rundll32.EXE
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PIM Alert Setting Changes To Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
PIM Approvals And Deny Elevation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Ping Hex IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor DLL Loading Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PktMon.EXE Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Pnscan Binary Data Transmission Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Port Forwarding Activity Via SSH.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.lateral-movement
attack.t1572
attack.t1021.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Possible Coin Miner CPU Priority Param
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Possible DC Shadow Attack
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Possible DCSync Attack
calendar
Aug 12, 2024
·
attack.t1033
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Possible Exploitation of Exchange RCE CVE-2021-42321
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity - Zeek
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Possible PetitPotam Coerce Authentication Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Possible PrintNightmare Print Driver Install
calendar
Aug 12, 2024
·
attack.execution
cve.2021-1678
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Possible Shadow Credentials Added
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Access Token Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1134.001
stp.4u
·
Share on:
twitter
facebook
linkedin
copy
Potential ACTINIUM Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - ProcCreation
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsModule
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsScript
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential AD User Enumeration From Non-Machine Account
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Adplus.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Script Using NULL Bits
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Using NULL Bits
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI COM Server Hijacking
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Antivirus Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Application Whitelisting Bypass via Dnx.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Potential appverifUI.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Exploitation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 POWERHOLD Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Reconnaissance/POWERTRASH Related Activity
calendar
Aug 12, 2024
·
attack.execution
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Related PowerShell Script Created
calendar
Aug 12, 2024
·
attack.execution
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT Mustang Panda Activity Against Australian Gov
calendar
Aug 12, 2024
·
attack.execution
attack.g0129
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT-C-12 BlueMushroom DLL Load Activity Via Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT10 Cloud Hopper Activity
calendar
Aug 12, 2024
·
attack.execution
attack.g0045
attack.t1059.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Code Execution Via Node.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Using Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Via FTP.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary DLL Load Using Winword
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Using Office Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Via Cmdl32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2021-26084
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Associations Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Attachments Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential AutoLogger Sessions Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential AVKkid.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Azure Browser SSO Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Encoded User-Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Potential BearLPE Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1053.005
car.2013-08-001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Or Script Dropper Via PowerShell
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via Cdb.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1218
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via VSDiagnostics.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.defense-evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Browser Data Stealing
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Bucket Enumeration on AWS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1580
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Centos Web Panel Exploitation Attempt - CVE-2022-44877
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-44877
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Chrome Frame Helper DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Process Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Service Installations - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Load
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT Windows User Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Object Hijacking Via TreatAs Subkey - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - Process Creation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - PS Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Command Line Path Traversal Evasion Attempt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Commandline Obfuscation Using Escape Characters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Path Traversal Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - DNS
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - Netcon
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - Proxy
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp ICO C2 File Download
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Update Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Configuration And Service Reconnaissance Via Reg.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.t1007
·
Share on:
twitter
facebook
linkedin
copy
Potential Container Discovery Via Inodes Listing
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Conti Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.s0575
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Conti Ransomware Database Dumping Activity Via SQLCmd
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Cookies Session Hijacking
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Activity Via LSASS
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - CLI
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - REG
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Via PowerShell Remote Thread
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via LSASS Process Clone
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via LSASS SilentProcessExit Technique
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via WER
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via WER - Application
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Crypto Mining Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Potential CSharp Streamer RAT Loading .NET Executable Image
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-26857 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
cve.2021-26857
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-27905 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-27905
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-40444 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-41379 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
cve.2021-41379
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-42278 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
cve.2021-42278
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-42287 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-21587 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-21587
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-26809 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1569.002
cve.2022-26809
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-46169 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-46169
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-21554 QueueJumper Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.execution
cve.2023-21554
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-2283 Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2023-2283
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-23397 Exploitation Attempt - SMB
calendar
Aug 12, 2024
·
attack.exfiltration
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-23752 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2023-23752
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-25157 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
cve.2023-25157
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-25717 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2023-25717
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27997 Exploitation Indicators
calendar
Aug 12, 2024
·
cve.2023-27997
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution
calendar
Aug 12, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location
calendar
Aug 12, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - File Downloads
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - Share Access
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - URL Marker
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Dropped File
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
cve.2024-3400
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation
calendar
Aug 12, 2024
·
attack.execution
cve.2024-3400
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2303-36884 URL Request Pattern Traffic
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity Via CommandLine Tools
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Via Audio File
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Stealing Via Chromium Headless Debugging
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Potential DCOM InternetExplorer.Application DLL Hijack
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Potential DCOM InternetExplorer.Application DLL Hijack - Image Load
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Binary Rename
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Raw Disk Access By Uncommon Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1006
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Rename Of Highly Relevant Binaries
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Malware Reconnaissance
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Related Indicator
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - MacOS
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Via Dnscmd.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL File Download Via PowerShell Invoke-WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Injection Or Execution Using Tracker.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGCORE.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGHELP.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DbgModel.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of KeyScramblerIE.DLL Via KeyScrambler.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Libcurl.DLL Via GUP.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of MpSvc.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of MsCorSvc.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via DeviceEnroller.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via VMware Xfer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Dosfuscation Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Download/Upload Activity Using Type Command
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Dridex Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.discovery
attack.t1135
attack.t1033
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Dropper Script Execution Via WScript/CScript
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Dtrack RAT Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EACore.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Edputil.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EmpireMonkey Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encoded PowerShell Patterns In CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Encrypted Registry Blob Related To SNAKE Malware
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EventLog File Location Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Execution of Sysinternals Tools
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-3094 - Suspicious SSH Child Process
calendar
Aug 12, 2024
·
attack.execution
cve.2024-3094
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-37085 - Suspicious Creation Of ESX Admins Group
calendar
Aug 12, 2024
·
attack.execution
cve.2024-37085
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-37085 - Suspicious ESX Admins Group Activity
calendar
Aug 12, 2024
·
attack.execution
cve.2024-37085
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Fake Instance Of Hxtsr.EXE Executed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential File Overwrite Via Sysinternals SDelete
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Potential GobRAT File Discovery Via Grep
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Goofy Guineapig Backdoor Activity
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Goofy Guineapig GoolgeUpdate Process Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Goopdate.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters in Filename
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Download And Compile Of Payloads
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.007
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Execution Using Reflection.Assembly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
Potential Initial Access via DLL Search Order Hijacking
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.001
attack.initial-access
attack.t1574
attack.t1574.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Invoke-Mimikatz PowerShell Script
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential Iviewers.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential JNDI Injection Exploitation In JVM Based Application
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Lure Document Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Shutdown Schedule Task Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Winlogon Shell Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Kapeka Decrypted Backdoor Indicator
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Ke3chang/TidePool Malware Activity
calendar
Aug 12, 2024
·
attack.g0004
attack.defense-evasion
attack.t1562.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Keylogger Activity
calendar
Aug 12, 2024
·
attack.collection
attack.credential-access
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Potential LethalHTA Technique Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Libvlc.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Local File Read Vulnerability In JVM Based Application
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential LSASS Process Dump Via Procdump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.credential-access
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious AppX Package Installation Attempts
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious Usage of CloudTrail System Manager
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1566
attack.t1566.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Manage-bde.wsf Abuse To Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Memory Dumping Activity Via LiveKD
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Meterpreter/CobaltStrike Activity
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Potential MFA Bypass Using Legacy Client Authentication
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Potential Mfdetours.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mftrace.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading Via Defender Binaries
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading Via OfflineScannerShell.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential MsiExec Masquerading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Potential MSTSC Shadowing Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1563.002
·
Share on:
twitter
facebook
linkedin
copy
Potential MuddyWater APT Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Netcat Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential NetWire RAT Activity - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Network Sniffing Activity Using Network Tools
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Potential NTLM Coercion Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Obfuscated Ordinal Call Via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential OGNL Injection Exploitation In JVM Based Application
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2017-5638
cve.2022-26134
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - DNS
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - Proxy
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential OWASSRF Exploitation Attempt - Proxy
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential OWASSRF Exploitation Attempt - Webserver
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Packet Capture Activity Via Start-NetEventSession - ScriptBlock
calendar
Aug 12, 2024
·
attack.credential-access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Potential Password Spraying Attempt Using Dsacls.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Peach Sandstorm APT C2 Communication Activity
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PendingFileRenameOperations Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Perl Reverse Shell Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via ErrorHandler.Cmd
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Existing Service Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Run Keys Using Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Using DebugPath
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via App Paths Default Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AutodialDLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via CHM Helper DLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Custom Protocol Handler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Disk Cleanup Handler - Registry
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via DLLPathOverride
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Event Viewer Events.asp
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Excel Add-in - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.defense-evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - CommandLine
calendar
Aug 12, 2024
·
attack.persistence
attack.t1037.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - Registry
calendar
Aug 12, 2024
·
attack.t1037.001
attack.persistence
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via LSA Extensions
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Compatibility Appraiser
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Add-In
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Mpnotify
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via New AMSI Providers - Registry
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Notepad++ Plugins
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Form
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PlistBuddy
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PowerShell User Profile Using Add-Content
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Scrobj.dll COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database In Uncommon Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via TypedPaths
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Visual Studio Tools for Office
calendar
Aug 12, 2024
·
attack.t1137.006
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential PetitPotam Attack Via EFS RPC Calls
calendar
Aug 12, 2024
·
attack.t1557.001
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Potential PHP Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot C2 Activity
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Discovery Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
attack.t1049
attack.t1087
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Hollowing Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.012
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PlugX Activity
calendar
Aug 12, 2024
·
attack.s0013
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Via DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via WCHAR
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Powershell ReverseShell Connection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential POWERTRASH Script Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation To LOCAL SYSTEM
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Service Permissions Weakness
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Privileged System Service Operation - SeLoadDriverPrivilege
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Execution Proxy Via CL_Invocation.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Injection Via Msra.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Class Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
car.2016-03-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Product Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution - REG
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Provlaunch.EXE Binary Proxy Execution Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential PsExec Remote Execution
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PSFactoryBuffer COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential QBot Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware Activity Using LegalNotice Message
calendar
Aug 12, 2024
·
attack.impact
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.persistence
attack.t1542.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Aclui Dll SideLoading
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin CPL Execution Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Dot Ending File
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Registry Set Internet Settings ZoneMap
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Rcdll.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RCE Exploitation Attempt In NodeJS
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Session Hijacking Activity
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Tunneling Via Plink
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Tunneling Via SSH
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Potential Recon Activity Using DriverQuery.EXE
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Potential Recon Activity Via Nltest.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Potential ReflectDebugger Content Execution Via WerFault.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Register_App.Vbs LOLScript Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via DbgManagedDebugger
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via Windows Telemetry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Regsvr32 Commandline Flag Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Command Execution In Pod Container
calendar
Aug 12, 2024
·
attack.t1609
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Desktop Connection to Non-Domain Host
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Desktop Tunneling
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote PowerShell Session Initiated
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell ScriptBlock
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Renamed Rundll32 Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential RipZip Attack on Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Non-Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RoboForm.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Ruby Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Rundll32 Execution With DLL Stored In ADS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Russian APT Credential Theft Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ryuk Ransomware Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Script Proxy Execution Via CL_Mutexverifiers.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potential SentinelOne Shell Context Menu Scan Command Tampering
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Server Side Template Injection In Velocity
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Functionality Abuse
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Shim Database Persistence via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Sidecar Injection Into Running Deployment
calendar
Aug 12, 2024
·
attack.t1609
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential SmadHook.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential SMB Relay Attack Tool Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Installation Binary Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Installation CLI Arguments Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Persistence Service Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Snatch Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SocGholish Second Stage C2 DNS Query
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SolidPDFCreator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential SpEL Injection In Spring Framework
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential SPN Enumeration Via Setspn.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Startup Shortcut Persistence Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.defense-evasion
attack.credential-access
attack.privilege-escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious BPF Activity - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Browser Launch From Document Reader Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Change To Sensitive/Critical Files
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Child Process Of 3CXDesktopApp
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Mofcomp Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Keywords
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Registry File Imported Via Reg.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Windows Feature Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Windows Feature Enabled - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Winget Package Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential SysInternals ProcDump Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential SystemNightmare Exploitation Attempt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Tampering With RDP Related Registry Keys Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Tampering With Security Products Via WMIC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Unquoted Service Path Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Potential Ursnif Malware Activity - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Vivaldi_elf.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Waveedit.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Wazuh Security Platform DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Webshell Creation On Static Website
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Potential WerFault ReflectDebugger Registry Value Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via CommandLine
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential WinAPI Calls Via PowerShell Scripts
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Potential Windows Defender AV Bypass Via Dump64.EXE Rename
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Windows Defender Tampering Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Potential Winnti Dropper Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential WizardUpdate Malware Infection
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Potential WMI Lateral Movement WmiPrvSE Spawned PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential WWlib.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Xterm Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential XXE Exploitation Attempt In JVM Based Application
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potentially Over Permissive Permissions Granted Using Dsacls.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ASP.NET Compilation Via AspNetCompiler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Call To Win32_NTEventlogFile Class
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Call To Win32_NTEventlogFile Class - PSScript
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of ClickOnce Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of DiskShadow.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process of KeyScrambler.exe
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1203
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of WinRAR.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious CMD Shell Output Redirect
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious DLL Registered Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious DMP/HDMP File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Event Viewer Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Parent Process In Public Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Tmp Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution Of PDQDeployRunner
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution Of Regasm/Regsvcs With Uncommon Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From ZIP TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious GoogleUpdate Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Named Pipe Created Via Mkfifo
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Network Connection To Notion API
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Ping/Copy Command Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Regsvr32 HTTP IP Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Regsvr32 HTTP/FTP Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32 Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Self Extraction Directive File Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Shell Script Creation in Profile Folder
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Usage Of Qemu
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious WebDAV LNK Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Windows App Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Wuauclt Network Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Powershell Add Name Resolution Policy Table Rule
calendar
Aug 12, 2024
·
attack.impact
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ADRecon Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell as a Service in Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded IEX Cmdlet
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Invoke Keyword
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Powershell Base64 Encoded MpPreference Cmdlet
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Reflective Assembly Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Called from an Executable Version Mismatch
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Console History Logs Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded By Non PowerShell Process
calendar
Aug 12, 2024
·
attack.t1059.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Create Local User
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Create Scheduled Task
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Credential Prompt
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Decompress Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Powershell Defender Disable Scan Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Defender Exclusion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Deleted Mounted Share
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Powershell Detect Virtualization Environment
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Directory Enumeration
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Powershell DNSExfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Downgrade Attack - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download and Execution Cradles
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Download Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell DownloadFile
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1104
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Powershell Execute Batch Script
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Executed From Headless ConHost Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get Clipboard
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get-Clipboard Cmdlet Via CLI
calendar
Aug 12, 2024
·
attack.collection
attack.t1115
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get-Process LSASS
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get-Process LSASS in ScriptBlock
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Hotfix Enumeration
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ICMP Exfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Inline Execution From A File
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Install a DLL in System Directory
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556.002
·
Share on:
twitter
facebook
linkedin
copy
Powershell Keylogging
calendar
Aug 12, 2024
·
attack.collection
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Local Email Collection
calendar
Aug 12, 2024
·
attack.collection
attack.t1114.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell LocalAccount Manipulation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Logging Disabled Via Registry Key Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Powershell MsXml COM Object
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
PowerShell PSAttack
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Remote Session Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell SAM Copy
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Change Permission Via Set-Acl
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Change Permission Via Set-Acl - PsScript
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Dropped Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Run in AppData
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script With File Hostname Resolving Capabilities
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script With File Upload Capabilities
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Scripts Installed as Services
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Scripts Installed as Services - Security
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Powershell Sensitive File Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Set-Acl On Windows Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Set-Acl On Windows Folder - PsScript
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ShellCode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Store File In Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Powershell Suspicious Win32_PnPEntity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1120
·
Share on:
twitter
facebook
linkedin
copy
Powershell Timestomp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Powershell WMI Persistence
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell WMI Win32_Product Install MSI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Write-EventLog Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Powershell XML Execute Command
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powerview Add-DomainObjectAcl DCSync AD Extend Right
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
PowerView PowerShell Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Prefetch File Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Primary Refresh Token Access Attempt
calendar
Aug 12, 2024
·
attack.t1528
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Print History File Contents
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1592.004
·
Share on:
twitter
facebook
linkedin
copy
PrintBrm ZIP Creation of Extraction
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
PrinterNightmare Mimikatz Driver Name
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Private Keys Reconnaissance Via CommandLine Tools
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Named Pipe Impersonation
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
Privileged Account Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Privileged Container Deployed
calendar
Aug 12, 2024
·
attack.t1611
·
Share on:
twitter
facebook
linkedin
copy
Privileged User Has Been Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Procdump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Process Access via TrolleyExpress Exclusion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Process Creation Using Sysnative Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Process Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Process Execution Error In JVM Based Application
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Process Execution From A Potentially Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Process Explorer Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Process Initiated Network Connection To Ngrok Domain
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Process Launched Without Image Name
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Comsvcs.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1036
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Dotnet-Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Process Monitor Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Process Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Processes Accessing the Microphone and Webcam
calendar
Aug 12, 2024
·
attack.collection
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
ProcessHacker Privilege Elevation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Program Executions in Suspicious Folders
calendar
Aug 12, 2024
·
attack.t1587
attack.t1584
attack.resource-development
·
Share on:
twitter
facebook
linkedin
copy
Protected Storage Service Access
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Wuauclt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
ProxyLogon MSExchange OabVirtualDirectory
calendar
Aug 12, 2024
·
attack.t1587.001
attack.resource-development
·
Share on:
twitter
facebook
linkedin
copy
ProxyLogon Reset Virtual Directories Based On IIS Log
calendar
Aug 12, 2024
·
cve.2021-26858
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Ps.exe Renamed SysInternals Tool
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.g0035
attack.t1036.003
car.2013-05-009
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PSAsyncShell - Asynchronous TCP Reverse Shell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PSExec and WMI Process Creations Block
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1047
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Psexec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Remote Execution File Artefact
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.execution
attack.persistence
attack.t1136.002
attack.t1543.003
attack.t1570
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service Child Process Execution as LOCAL SYSTEM
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Tool Execution From Suspicious Locations - PipeName
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec/PAExec Escalation to LOCAL SYSTEM
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
PST Export Alert Using eDiscovery Alert
calendar
Aug 12, 2024
·
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
PST Export Alert Using New-ComplianceSearchAction
calendar
Aug 12, 2024
·
attack.collection
attack.t1114
·
Share on:
twitter
facebook
linkedin
copy
PUA - 3Proxy Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdFind Suspicious Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
PUA - Adidnsdump Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
PUA - Advanced IP Scanner Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
PUA - Advanced IP/Port Scanner Update Check
calendar
Aug 12, 2024
·
attack.discovery
attack.t1590
·
Share on:
twitter
facebook
linkedin
copy
PUA - Advanced Port Scanner Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Suspicious Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Chisel Tunneling Tool Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - CleanWipe Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - Crassus Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1590.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - CSExec Default Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - CsExec Execution
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - DefenderCheck Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
PUA - DIT Snapshot Viewer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - Fast Reverse Proxy (FRP) Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Mouse Lock Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.collection
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Netcat Suspicious Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1095
·
Share on:
twitter
facebook
linkedin
copy
PUA - Ngrok Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nimgrab Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PUA - NirCmd Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - NirCmd Execution As LOCAL SYSTEM
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nmap/Zenmap Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
PUA - NPS Tunneling Tool Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - NSudo Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - PAExec Default Named Pipe
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - PingCastle Execution
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1595
·
Share on:
twitter
facebook
linkedin
copy
PUA - PingCastle Execution From Potentially Suspicious Parent
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1595
·
Share on:
twitter
facebook
linkedin
copy
PUA - Potential PE Metadata Tamper Using Rcedit
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Driver Load
calendar
Aug 12, 2024
·
attack.privilege-escalation
cve.2021-21551
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - Radmin Viewer Utility Execution
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
PUA - Rclone Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - RemCom Default Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - RunXCmd Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PUA - Seatbelt Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1526
attack.t1087
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
PUA - SoftPerfect Netscan Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
PUA - Suspicious ActiveDirectory Enumeration Via AdFind.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Sysinternal Tool Execution - Registry
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - Sysinternals Tools Execution - Registry
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Driver Load
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - WebBrowserPassView Execution
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - Wsudo Suspicious Execution
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PUA- IOX Tunneling Tool Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Publicly Accessible RDP Service
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Publisher Attachment File Dropped In Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Pubprn.vbs Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216.001
·
Share on:
twitter
facebook
linkedin
copy
Pulse Connect Secure RCE Attack CVE-2021-22893
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-22893
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pulse Secure Attack CVE-2019-11510
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2019-11510
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PwnDrp Access
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.t1102.001
attack.t1102.003
·
Share on:
twitter
facebook
linkedin
copy
Python Image Load By Non-Python Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.002
·
Share on:
twitter
facebook
linkedin
copy
Python Initiated Connection
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Python Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python Spawning Pretty TTY on Windows
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Python SQL Exceptions
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Regsvr32 Calc Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Exports Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Fake DLL Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Uninstaller Execution
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Query Tor Onion Address - DNS Client
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.003
·
Share on:
twitter
facebook
linkedin
copy
Query Usage To Exfil Data
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Raccine Uninstall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Rar Usage with Password and Compression Level
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Rare Remote Thread Creation By Uncommon Source Image
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rare Subscription-level Operations In Azure
calendar
Aug 12, 2024
·
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Raw Paste Service Access
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.t1102.001
attack.t1102.003
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
RBAC Permission Enumeration Attempt
calendar
Aug 12, 2024
·
attack.t1069.003
attack.t1087.004
·
Share on:
twitter
facebook
linkedin
copy
Rclone Activity via Proxy
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Rclone Config File Creation
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
RDP Connection Allowed Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
RDP Login from Localhost
calendar
Aug 12, 2024
·
attack.lateral-movement
car.2013-07-002
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
RDP Over Reverse SSH Tunnel
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.lateral-movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
RDP over Reverse SSH Tunnel WFP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.lateral-movement
attack.t1090.001
attack.t1090.002
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
RDP Port Forwarding Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed to Zero
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RDP to HTTP or HTTPS Target Ports
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.lateral-movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
RDS Database Security Group Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Read Contents From Stdin Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Rebuild Performance Counter Values Via Lodctr.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Recon Activity via SASec
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Recon Command Output Piped To Findstr.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Recon Information for Export with Command Prompt
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
·
Share on:
twitter
facebook
linkedin
copy
Recon Information for Export with PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1119
·
Share on:
twitter
facebook
linkedin
copy
Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.002
attack.t1069.002
attack.s0039
·
Share on:
twitter
facebook
linkedin
copy
RedMimicry Winnti Playbook Registry Manipulation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Reg Add Suspicious Paths
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RegAsm.EXE Initiating Network Connection To Public IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Regedit as Trusted Installer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Register New IFiltre For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Register new Logon Process by Rubeus
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
REGISTER_APP.VBS Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Registry Disable System Restore
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Registry Entries For Azorult Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Explorer Policy Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Hide Function from User
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification to Hidden File Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification Via Regini.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence Mechanisms in Recycle Bin
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Explorer Run Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Service in Safe Mode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Registry-Free Process Scope COR_PROFILER
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 DLL Execution With Suspicious File Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 DLL Execution With Uncommon Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 Execution From Highly Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 Execution From Potential Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Rejetto HTTP File Server RCE
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.t1505.003
cve.2014-6287
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Relevant ClamAV Message
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.001
·
Share on:
twitter
facebook
linkedin
copy
RemCom Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
RemCom Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Anydesk Execution From Suspicious Folder
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Execution With Known Revoked Signing Certificate
calendar
Aug 12, 2024
·
attack.execution
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Piped Password Via CLI
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Silent Installation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - GoToAssist Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - LogMeIn Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution From Unusual Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - RURAT Execution From Unusual Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Installation Execution
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Potential Suspicious Remote Command Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Remote Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Server Web Shell Execution
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Simple Help Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Team Viewer Session Started On Linux Host
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Team Viewer Session Started On MacOS Host
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Team Viewer Session Started On Windows Host
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - UltraViewer Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - System
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote CHM File Download/Execution Via HH.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Code Execute via Winrm.vbs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Remote DCOM/WMI Lateral Movement
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.003
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Remote DLL Load Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Encrypting File System Abuse
calendar
Aug 12, 2024
·
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Remote Event Log Recon
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote File Copy
calendar
Aug 12, 2024
·
attack.command-and-control
attack.lateral-movement
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Desktopimgdownldr Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote LSASS Process Access Through Windows Remote Management
calendar
Aug 12, 2024
·
attack.credential-access
attack.execution
attack.t1003.001
attack.t1059.001
attack.lateral-movement
attack.t1021.006
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Classic)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session (PS Module)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Session Host Process (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Remote PowerShell Sessions Network Connections (WinRM)
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Printing Abuse for Lateral Movement
calendar
Aug 12, 2024
·
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Remote Registry Lateral Movement
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Remote Registry Recon
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Lateral Movement via ATSvc
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Lateral Movement via ITaskSchedulerService
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Lateral Movement via SASec
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Recon via AtScv
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote Schedule Task Recon via ITaskSchedulerService
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
Remote Server Service Abuse
calendar
Aug 12, 2024
·
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Remote Server Service Abuse for Lateral Movement
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Activity via SVCCTL Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Task Creation via ATSVC Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
car.2013-05-004
car.2015-04-001
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Task Creation via ATSVC Named Pipe - Zeek
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
car.2013-05-004
car.2015-04-001
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Created In KeePass.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.005
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Created In Shell Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation By Uncommon Source Image
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Mstsc.Exe From Suspicious Location
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Uncommon Target Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Ttdinject.exe Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Remote Utilities Host Service Install
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
RemoteFXvGPUDisablement Abuse Via AtomicTestHarnesses
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remotely Hosted HTA File Executed Via Mshta.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Removal Of AMSI Provider Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Removal Of Index Value to Hide Schedule Task - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Removal of Potential COM Hijacking Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Removal Of SD Value to Hide Schedule Task - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Remove Account From Domain Admin Group
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Remove Exported Mailbox from Exchange Webserver
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Remove Immutable File Attribute
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Remove Immutable File Attribute - Auditd
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Remove Scheduled Cron Task/Job
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AdFind Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
attack.t1087.002
attack.t1482
attack.t1069.002
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoHotkey.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed BOINC Client Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Renamed BrowserCore.EXE Execution
calendar
Aug 12, 2024
·
attack.t1528
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed CreateDump Utility Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed Gpg.EXE Execution
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Renamed Jusched.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed Mavinject.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Renamed MegaSync Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Renamed Microsoft Teams Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed Msdt.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed NetSupport RAT Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed NirCmd.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed Office Binary Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed Plink Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Renamed ProcDump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed PsExec Service Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Renamed Remote Utilities RAT (RURAT) Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.collection
attack.command-and-control
attack.discovery
attack.s0592
·
Share on:
twitter
facebook
linkedin
copy
Renamed SysInternals DebugView Execution
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
Renamed Sysinternals Sdelete Execution
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Renamed Visual Studio Code Tunnel Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed Vmnat.exe Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Renamed Whoami Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Replace Desktop Wallpaper by Powershell
calendar
Aug 12, 2024
·
attack.impact
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Replace.exe Usage
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Replay Attack Detected
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
Request A Single Ticket via PowerShell
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Response File Execution Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Restore Public AWS RDS Instance
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
Restricted Software Access By SRP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
REvil Kaseya Incident Malware Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.g0115
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Rhadamanthys Stealer Module Launch Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Roles Activated Too Frequently
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activation Doesn't Require MFA
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Are Not Being Used
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Assigned Outside PIM
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Root Account Enable Via Dsenableroot
calendar
Aug 12, 2024
·
attack.t1078
attack.t1078.001
attack.t1078.003
attack.initial-access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Root Certificate Installed - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Root Certificate Installed From Susp Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
RottenPotato Like Attack Pattern
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
RTCore Suspicious Service Installation
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Ruby Inline Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Ruby on Rails Framework Exceptions
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Run Once Task Configuration in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Run Once Task Execution as Configured in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from ADS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from Redirected Input Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution With Uncommon DLL Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without CommandLine Parameters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without Parameters
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 InstallScreenSaver Execution
calendar
Aug 12, 2024
·
attack.t1218.011
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Registered COM Objects
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Spawned Via Explorer.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
RunDLL32 Spawning Explorer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 UNC Path Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1021.002
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Running Chrome VPN Extensions via the Registry 2 VPN Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
SafeBoot Registry Key Deleted Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
SAM Registry Hive Handle Request
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.credential-access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
SAML Token Issuer Anomaly
calendar
Aug 12, 2024
·
attack.t1606
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - Linux
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - MacOs
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation Via Schtasks.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executed From A Suspicious Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executed Uncommon LOLBIN
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Encoded Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task/Job At
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Scheduled TaskCache Change by Uncommon Program
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Schtasks From Suspicious Folders
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Handle Failure
calendar
Aug 12, 2024
·
attack.discovery
attack.t1010
·
Share on:
twitter
facebook
linkedin
copy
SCM Database Privileged Operation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
SCR File Write Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture - macOS
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture Activity Via Psr.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture with Import Tool
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture with Xwd
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect - SlashAndGrab Exploitation Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect Temporary Installation Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect User Database Modification
calendar
Aug 12, 2024
·
attack.persistence
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect User Database Modification - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
ScreenSaver Registry Key Set
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Script Event Consumer Spawning Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Script Interpreter Execution From Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Scripted Diagnostics Turn Off Check Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Scripting/CommandLine Process Spawned Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Sdclt Child Processes
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Secure Deletion with SDelete
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1070.004
attack.t1027.005
attack.t1485
attack.t1553.002
attack.s0195
·
Share on:
twitter
facebook
linkedin
copy
Security Eventlog Cleared
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Security Privileges Enumeration Via Whoami.EXE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Security Service Disabled Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Security Support Provider (SSP) Added to LSA Configuration
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.005
·
Share on:
twitter
facebook
linkedin
copy
Self Extracting Package Creation Via Iexpress.EXE From Potentially Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Self Extraction Directive File Created In Potentially Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Sensitive File Access Via Volume Shadow Copy Backup
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Sensitive File Dump Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Sensitive File Recovery From Backup Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Serv-U Exploitation CVE-2021-35211 by DEV-0322
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
cve.2021-35211
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Server Side Template Injection Strings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1221
·
Share on:
twitter
facebook
linkedin
copy
Service Binary in Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Service DACL Abuse To Hide Services Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Installation in Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Service Installation with Suspicious Folder Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - Security
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Installed By Unusual Client - System
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Service Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Deleted Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Permissions Weakness Check
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.011
stp.2a
·
Share on:
twitter
facebook
linkedin
copy
Service Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Started/Stopped Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Service StartupType Change Via PowerShell Set-Service
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service StartupType Change Via Sc.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
ServiceDll Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
SES Identity Has Been Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Session Manager Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
Set Suspicious Files as System Files Using Attrib.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Setuid and Setgid
calendar
Aug 12, 2024
·
attack.persistence
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Shadow Copies Creation Using Operating Systems Utilities
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Share And Session Enumeration Using Net.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
SharpHound Recon Account Discovery
calendar
Aug 12, 2024
·
attack.t1087
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
SharpHound Recon Sessions
calendar
Aug 12, 2024
·
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Shell Execution Of Process Located In Tmp Directory
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Shell Open Registry Keys Manipulation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Process Spawned by Java.EXE
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Shell32 DLL Execution in Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Shellshock Expression
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
ShimCache Flush
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sign-in Failure Due to Conditional Access Requirements Not Met
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1110
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Sign-In From Malware Infected IP
calendar
Aug 12, 2024
·
attack.t1090
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Sign-ins by Unknown Devices
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Sign-ins from Non-Compliant Devices
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Silence.EDA Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1071.004
attack.t1572
attack.impact
attack.t1529
attack.g0091
attack.s0363
·
Share on:
twitter
facebook
linkedin
copy
Silenttrinity Stager Msbuild Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1127.001
·
Share on:
twitter
facebook
linkedin
copy
Sitecore Pre-Auth RCE CVE-2021-42237
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-42237
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sliver C2 Default Service Installation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware CommandLine Indicator
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware File Indicator Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Potential C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SMB Create Remote File Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
SMB Spoolss Name Piped Usage
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
smbexec.py Service Installation
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.execution
attack.t1021.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Covert Store Registry Key
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Installer Name Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Kernel Driver File Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Service Persistence
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware WerFault Persistence File Creation
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Solarwinds SUPERNOVA Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SonicWall SSL/VPN Jarrewrite Exploitation
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Source Code Enumeration Detection by Keyword
calendar
Aug 12, 2024
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
SOURGUM Actor Behaviours
calendar
Aug 12, 2024
·
attack.t1546
attack.t1546.015
attack.persistence
attack.privilege-escalation
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Space After Filename
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Space After Filename - macOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.006
·
Share on:
twitter
facebook
linkedin
copy
Split A File Into Pieces
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1030
·
Share on:
twitter
facebook
linkedin
copy
Split A File Into Pieces - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1030
·
Share on:
twitter
facebook
linkedin
copy
Spring Framework Exceptions
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
SQL Client Tools PowerShell Session Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
SQL Injection Strings In URI
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
SQLite Chromium Profile Data DB Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1539
attack.t1555.003
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
SQLite Firefox Profile Data DB Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1539
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
SSHD Error Message CVE-2018-15473
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1589
·
Share on:
twitter
facebook
linkedin
copy
Stale Accounts In A Privileged Role
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Standard User In High Privileged Group
calendar
Aug 12, 2024
·
attack.credential-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Start of NT Virtual DOS Machine
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Start Windows Service Via Net.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Startup Folder File Write
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Startup Item File Created - MacOS
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1037.005
·
Share on:
twitter
facebook
linkedin
copy
Steganography Extract Files with Steghide
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Steganography Hide Files with Steghide
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Steganography Hide Zip Information in Picture File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Steganography Unzip Hidden Information From Picture File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Usage - Registry
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
StoneDrill Service Install
calendar
Aug 12, 2024
·
attack.persistence
attack.g0064
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Stop Windows Service Via Net.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Stop Windows Service Via PowerShell Stop-Service
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Stop Windows Service Via Sc.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Successful Account Login Via WMI
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Successful Authentications From Countries You Do Not Operate Out Of
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Successful Exchange ProxyShell Attack
calendar
Aug 12, 2024
·
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Successful IIS Shortname Fuzzing Scan
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Successful Overpass the Hash Attempt
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.s0002
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.t1548.003
cve.2019-14287
·
Share on:
twitter
facebook
linkedin
copy
Sudo Privilege Escalation CVE-2019-14287 - Builtin
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.t1548.003
cve.2019-14287
·
Share on:
twitter
facebook
linkedin
copy
Suspect Svchost Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Access to Sensitive File Extensions
calendar
Aug 12, 2024
·
attack.collection
attack.t1039
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Access to Sensitive File Extensions - Zeek
calendar
Aug 12, 2024
·
attack.collection
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Active Directory Database Snapshot Via ADExplorer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Activity in Shell Commands
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Advpack Call Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Appended Extension
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Application Allowed Through Exploit Guard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Application Installed
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AppX Package Installation Attempt
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AppX Package Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ASPX File Drop by Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Base64 Encoded User-Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary In User Directory Spawned From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.g0046
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary Writes Via AnyDesk
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Child Process - MacOS
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1189
attack.t1203
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious C2 Activities
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cabinet File Execution Via Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calculator Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Camera and Microphone Access
calendar
Aug 12, 2024
·
attack.collection
attack.t1125
attack.t1123
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Certreq Command to Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Created as System
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process of AspNetCompiler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Manage Engine ServiceDesk
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of SQL Server
calendar
Aug 12, 2024
·
attack.t1505.003
attack.t1190
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Veeam Dabatase
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cobalt Strike DNS Beaconing - DNS Client
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cobalt Strike DNS Beaconing - Sysmon
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious CodePage Switch Via CHCP
calendar
Aug 12, 2024
·
attack.t1036
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Patterns In Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands Linux
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 12, 2024
·
cve.2021-42287
detection.emerging-threats
attack.defense-evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Machine Password by PowerShell
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Connection to Remote Account
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Control Panel DLL Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Copy From or To System Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Creation TXT File in User Desktop
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Creation with Colorcpl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Csi.exe Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1072
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl Change User Agents - Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl File Upload - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl.EXE Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious CustomShellHost Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Debugger Registration Cmdline
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious desktop.ini Action
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Command
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Target File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Diantz Alternate Data Stream Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Diantz Download and Compress Into a CAB File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Digital Signature Of AppX Package
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Query for IP Lookup Service APIs
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1590
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Query with B64 Encoded String
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Z Flag Bit Set
calendar
Aug 12, 2024
·
attack.t1095
attack.t1571
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DotNET CLR Usage Log Artifact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Double Extension File Execution
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Double Extension Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From Direct IP Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download from Office Domain
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.t1608
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Driver Install by pnputil.exe
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Driver/DLL Installation Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dropbox API Usage
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Electron Application Child Processes
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded And Obfuscated Reflection Assembly Load Function Call
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded PowerShell Command Line
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded Scripts in a WMI Consumer
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Environment Variable Has Been Registered
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Eventlog Clear
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Eventlog Clearing or Configuration Change Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
attack.t1562.002
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Executable File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution From Outlook Temporary Folder
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution Location Of Wermgr.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Hostname
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of InstallUtil Without Log
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Powershell with Base64
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution Of Renamed Sysinternals Tools - Registry
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Shutdown
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Shutdown to Log Out
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Systeminfo
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.002
attack.initial-access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious External WebDAV Execution
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Extrac32 Alternate Data Stream Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Extrac32 Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Characteristics Due to Missing Fields
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created In PerfLogs
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created Via OneNote Application
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation In Uncommon AppData Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Curl.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Wget.EXE
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From IP Via Wget.EXE - Paths
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From Direct IP Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Drop by Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1190
attack.initial-access
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Execution From Internet Hosted WebDav Share
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Files in Default GPO Folder
calendar
Aug 12, 2024
·
attack.t1036.005
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious FromBase64String Usage On Gzip Archive - Process Creation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious FromBase64String Usage On Gzip Archive - Ps Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Information for SMB Share
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Information for SMB Share - PowerShell Module
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Local Groups Information
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get Local Groups Information - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-ADDBAccount Usage
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-ADReplAccount
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-Variable.exe Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GetTypeFromCLSID ShellExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Git Clone
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1593.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Git Clone - Linux
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.t1593.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GPO Discovery With Get-GPO
calendar
Aug 12, 2024
·
attack.discovery
attack.t1615
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Group And Account Reconnaissance Activity Using Net.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GrpConv Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GUP Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious History File Operations
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious History File Operations - Linux
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HWP Sub Processes
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1203
attack.t1059.003
attack.g0032
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hyper-V Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS Module Registration
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS URL GlobalRules Rewrite Via AppCmd
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Forwarding
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Forwarding Identity Protection
calendar
Aug 12, 2024
·
attack.t1140
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Manipulation Rules
calendar
Aug 12, 2024
·
attack.t1140
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Aug 12, 2024
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Interactive PowerShell as SYSTEM
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-Item From Mount-DiskImage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution With DirectIP
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IO.FileStream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Java Children Processes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious JavaScript Execution Via Mshta.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kerberos RC4 Ticket Encryption
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kernel Dump Using Dtrace
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Key Manager Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Keyboard Layout Load
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LDAP-Attributes Used
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Log Entries
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LSASS Access Via MalSecLogon
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MacOS Firmware Activity
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Manipulation Of Default Accounts Via Net.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft OneNote Child Process
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.001
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Modification Of Scheduled Tasks
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mount-DiskImage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Msbuild Execution By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSDT Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSExchangeMailboxReplication ASPX Write
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSHTA Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.005
car.2013-02-003
car.2013-03-001
car.2014-04-003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mshta.EXE Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MsiExec Embedding Parent
calendar
Aug 12, 2024
·
attack.t1218.007
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Msiexec Execute Arbitrary DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Msiexec Quiet Install From Remote Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mstsc.EXE Execution With Local RDP File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Named Error
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Command
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Communication With IPFS
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1056
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection Binary No CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection to IP Lookup Service APIs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Service Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New-PSDrive to Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Nohup Execution
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Google API
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Telegram API
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious NTLM Authentication on the Printer Spooler Service
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.credential-access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Suspicious OAuth App File Download Activities
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Obfuscated PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious OpenSSH Daemon Error
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outbound SMTP Connections
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Package Installed - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Parent Double Extension File Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PFX File Creation
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Ping/Del Command Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Plink Port Forwarding
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.lateral-movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powercfg Execution To Change Lock Screen Timeout
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - PoshModule
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download - Powershell Script
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Download and Execute Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Encoded Command Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Get Current User
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell IEX Execution Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell In Registry Run Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocation From Script Engines
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Generic - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - PowerShell Module
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - ProcessCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Mailbox Export to Share
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Mailbox Export to Share - PS
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Mailbox SMTP Forward Rule
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parameter Substring
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Parent Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell WindowStyle Option
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Printer Driver Empty Manufacturer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrinterPorts Creation (CVE-2020-1048)
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1059.001
cve.2020-1048
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process By Web Server Process
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Discovery With Get-Process
calendar
Aug 12, 2024
·
attack.discovery
attack.t1057
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Masquerading As SvcHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Parents
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Start Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by WinRM
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PROCEXP152.sys File Created In TMP
calendar
Aug 12, 2024
·
attack.t1562.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Location Whitelisted In Firewall Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Names
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Provlaunch.EXE Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PsExec Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PsExec Execution - Zeek
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Query of MachineGUID
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RASdial Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RazerInstaller Explorer Subprocess
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1553
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RDP Redirect Using TSCON
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1563.002
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reconnaissance Activity Using Get-LocalGroupMember Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reconnaissance Activity Via GatherNetworkInfo.VBS
calendar
Aug 12, 2024
·
attack.discovery
attack.execution
attack.t1615
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Recursive Takeown
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Redirection to Local Admin Share
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reg Add BitLocker
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reg Add Open Command
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Modification From ADS Via Regini.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Regsvr32 Execution From Remote Share
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Child Process From Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Logon with Explicit Credentials
calendar
Aug 12, 2024
·
attack.t1078
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Renamed Comsvcs DLL Loaded By Rundll32
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Response File Execution Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reverse Shell Command Line
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Run Key from Download
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RunAs-Like Flag Combination
calendar
Aug 12, 2024
·
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Activity Invoking Sys File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution With Image Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Invoking Inline VBScript
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Setupapi.dll Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scan Loop Network
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation Involving Temp Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation via Masqueraded XML File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1036.005
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Name As GUID
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Write to System32 Tasks
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Execution AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Schedule Type With High Privileges
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Schedule Types
calendar
Aug 12, 2024
·
attack.execution
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ScreenSave Change by Reg.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Screensaver Binary File Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Script Execution From Temp Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scripting in a WMI Consumer
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Serv-U Process Pattern
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555
cve.2021-35211
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Binary Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation Script
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installed
calendar
Aug 12, 2024
·
attack.t1562.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Path Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Set Value of MSDT in Registry (CVE-2022-30190)
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1221
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shells Spawn by Java Utility Keytool
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SignIns From A Non Registered Device
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Splwow64 Without Params
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SQL Error Messages
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SQL Query
calendar
Aug 12, 2024
·
attack.exfiltration
attack.initial-access
attack.privilege-escalation
attack.t1190
attack.t1505.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SSL Connection
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Start-Process PassThru
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Startup Folder Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Svchost Process Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SysAidServer Child
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSVOL Domain Group Policy Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious TCP Tunnel Via PowerShell Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Teams Application Related ObjectAcess Event
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Suspicious TSCON Start as SYSTEM
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious UltraVNC Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.g0047
attack.t1021.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unblock-File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unsigned Dbghelp/Dbgcore DLL Loaded
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unsigned Thor Scanner Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of Active Directory Diagnostic Tool (ntdsutil.exe)
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage of CVE_2021_34484 or CVE 2022_21919
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of ShellExec_RunDLL
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of /dev/tcp
calendar
Aug 12, 2024
·
attack.reconnaissance
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of CSharp Interactive Console
calendar
Aug 12, 2024
·
attack.execution
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of PsLogList
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087
attack.t1087.001
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Agents Related To Recon Tools
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Userinit Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBoxDrvInst.exe Parameters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBScript UN2452 Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy VSS_PS.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vssapi.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vsstrace.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VSFTPD Error Messages
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Vsls-Agent Command With AgentExtensionPath Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WebDav Client Execution Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
cve.2023-23397
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Where Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1217
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows ANONYMOUS LOGON Local Account Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1136.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Defender Registry Key Tampering Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Strings In URI
calendar
Aug 12, 2024
·
attack.persistence
attack.exfiltration
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Trace ETW Session Tamper Via Logman.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1070.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Update Agent Empty Cmdline
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WindowsTerminal Child Processes
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMIC Execution Via Office Process
calendar
Aug 12, 2024
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Word Cab File Write CVE-2021-40444
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Workstation Locking via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WSMAN Provider Image Loads
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral-movement
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious X509Enrollment - Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious X509Enrollment - Ps Script
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command Line - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Symlink Etc Passwd
calendar
Aug 12, 2024
·
attack.t1204.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Execute Arbitrary PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Execution to Bypass Powershell Restriction
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer VBS Execute Arbitrary PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsService Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsSuspend Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsSuspend Suspicious Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals Tools AppX Versions Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
SysKey Registry Keys Access
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Application Crashed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Blocked Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Blocked File Shredding
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Channel Reference Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Change
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Error
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Update
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Driver Altitude Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Driver Unloaded Via Fltmc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Sysmon File Executable Creation Detected
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysprep on AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
System and Hardware Information Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Control Panel Item Loaded From Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
System Disk And Volume Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.discovery
attack.t1047
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System File Execution Location Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery - Auditd
calendar
Aug 12, 2024
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Via Sysctl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1497.001
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery - MacOs
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery Via Net.EXE
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - Linux
calendar
Aug 12, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
System Owner or User Discovery
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
System Scripts Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
System Shutdown/Reboot - Linux
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
System Shutdown/Reboot - MacOs
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Systemd Service Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.002
·
Share on:
twitter
facebook
linkedin
copy
Systemd Service Reload or Start
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.002
·
Share on:
twitter
facebook
linkedin
copy
T1047 Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
TacticalRMM Service Installation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
TAIDOOR RAT DLL Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1055.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender Remove-MpPreference
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender Remove-MpPreference - ScriptBlockLogging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper With Sophos AV Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation - Security
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Tap Installer Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Taskkill Symantec Endpoint Protection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Taskmgr as LOCAL_SYSTEM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Tasks Folder Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.execution
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Domain Query By Non-TeamViewer Application
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Log File Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Remote Session
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Telegram API Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.t1102.002
·
Share on:
twitter
facebook
linkedin
copy
Telegram Bot API Request
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102.002
·
Share on:
twitter
facebook
linkedin
copy
Temporary Access Pass Added To An Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Terminal Server Client Connection History Cleared - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Terminal Service Process Spawn
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.lateral-movement
attack.t1210
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Terminate Linux Process Via Kill
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
TerraMaster TOS CVE-2020-28188
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2020-28188
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Testing Usage of Uncommonly Used Port
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
The Windows Defender Firewall Service Failed To Load Group Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Third Party Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Time Machine Backup Deletion Attempt Via Tmutil - MacOS
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Time Machine Backup Disabled Via Tmutil - MacOS
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage - Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Tomcat WebServer Logs Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Too Many Global Admins
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Tor Client/Browser Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.003
·
Share on:
twitter
facebook
linkedin
copy
Touch Suspicious Service File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares - Zeek
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Trickbot Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1559
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Default LockFile
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Default Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Execve Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Install Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1014
·
Share on:
twitter
facebook
linkedin
copy
TropicTrooper Campaign November 2018
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Troubleshooting Pack Cmdlet Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Trust Access Disable For VBApplications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
TrustedPath UAC Bypass Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Commands May 2020
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059.001
attack.t1053.005
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059
attack.lateral-movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Named Pipes
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1106
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla PNG Dropper Service
calendar
Aug 12, 2024
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Service Install
calendar
Aug 12, 2024
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using .NET Code Profiler on MMC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Disk Cleanup
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using DismHost
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Event Viewer RecentViews
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using EventVwr
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Iscsicpl - ImageLoad
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using PkgMgr and DISM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using WOW64 Logger DLL Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Event Viewer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via ICMLuaUtil
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Sdclt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Windows Firewall Snap-In Hijack
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Via Wsreset
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass With Fake DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass WSReset
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Notification Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Secure Desktop Prompt Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - FileCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - ProcessCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
Ufw Force Stop Using Ufw-Init
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Unauthorized System Time Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 PowerShell Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Barracuda ESG Exploitation Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Compressed Files From Temp.sh Using Wget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Tar File From Untrusted Direct IP Via Wget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Email Exfiltration File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Potential SEASPY Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - SSL Certificate Exfiltration Via Openssl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Assistive Technology Applications Execution Via AtBroker.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AddinUtil.EXE CommandLine Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of AddinUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Appvlp.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Defaultpack.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Setres.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Spawned By Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Processes Of SndVol.exe
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension Shim Database Installation Via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon File Creation By Mysql Daemon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon FileSystem Load Attempt By Format.com
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Link.EXE Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Microsoft Office Trusted Location Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Network Connection Initiated By Certutil.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Outbound Kerberos Connection
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558
attack.lateral-movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Outbound Kerberos Connection - Security
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Process Access Rights For Target Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Service Installation Image Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Svchost Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Userinit Child Process
calendar
Aug 12, 2024
·
attack.t1037.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Uninstall Crowdstrike Falcon Sensor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uninstall Sysinternals Sysmon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Unix Shell Configuration Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.004
·
Share on:
twitter
facebook
linkedin
copy
Unmount Share Via Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage - PsScript
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Binary Loaded From Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Unsigned DLL Loaded by Windows Utility
calendar
Aug 12, 2024
·
attack.t1218.011
attack.t1218.010
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Image Loaded Into LSASS Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Mfdetours.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Module Loaded by ClickOnce Application
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Unusual Child Process of dns.exe
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Deletion by Dns.exe
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download from Direct IP Address
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Modification by dns.exe
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Malware C2 URL Pattern
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1204.002
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Malware Download URL Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Usage of Renamed Sysinternals Tools - RegistrySet
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Usage Of Web Request Commands And Cmdlets - ScriptBlock
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
USB Device Plugged
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1200
·
Share on:
twitter
facebook
linkedin
copy
Use Get-NetTCPConnection
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
Use Get-NetTCPConnection - PowerShell Module
calendar
Aug 12, 2024
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
Use Icacls to Hide File to Everyone
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Use NTFS Short Name in Command Line
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use NTFS Short Name in Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use of FSharp Interpreters
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use Of Hidden Paths Or Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Use of Legacy Authentication Protocols
calendar
Aug 12, 2024
·
attack.initial-access
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Use of OpenConsole
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Pcalua For Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Use of Remote.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use of Scriptrunner.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use Of The SFTP.EXE Binary As A LOLBIN
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of TTDInject.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use of UltraVNC Remote Access Software
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Use of VisualUiaVerifyNative.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of VSIISExeLauncher.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use of W32tm as Timer
calendar
Aug 12, 2024
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Use of Wfc.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use Short Name Path in Command Line
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use Short Name Path in Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
User Access Blocked by Azure Conditional Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.initial-access
attack.t1110
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Dscl
calendar
Aug 12, 2024
·
attack.initial-access
attack.privilege-escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via DseditGroup
calendar
Aug 12, 2024
·
attack.initial-access
attack.privilege-escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Sysadminctl
calendar
Aug 12, 2024
·
attack.initial-access
attack.privilege-escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added to an Administrator's Azure AD Role
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
User Added To Group With CA Policy Modification Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
User Added To Highly Privileged Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrator Group
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrators Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added To Privilege Role
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
User Added to Remote Desktop Users Group
calendar
Aug 12, 2024
·
attack.persistence
attack.lateral-movement
attack.t1133
attack.t1136.001
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
User Added To Root/Sudoers Group Using Usermod
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
User Couldn't Call a Privileged Service 'LsaRegisterLogonProcess'
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
User Discovery And Export Via Get-ADUser Cmdlet
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
User Discovery And Export Via Get-ADUser Cmdlet - PowerShell
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
User Has Been Deleted Via Userdel
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
User Logoff Event
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
User Removed From Group With CA Policy Modification Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
User State Changed From Guest To Member
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Users Added to Global or Device Admin Roles
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Users Authenticating To Other Azure AD Tenants
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Using SettingSyncHost.exe as LOLBin
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1574.008
·
Share on:
twitter
facebook
linkedin
copy
UtilityFunctions.ps1 Proxy Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
VBA DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
VBScript Payload Stored in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Veeam Backup Database Suspicious Query
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Veeam Backup Servers Credential Dumping Script Execution
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
VeeamBackup Database Credentials Dump Via Sqlcmd.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Verclsid.exe Runs COM Object
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
VHD Image Download Via Browser
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Basic Command Line Compiler Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Arbitrary Binary Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Renamed Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
VMGuestLib DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
VMware vCenter Server File Upload CVE-2021-22005
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-22005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Volume Shadow Copy Mount
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
VolumeShadowCopy Symlink Creation Via Mklink
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
VSSAudit Security Event Source Registration
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable HackSys Extreme Vulnerable Driver Load
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable Netlogon Secure Channel Connection Allowed
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
Vulnerable WinRing0 Driver Load
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Wab Execution From Non Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wab/Wabmig Unusual Parent Or Child Processes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wannacry Killswitch Domain
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
WannaCry Ransomware Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
attack.discovery
attack.t1083
attack.defense-evasion
attack.t1222.001
attack.impact
attack.t1486
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
WCE wceaux.dll Access
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Wdigest CredGuard Registry Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Wdigest Enable UseLogonCredential
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Weak Encryption Enabled and Kerberoast
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Weak or Abused Passwords In CLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WebDav Client Execution Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
WebDav Put Request
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Webshell Detection With Command Line Keywords
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell Hacking Activity Patterns
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell ReGeorg Detection Via Web Logs
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Webshell Remote Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Webshell Tool Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
WerFault LSASS Process Memory Dump
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Wget Creating Files in Tmp Directory
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
WhoAmI as Parameter
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Whoami Utility Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.t1033
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Win Defender Restored Quarantine File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Win Susp Computer Name Containing Samtheadmin
calendar
Aug 12, 2024
·
cve.2021-42278
cve.2021-42287
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
WinDivert Driver Load
calendar
Aug 12, 2024
·
attack.collection
attack.defense-evasion
attack.t1599.001
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Admin Share Mount Via Net.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Backup Deleted Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Windows Binaries Write Suspicious Extensions
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Credential Editor Registry
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Windows Credential Manager Access via VaultCmd
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender AMSI Trigger Detected
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Configuration Changes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Definition Files Removed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion List Modified
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exploit Guard Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Firewall Has Been Reset To Its Default Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Grace Period Expired
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Malware And PUA Scanning Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Malware Detection History Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-Time Protection Failure/Restart
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Service Disabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Submit Sample Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detected
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detection Service Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Virus Scanning Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Event Auditing Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Filtering Platform Blocked Connection From EDR Agent Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Disabled via PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Profile Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Settings Have Been Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Hotfix Updates Reconnaissance Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Windows Internet Hosted WebDav Share Mount Via Net.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Kernel Debugger Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Windows LAPS Credential Dump From Entra ID
calendar
Aug 12, 2024
·
attack.t1098.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Network Access Suspicious desktop.ini Action
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Windows Pcap Drivers
calendar
Aug 12, 2024
·
attack.discovery
attack.credential-access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Windows PowerShell User Agent
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Processes Suspicious Parent Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled - DisableAIDataAnalysis Value Deleted
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled - Registry
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled Via Reg.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Registry Trust Record Modification
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Screen Capture with CopyFromScreen
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Windows Service Terminated With Error
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Windows Share Mount Via Net.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Windows Terminal Profile Settings Modification By Uncommon Process
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.015
·
Share on:
twitter
facebook
linkedin
copy
Windows Update Error
calendar
Aug 12, 2024
·
attack.impact
attack.resource-development
attack.t1584
·
Share on:
twitter
facebook
linkedin
copy
Windows WebDAV User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Webshell Strings
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
WINEKEY Registry Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Winget Admin Settings Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Winlogon AllowMultipleTSSessions Enable
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Helper DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Notify Key Logon Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
Winnti Malware HK University Campaign
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0044
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Winnti Pipemon Characteristics
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0044
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Winrar Compressing Dump Files
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Winrar Execution in Non-Standard Folder
calendar
Aug 12, 2024
·
attack.collection
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
WinSock2 Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
WinSxS Executable File Creation By Non-System Process
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wlrmdr.EXE Uncommon Argument Or Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WMI ActiveScriptEventConsumers Activity Via Scrcons.EXE DLL Load
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Backdoor Exchange Transport Agent
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Event Consumer Created Named Pipe
calendar
Aug 12, 2024
·
attack.t1047
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WMI Event Subscription
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Command Line Event Consumer
calendar
Aug 12, 2024
·
attack.t1546.003
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Script Event Consumer
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Script Event Consumer File Write
calendar
Aug 12, 2024
·
attack.t1546.003
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMIC Loading Scripting Libraries
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
WMIC Remote Command Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unquoted Services Path Lookup - PowerShell
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec Default Output File
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMImplant Hack Tool
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
WmiPrvSE Spawned A Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Write Protect For Storage Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Writing Local Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Writing Of Malicious Files To The Fonts Folder
calendar
Aug 12, 2024
·
attack.t1211
attack.t1059
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
WScript or CScript Dropper - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Wscript Shell Run In CommandLine
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
XBAP Execution From Uncommon Locations Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
XSL Script Execution Via WMIC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Zerologon Exploitation Using Well-known Tools
calendar
Aug 12, 2024
·
attack.t1210
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Zimbra Collaboration Suite Email Server Unauthenticated RCE
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-27925
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell Module
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
Zip A Folder With PowerShell For Staging In Temp - PowerShell Script
calendar
Aug 12, 2024
·
attack.collection
attack.t1074.001
·
Share on:
twitter
facebook
linkedin
copy
ZxShell Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.defense-evasion
attack.t1218.011
attack.s0412
attack.g0001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Abuse of the Windows Server Update Services (WSUS) for lateral movement.
calendar
Aug 10, 2024
·
attack.execution
attack.lateral_movement
attack.T1210
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary code execution and remote sessions via Action1 RMM
calendar
Aug 10, 2024
·
attack.CommandAndControl
attack.T1219
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
attack.persistence
attack.T1176
attack.T1053.005
·
Share on:
twitter
facebook
linkedin
copy
CMSTP installation of malicious code
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Deleting Windows Defender scheduled tasks
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Detecting Ammy Admin RMM Agent Execution
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Detection of CMD Execution via AnyViewer RMM
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Detection of Suspicious triggering of ErrorHandler.cmd Execution
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Disabled AV On Dev Drive via Registry
calendar
Aug 10, 2024
·
attack.defense.evasion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabling Python warnings for executing untrusted code
calendar
Aug 10, 2024
·
attack.Defense-Evansion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
Dumpbin LOLBin use for proxying execution via link.exe
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Emotet loader execution via .lnk file
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.006
·
Share on:
twitter
facebook
linkedin
copy
Enabling Dev Drive With Disabled AV
calendar
Aug 10, 2024
·
attack.defense.evasion
attack.T1562.001
·
Share on:
twitter
facebook
linkedin
copy
Enabling RDP service via reg.exe command execution
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.lateral_movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling restricted admin mode
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Execute Python Scripts via Python Installer Binary
calendar
Aug 10, 2024
·
attack.Defense.Evasion
attack.T1202
·
Share on:
twitter
facebook
linkedin
copy
Execution of SOAPHound Tool with Specific Arguments
calendar
Aug 10, 2024
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Execution of ZeroLogon PoC executable
calendar
Aug 10, 2024
·
attack.execution
attack.lateral_movement
attack.T1210
·
Share on:
twitter
facebook
linkedin
copy
Exploitation of 7zip vulnerability - CVE-2022-29072
calendar
Aug 10, 2024
·
attack.Exploitation for Privilege Escalation
attack.T1068
·
Share on:
twitter
facebook
linkedin
copy
Exploitation of Vulnerable VMware Horizon to LOG4J
calendar
Aug 10, 2024
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Explorer UAC Bypass Via /NOUACCHECK Parameter
calendar
Aug 10, 2024
·
attack.privilege_escalation
attack.T1548.002
·
Share on:
twitter
facebook
linkedin
copy
Extract Credentials From IIS Application Pool Configuration Files
calendar
Aug 10, 2024
·
attack.CredentialAccess
attack.T1552.001
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
HH.exe LOLBA executing .chm files
calendar
Aug 10, 2024
·
attack.Compiled.HTML.File
attack.T1218.001
·
Share on:
twitter
facebook
linkedin
copy
Hiding local user accounts
calendar
Aug 10, 2024
·
attack.hidden.users
attack.T1564.002
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.T1055
·
Share on:
twitter
facebook
linkedin
copy
Kerberoasting Activity - Initial query
calendar
Aug 10, 2024
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
KrbRelayUp local privilege escalation.
calendar
Aug 10, 2024
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
LAPS Credential Dumping Spoofing and Domain Controller Impersonation
calendar
Aug 10, 2024
·
attack.credential_access
attack.T1003
·
Share on:
twitter
facebook
linkedin
copy
MOVEit exploitation
calendar
Aug 10, 2024
·
attack.execution
attack.T1623
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE - sdiagnhost.exe spawning command
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE CVE-2022-30190
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
MSTeams exe side-loading - Update.exe
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Onenote execution of malicious embedded scripts
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.T1218.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell AMSI Bypass Pattern
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin initial execution from external drive
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin subsequent execution of commands
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
·
Share on:
twitter
facebook
linkedin
copy
SamAccountName Spoofing and Domain Controller Impersonation
calendar
Aug 10, 2024
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Aug 10, 2024
·
attack.execution
attack.T1059
·
Share on:
twitter
facebook
linkedin
copy
Using Emojis to evade detection
calendar
Aug 10, 2024
·
( ͡° ͜ʖ ͡°)
·
Share on:
twitter
facebook
linkedin
copy
Using explorer.exe to open a file explorer folder via command prompt
calendar
Aug 10, 2024
·
attack.Discovery
attack.T1135
·
Share on:
twitter
facebook
linkedin
copy
Using Lazagne to dump credentials
calendar
Aug 10, 2024
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Using powershell specific download cradle OneLiner
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
T1059.001
·
Share on:
twitter
facebook
linkedin
copy
VSDiagnostics used for proxying execution malicious binaries
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Wermgr.exe spawning without command line arguments
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
AppInit DLL Installation
calendar
Mar 26, 2024
·
attack.privilege_escalation
attack.persistence
attack.t1546
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with DllRegisterServer Function
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Atexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Certreq Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
CertUtil Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader NW.js Runtime App Installation Paths
calendar
Mar 26, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Folders
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Forwarding Criteria
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Rule Names
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Enumerating Domain Trust Relationships with Nltest.exe
calendar
Mar 26, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Gamarue Rundll32.exe Long Commandlines
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
attack.t1027.010
·
Share on:
twitter
facebook
linkedin
copy
In-memory Downloading and Compiling of Applets as Payloads
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Kerberos .kirbi Ticket Files
calendar
Mar 26, 2024
·
attack.s0002
attack.credential_access
attack.t1558
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Mac AppleScript Input Prompt
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Module Names
calendar
Mar 26, 2024
·
attack.credential_access
attack.t1003
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Network Connections from the Command Line with no Parameters
calendar
Mar 26, 2024
·
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Non-depmod Process Modifying modules.dep
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Non-Microsoft App Package Installation Process
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1546
attack.t1546.016
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Package Support Framework (PSF) Advanced Installer Processes
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1546
attack.t1546.016
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Startup Folder Persistence
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Suspicious .NET Methods
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1140
attack.t1574
attack.t1574.013
·
Share on:
twitter
facebook
linkedin
copy
Processes Executing with Unusual Command Lines
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Qbot Mounted Drive Script Executions
calendar
Mar 26, 2024
·
attack.s0650
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Injection into LSASS
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Without a Command Line
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
SecretsDump File Modification
calendar
Mar 26, 2024
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Secretsdump.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell with Suspect Strings
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Shells Modifying Files in Known Linux Kernel Modules Directories
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
SMBexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Export Functionalities - Rundll32
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Lineage - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Systemd Loading a Linux Kernel Module Using insmod
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Systemd Loading a Linux Kernel Module Using modprobe
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Unusual Module Loads - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Unusual or Suspicious Process Ancestry - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Web Browser Loading Extension
calendar
Mar 26, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Whoami Recon Writing Output to File
calendar
Mar 26, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Windows Explorer Spawning Command Shell with Start and Exit Commands
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Windows Installer (msiexec.exe) Downloading and Executing Packages
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Creating Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.discovery
attack.t1087
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
WScript Spawned from a Browser Making External Network Connections
calendar
Mar 26, 2024
·
attack.initial_access
attack.t1189
·
Share on:
twitter
facebook
linkedin
copy
ZIP File Spawning JavaScript
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Disable power options
calendar
Mar 11, 2024
·
Share on:
twitter
facebook
linkedin
copy
Stop EventLog
calendar
Mar 11, 2024
·
Share on:
twitter
facebook
linkedin
copy
Uninstall MRT(Malicious Software Removal Tool)
calendar
Mar 11, 2024
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender via Service
calendar
Feb 26, 2024
·
attack.execution
attack.t1569.002
attack.t1562.001
dist.public
·
Share on:
twitter
facebook
linkedin
copy
JavaScript Execution Using MSDOS 8.3 File Notation
calendar
Feb 26, 2024
·
attack.defense_evasion
attack.t1059
dist.public
·
Share on:
twitter
facebook
linkedin
copy
AdFind Discovery
calendar
Feb 23, 2024
·
attack.discovery
attack.t1018
attack.t1482
attack.t1069.002
attack.t1087.002
attack.s0552
·
Share on:
twitter
facebook
linkedin
copy
AteraAgent malicious installations
calendar
Feb 23, 2024
·
attack.execution
attack.t1059.006
·
Share on:
twitter
facebook
linkedin
copy
Custom Cobalt Strike Command Execution
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1562.001
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Deleting Windows Defender scheduled tasks
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Ufile.io Upload Domain
calendar
Feb 23, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Exchange Webshell creation
calendar
Feb 23, 2024
·
attack.t1505.003
attack.persistence
attack.t1190
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Execution of ZeroLogon PoC executable
calendar
Feb 23, 2024
·
attack.execution
attack.lateral_movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
FlawedGrace spawning threat injection target
calendar
Feb 23, 2024
·
attack.defense_evasion
attack.t1055
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Hiding local user accounts
calendar
Feb 23, 2024
·
attack.t1564.002
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Invoke-ShareFinder Discovery Activity
calendar
Feb 23, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
Invoke-ShareFinder Discovery Activity
calendar
Feb 23, 2024
·
attack.discovery
attack.t1135
·
Share on:
twitter
facebook
linkedin
copy
Lazagne dumping credentials
calendar
Feb 23, 2024
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
List remote processes using tasklist
calendar
Feb 23, 2024
·
attack.discovery
attack.t1057
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Nullsoft Scriptable Installer Script (NSIS) execution
calendar
Feb 23, 2024
·
attack.execution
attack.t1106
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Nullsoft Scriptable Installer Script (NSIS) file creation
calendar
Feb 23, 2024
·
attack.execution
attack.t1106
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Operator Bring Your Own Tools
calendar
Feb 23, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Qbot SMB DLL Lateral Movement
calendar
Feb 23, 2024
·
attack.lateral_movement
attack.t1570
·
Share on:
twitter
facebook
linkedin
copy
QBot process creation from scheduled task REGSVR32 (regsvr32.exe), -s flag and SYSTEM in the command line
calendar
Feb 23, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
QBot scheduled task REGSVR32 with C$ image path
calendar
Feb 23, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Rclone SMB Share Exfiltration
calendar
Feb 23, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Registry Query for WDigest
calendar
Feb 23, 2024
·
attack.discovery
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
SSH over port 443 with known Server and Client Strings
calendar
Feb 23, 2024
·
attack.command_and_control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Uninstall Windows Feature - Defender
calendar
Feb 23, 2024
·
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Viewing remote directories
calendar
Feb 23, 2024
·
attack.discovery
attack.t1083
dist.public
·
Share on:
twitter
facebook
linkedin
copy
WinEvent Security Query
calendar
Feb 23, 2024
·
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Enable WDigest using PowerShell
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling RDP service via reg.exe command execution
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.lateral_movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling restricted admin mode
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation to execute LOLbins
calendar
Feb 22, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Dot net compiler compiles file from suspicious location
calendar
Feb 5, 2024
·
Share on:
twitter
facebook
linkedin
copy
NetScan Share Enumeration Write Access Check
calendar
Jan 29, 2024
·
attack.discovery
attack.t1135
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Access payload via nslookup txt record
calendar
Dec 14, 2023
·
Share on:
twitter
facebook
linkedin
copy
Conhost Suspicious Command Execution
calendar
Nov 1, 2023
·
attack.defense_evasion
attack.t1564.003
dist.public
·
Share on:
twitter
facebook
linkedin
copy
Adding, Listing and Removing Credentials via Cmdkey CommandLine Ultility
calendar
Oct 30, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
NIM Pass The Hash Tooling Detection
calendar
Oct 30, 2023
·
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
DarkGate
calendar
Oct 26, 2023
·
Share on:
twitter
facebook
linkedin
copy
Domain User Enumeration Network Recon 01
calendar
Oct 18, 2023
·
attack.discovery
attack.t1087.002
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
DarkGate Autoit3.exe Execution Parameters
calendar
Oct 14, 2023
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Event 4663)
calendar
Sep 1, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Network Connections Where There Should Not Be (Notepad)
calendar
Sep 1, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket DCOMExec Connection Attempt - Zeek
calendar
Sep 1, 2023
·
attack.s0357
attack.execution
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket Secretsdump.py Activity
calendar
Sep 1, 2023
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Shrpubw Execution from Unexpected File Path
calendar
Sep 1, 2023
·
attack.persistence
attack.t1574
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious 'Admin' Local User Creation with Net Command
calendar
Sep 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1136.001
attack.t1136
attack.t1078
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious BlackCat-Related Exfiltration Command
calendar
Sep 1, 2023
·
attack.exfiltration
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calc Child Process
calendar
Sep 1, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Arguments from Explorer or Wermgr
calendar
Sep 1, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Injection to Explorer
calendar
Sep 1, 2023
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Powershell download and load assembly
calendar
Aug 23, 2023
·
Share on:
twitter
facebook
linkedin
copy
Xmrig
calendar
Aug 8, 2023
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WebDAV LNK Execution
calendar
Aug 5, 2023
·
attack.execution
attack.t1059.001
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Search-ms and WebDAV Indicators in URL
calendar
Aug 5, 2023
·
attack.initial_access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
WebDAV Temporary Local File Creation
calendar
Aug 5, 2023
·
attack.initial_access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Powershell download and execute file
calendar
Jul 21, 2023
·
Share on:
twitter
facebook
linkedin
copy
Register Jar In Run Key
calendar
Jun 21, 2023
·
Share on:
twitter
facebook
linkedin
copy
QBot rundll32.exe Non-standard File Proxy Execution (RedCanary Threat Detection Report)
calendar
Jun 2, 2023
·
attack.s0650
·
Share on:
twitter
facebook
linkedin
copy
Set custom UserAgent and download file via Powershell
calendar
May 30, 2023
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Certutil Downloading Malicious Binaries (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Emotet: Regsvr32 Execution from Microsoft Excel (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.s0367
·
Share on:
twitter
facebook
linkedin
copy
Gootloader JavaScript Execution in AppData Folder (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Impacket SMBexec.py Execution (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.s0357
·
Share on:
twitter
facebook
linkedin
copy
Impacket WMIExec.py Execution (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.s0357
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Child and Parent Process Relationships (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Process Access and Injection (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
AdSearch Reg Runkey Persistence Execution (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
AdSearch Startup Folder Persistence File Creation (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Cobalt Strike Beacon Getsystem Pattern (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0154
·
Share on:
twitter
facebook
linkedin
copy
Cobalt Strike Beacon Implant Command Issued via Named Pipe (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0154
·
Share on:
twitter
facebook
linkedin
copy
Cobalt Strike UAC Bypass Using SQL Server Client Configuration Utility (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0154
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Suspicious Process Ancestry (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Common BloodHound Command-Line Options (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0521
·
Share on:
twitter
facebook
linkedin
copy
Default Impacket Service Creation Via Registry Keys (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Explorer Spawning CMD With Start/Exit Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
File Writes Within Admin Shares (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Find Binary Searching for Executables with Setuid or Setguid Bit (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Impacket Atexec.py Execution (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0357
·
Share on:
twitter
facebook
linkedin
copy
ISO File Write to Suspicious Folder (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
LSASS Running Under Non-Privileged User Context (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz .kirbi File Creation (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Module Names in Command Line (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
PlugX DLL Search Order Hijacking Using Avast wsc_proxy (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0013
·
Share on:
twitter
facebook
linkedin
copy
Possible Raspberry Robin DLL Download Using msiexec (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Gamarue DLL Filename (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1036
attack.t1036.003
attack.t1036.008
·
Share on:
twitter
facebook
linkedin
copy
Powershell Base64 Encoding (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Encoded Command Switch (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Injecting Into Anything (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscated Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Process Executing Sans Command Line (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Process Execution from Admin Share (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Processes Executing with Unusual Command Lines (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
QBot Mounted Drive Execution (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.s0650
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Application Bypass with DllRegisterServer Function (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Dumping Credentials with MiniDump Function (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Injection into LSASS (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Suspicious Process Lineage (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Without a Command Line (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
SocGholish NLTest Domain Trust Enumeration (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
SocGholish Script File Whoami Output to File (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connections (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Commandlets (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scripting Host Executing JScript Files with MS-DOS Short Names (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Commands (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Powershell Cmdlets (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMI Suspicious Process Lineage (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Unusual Module Loads (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Yellow Cockatoo Powershell Startup Folder Persistence (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Yellow Cockatoo PowerShell Suspicious .NET Methods (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Account Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1592
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Download Userdata
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
AWS Macie Evasion
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-3156 Exploitation Attempt
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1068
cve.2021.3156
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-3156 Exploitation Attempt Bruteforcing
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1068
cve.2021.3156
·
Share on:
twitter
facebook
linkedin
copy
Defense evasion via process reimaging
calendar
Apr 21, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Detection of Possible Rotten Potato
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1134
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
Disabled Users Failing To Authenticate From Source Using Kerberos
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
DNSCat2 Powershell Implementation Detection Via Process Creation
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1071
attack.t1071.004
attack.t1001.003
attack.t1041
·
Share on:
twitter
facebook
linkedin
copy
Enumeration via the Global Catalog
calendar
Apr 21, 2023
·
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Execution via CL_Invocation.ps1 (2 Lines)
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execution via CL_Mutexverifiers.ps1 (2 Lines)
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Failed Logins with Different Accounts from Single Source - Linux
calendar
Apr 21, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Failed Logins with Different Accounts from Single Source System
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Failed Mounting of Hidden Share
calendar
Apr 21, 2023
·
attack.t1021.002
attack.lateral_movement
·
Share on:
twitter
facebook
linkedin
copy
Failed NTLM Logins with Different Accounts from Single Source System
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Office Applications
calendar
Apr 21, 2023
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Files Dropped to Program Files by Non-Priviledged Process
calendar
Apr 21, 2023
·
attack.persistence
attack.defense_evasion
attack.t1574
attack.t1574.010
·
Share on:
twitter
facebook
linkedin
copy
High DNS Bytes Out
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
High DNS Bytes Out - Firewall
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
High DNS Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High DNS Requests Rate - Firewall
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High NULL Records Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High TXT Records Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Invalid Users Failing To Authenticate From Single Source Using NTLM
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Invalid Users Failing To Authenticate From Source Using Kerberos
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32
calendar
Apr 21, 2023
·
attack.defense_evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Large domain name request
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Malicious Service Installations
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1003
attack.t1035
attack.t1050
car.2013-09-005
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Apr 21, 2023
·
attack.lateral_movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Meterpreter or Cobalt Strike Getsystem Service Installation
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1134.001
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
MSI Spawned Cmd and Powershell Spawned Processes
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Multiple Modsecurity Blocks
calendar
Apr 21, 2023
·
attack.impact
attack.t1499
·
Share on:
twitter
facebook
linkedin
copy
Multiple Suspicious Resp Codes Caused by Single Client
calendar
Apr 21, 2023
·
attack.initial_access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Multiple Users Failing to Authenticate from Single Process
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Multiple Users Remotely Failing To Authenticate From Single Source
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Network Scans Count By Destination IP
calendar
Apr 21, 2023
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Network Scans Count By Destination Port
calendar
Apr 21, 2023
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
OMIGOD SCX RunAsProvider ExecuteScript
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.initial_access
attack.execution
attack.t1068
attack.t1190
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Password Spraying via Explicit Credentials
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Possible DNS Rebinding
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1043
·
Share on:
twitter
facebook
linkedin
copy
Possible DNS Rebinding
calendar
Apr 21, 2023
·
attack.initial_access
attack.t1189
·
Share on:
twitter
facebook
linkedin
copy
Possible DNS Tunneling
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1071.004
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Potential AWS Cloud Email Service Abuse
calendar
Apr 21, 2023
·
attack.t1583.006
attack.resource_development
·
Share on:
twitter
facebook
linkedin
copy
Potential Backup Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1580
·
Share on:
twitter
facebook
linkedin
copy
Potential Exfiltration of Compressed Files
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1560.001
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Potential Network Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Potential Storage Enumeration on AWS
calendar
Apr 21, 2023
·
attack.discovery
attack.t1619
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation Preparation
calendar
Apr 21, 2023
·
attack.execution
attack.t1059.004
·
Share on:
twitter
facebook
linkedin
copy
Quick Execution of a Series of Suspicious Commands
calendar
Apr 21, 2023
·
car.2013-04-002
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Reconnaissance Activity Using BuiltIn Commands
calendar
Apr 21, 2023
·
attack.discovery
attack.t1087
attack.t1082
car.2016-03-001
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Creation
calendar
Apr 21, 2023
·
attack.lateral_movement
attack.persistence
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sign-in Failure Bad Password Threshold
calendar
Apr 21, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Stored Credentials in Fake Files
calendar
Apr 21, 2023
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Multiple File Rename Or Delete Occurred
calendar
Apr 21, 2023
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Werfault.exe Network Connection Outbound
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Valid Users Failing to Authenticate From Single Source Using Kerberos
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Valid Users Failing to Authenticate from Single Source Using NTLM
calendar
Apr 21, 2023
·
attack.t1110.003
attack.initial_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Windows Kernel and 3rd-Party Drivers Exploits Token Stealing
calendar
Apr 21, 2023
·
attack.privilege_escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Impacket AtExec Process Activity
calendar
Apr 16, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket GetUserSPNs Activity
calendar
Apr 16, 2023
·
attack.s0357
attack.credential_access
attack.t1558
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Exe File Event With System Image
calendar
Apr 16, 2023
·
attack.lateral_movement
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Impacket Pipe Creation - Psexec
calendar
Apr 16, 2023
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Impacket PSExec Temp Executable File Creation
calendar
Apr 16, 2023
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Set autostart key via New-ItemProperty Cmdlet
calendar
Mar 21, 2023
·
Share on:
twitter
facebook
linkedin
copy
Renamed Autohotkey Binary
calendar
Feb 6, 2023
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
DNS Query From Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Download by Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Impacket AtExec Suspicious Registry Modification
calendar
Jan 30, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Impacket AtExec Suspicious Temp File Creation
calendar
Jan 30, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Network Connection From Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket AtExec Activity
calendar
Jan 30, 2023
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Process Creation With Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.t1036
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Containing Right-to-Left Override
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.t1036
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Injection to RegAsm
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.t1218
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
External Remote Service Logon from Public IP
calendar
Jan 23, 2023
·
attack.initial_access
attack.credential_access
attack.t1133
attack.t1078
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
ONENOTE drops suspicious file
calendar
Jan 13, 2023
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Key Added: LanmanServer Parameters
calendar
Jan 12, 2023
·
attack.command_and_control
attack.defense_evasion
attack.t1105
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Key Set (MaxMpxCt)
calendar
Jan 12, 2023
·
attack.command_and_control
attack.defense_evasion
attack.t1105
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Powershell MS Defender Tampering - ScriptBlockLogging
calendar
Jan 12, 2023
·
attack.defense_evasion
attack.t1562
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Driverquery Lookup
calendar
Jan 9, 2023
·
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Mshta Executing from Registry
calendar
Jan 9, 2023
·
attack.defense_evasion
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Nslookup Local
calendar
Jan 9, 2023
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
System Time Lookup
calendar
Jan 9, 2023
·
attack.discovery
attack.t1124
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Loader
calendar
Jan 9, 2023
·
Share on:
twitter
facebook
linkedin
copy
Default Account Usage
calendar
Jan 8, 2023
·
attack.t1136
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Potential SMB DLL Lateral Movement
calendar
Jan 8, 2023
·
attack.lateral_movement
attack.t1570
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Custom Named Service Binary
calendar
Jan 8, 2023
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Jan 8, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Webshell Usage with ManageEngine Product
calendar
Jan 8, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
AnyDesk Network
calendar
Jan 8, 2023
·
attack.lateral_movement
attack.t1133
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Bumblebee WmiPrvSE execution pattern
calendar
Jan 8, 2023
·
attack.defense_evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
CHCP CodePage Locale Lookup
calendar
Jan 8, 2023
·
attack.discovery
attack.t1614.001
·
Share on:
twitter
facebook
linkedin
copy
Emotet Child Process Spawn Pattern
calendar
Jan 8, 2023
·
attack.discovery
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Enable WDigest using PowerShell (ps_module)
calendar
Jan 8, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Command Line With Ticket Export
calendar
Jan 8, 2023
·
attack.credential_access
attack.t1003
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
MOFComp Execution
calendar
Jan 8, 2023
·
attack.execution
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Commands
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Operator Bloopers Cobalt Strike Modules
calendar
Jan 8, 2023
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
SplashTop Network
calendar
Jan 8, 2023
·
attack.lateral_movement
attack.t1133
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
SplashTop Process
calendar
Jan 8, 2023
·
attack.lateral_movement
attack.t1133
attack.command_and_control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands by SQL Server
calendar
Jan 8, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
ISO Image Mount
calendar
Dec 28, 2022
·
attack.initial_access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
ISO, VHD, LNK or IMG File Extracted from Zip (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.defense_evasion
attack.t1027
attack.t1027.006
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Old)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Web Browser Creates Zip Archive File (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.defense_evasion
attack.t1027
attack.t1027.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Use of Rcedit Utility to Alter Executable Metadata
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command or Scripting Interpreter Creating EXE File
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
File Creation of Executables in Temp Folders (Event 4663)
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Process Creation without .exe File Extension
calendar
Dec 12, 2022
·
attack.defense_evasion
attack.t1036.003
attack.t1036
attack.s1020
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command Line Indicating BlackCat Execution with Get UUID Option
calendar
Dec 6, 2022
·
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Fsutil Execution Allowing Remote Connections
calendar
Dec 6, 2022
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution in PerfLogs Directory
calendar
Dec 6, 2022
·
attack.defense_evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Modification of MaxMpxCt Parameters
calendar
Dec 6, 2022
·
attack.command_and_control
attack.defense_evasion
attack.t1105
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Executable Deployment from Remote Share
calendar
Nov 29, 2022
·
attack.lateral_movement
attack.command_and_control
attack.t1105
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
NTDSutil Pulling of NTDS.dit File
calendar
Nov 29, 2022
·
attack.credential_access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Tampering of Windows Defender with Reg
calendar
Nov 29, 2022
·
attack.defense_evasion
attack.t1562
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Vice Society Encrypted File Extension File Creation
calendar
Nov 29, 2022
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Nov 29, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Database (BCD) Manipulation - Registry Modification
calendar
Nov 22, 2022
·
attack.impact
attack.t1490
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
Event Log Manipulation Using Wevtutil
calendar
Nov 22, 2022
·
attack.defense_evasion
attack.t1070
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
Use of bcdedit to Disrupt Boot Processes
calendar
Nov 22, 2022
·
attack.impact
attack.t1490
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
Powershell Download and Execute IEX
calendar
Nov 21, 2022
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Child Process
calendar
Nov 19, 2022
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calc DLL Load
calendar
Nov 19, 2022
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Sysmon)
calendar
Nov 18, 2022
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
MedusaLocker
calendar
Nov 11, 2022
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Child and Parent Process Relationships
calendar
Nov 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Process Access and Injection
calendar
Nov 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abusing PowerShell to Disable Defender Components
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1562
attack.t1562.001
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Abusing PowerShell to Modify Defender Components
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1562
attack.t1562.001
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with RunDLL32 and DllRegisterServer Function
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.s0650
attack.s0386
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding in CMD or Powershell
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries
calendar
Nov 9, 2022
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
CertUtil Downloading Malicious Binaries
calendar
Nov 9, 2022
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Chrome Spawned by Powershell with Load-Extension in Command Line
calendar
Nov 9, 2022
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
CMD Launching Batch Script Stored on External Drive (Chromeloader)
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1553
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Bypassing Security Controls
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Obfuscated Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Unusual or Suspicious Process Ancestry
calendar
Nov 9, 2022
·
attack.persistence
attack.t1505
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Gootloader Stage 2 Registry Key Creation
calendar
Nov 9, 2022
·
attack.execution
attack.defense_evasion
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Injecting into Other Process
calendar
Nov 9, 2022
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Powershell Obfuscation and Escape Characters
calendar
Nov 9, 2022
·
attack.execution
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Process Executing with Unusual Command Lines
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Process Executing with Unusual Command Lines
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Process Execution sans Command Lines
calendar
Nov 9, 2022
·
attack.privilege_escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Export Functionalities
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 without Command Line
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMI-Related Powershell Cmdlets
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.001
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Svchost Not Matching Normal Execution Parameters
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Behaving Improperly or Suspiciously
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Making Suspicious Network Connection
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
WMIC Shadow Copy Deletion
calendar
Nov 9, 2022
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
WMIC Suspicious Commands
calendar
Nov 9, 2022
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wscript.exe Executing Agreement Javascript in AppData Folder
calendar
Nov 9, 2022
·
attack.execution
attack.t1059
attack.t1059.005
·
Share on:
twitter
facebook
linkedin
copy
Solarmarker File Extension Registry Key Set
calendar
Nov 9, 2022
·
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Remcos
calendar
Nov 9, 2022
·
Share on:
twitter
facebook
linkedin
copy
Sodinokibi
calendar
Nov 2, 2022
·
Share on:
twitter
facebook
linkedin
copy
Copy file to startup via Powershell
calendar
Oct 28, 2022
·
Share on:
twitter
facebook
linkedin
copy
Stop multiple services
calendar
Oct 11, 2022
·
Share on:
twitter
facebook
linkedin
copy
Powershell drops NetSupport RAT client
calendar
Aug 30, 2022
·
Share on:
twitter
facebook
linkedin
copy
VjW0rm
calendar
Aug 30, 2022
·
Share on:
twitter
facebook
linkedin
copy
Confluence Exploit Activity on Webserver Logs
calendar
Jul 13, 2022
·
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Drops script at startup location
calendar
Mar 15, 2022
·
Share on:
twitter
facebook
linkedin
copy
bitsadmin download and execute
calendar
Dec 10, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-22205
calendar
Nov 1, 2021
·
Share on:
twitter
facebook
linkedin
copy
Execute DLL with spoofed extension
calendar
Oct 15, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell Decrypt And Execute Base64 Data
calendar
Sep 30, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-15568
calendar
Sep 29, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2018-20057
calendar
Sep 24, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2012-1922
calendar
Sep 24, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-26084
calendar
Sep 24, 2021
·
Share on:
twitter
facebook
linkedin
copy
Drops fake system file at system root drive
calendar
Aug 13, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell run code from registry
calendar
Aug 12, 2021
·
Share on:
twitter
facebook
linkedin
copy
Run CertUtil from suspicious location
calendar
Jul 30, 2021
·
Share on:
twitter
facebook
linkedin
copy
LimeRAT
calendar
Jul 22, 2021
·
Share on:
twitter
facebook
linkedin
copy
Scheduled temp file as task from temp location
calendar
Jun 28, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-22986
calendar
Jun 28, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-10040
calendar
Jun 28, 2021
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-25506
calendar
Jun 28, 2021
·
Share on:
twitter
facebook
linkedin
copy
msiexec download and execute
calendar
May 25, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule system process
calendar
May 19, 2021
·
Share on:
twitter
facebook
linkedin
copy
Add file from suspicious location to autostart registry
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
AntiVM
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
AppLocker Bypass via Regsvr32
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Check external IP via Powershell
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Check privilege of CMD via whoami
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Copy itself to suspicious location via type command
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Credwiz util dropped by mshta for dll sideloading
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Decode DLL Via Certutil
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Decode strings from lnk via findstr.exe
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Delete Shadow Copy Via Powershell
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Delete shadow copy via WMIC
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Drops a DLL with WLL extension to the startup
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
EQNEDT32.EXE connecting to internet
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Exe Launched By ReflectiveLoader Dll
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Execute dll with txt extension from temp location
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Execute Script with spoofed extension
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Execute Scriptlet from internet Via Regsvr32
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Execute Scriptlet Via Regsvr32
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
File Dropped By EQNEDT32EXE
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Fodhelper UAC Bypass
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Geofenced Ru
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Get antivirus details via WMIC query
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Hide copy and delete itself
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
IcedID Downloader
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Kill multiple process
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
MSBuild connects to smtp port
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
MSBuild execute suspicous task
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
MSBuild Launched By Scr
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Mshta Download Pastebin
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
NanoCore
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
NetWire
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Office product drops executable at suspicious location
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Office product drops script at suspicious location
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell add exclusion path, extension and process
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell adding suspicious path to exclusion list
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell create lnk in startup
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell delayed execution via ping command
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell download file and shellexecute
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell download file from base64 url
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell download payload from hardcoded c2 list
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell execute code from registry
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell IEX Download In Base64
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell launch wmic via class
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell launch wscript
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell Launched By Winword
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell load assembly from internet
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Powershell load assembly from registry
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
powershell registry execution via wmic
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Quasar
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
ReflectiveLoader
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
RegAsm connects to smtp port
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Register dll at autostart location via regsvr32
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Register Wscript In Run Key
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Rename system process and copy to suspicious location
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Renamed MSHTA launching html
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
RMSRemoteAdmin
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Run temp file via regsvr32
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
rundll32 launch mshta and run script from internet
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
rundll32 run dll from internet
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Ryuk
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule binary from dotnet directory
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule CERTUTIL windows binary
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule REGSVR windows binary
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule script as task
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule script from internet via mshta
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Schedule VBS From Appdata
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Shedule powershell with encoded command parameter
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Steal Google chrome login data
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Wake-On-Lan
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Winword Drops Script In Startup
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Wmic download via msiexec
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Wmic Launch Msiexec
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
wmic launch powershell and execute encrypted script
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Wmic Launch regsvr32
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
WMIC launch script from xsl file
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
WScript Launched By Powershell
calendar
May 3, 2021
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Asp.Net
calendar
Sep 17, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Spring framework
calendar
Sep 17, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Apache Tomcat
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Apache Tomcat
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Apache Tomcat
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Nginx
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Nginx
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for Nginx
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for wildfly
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
Anomaly detection for wildfly
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2002-2006 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2009-3898 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2009-4487 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2010-2263 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2010-2266 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2013-2028 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2013-4547 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2016-10134 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2016-6816 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-12615 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-12617 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-14849 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-15715 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-6920 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-7529 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2017-7659 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2018-11759 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2018-12613 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2018-7490 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2018-7600 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2018-7602 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-0232 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-10092 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-10097 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-10098 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-6339 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2019-6340 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-12112 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-12443 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-13662 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1927 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1938 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-5722 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-8515 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-9484 Exploitation Attempt
calendar
Aug 21, 2020
·
Share on:
twitter
facebook
linkedin
copy
to-top