open-menu
closeme
AppInit DLL Installation
calendar
Mar 26, 2024
·
attack.privilege_escalation
attack.persistence
attack.t1546
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
Application Bypass with DllRegisterServer Function
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Atexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1053
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Bypassing Security Controls - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Certreq Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
CertUtil Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader NW.js Runtime App Installation Paths
calendar
Mar 26, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Folders
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Forwarding Criteria
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Email Forwarding Rule - Suspicious Rule Names
calendar
Mar 26, 2024
·
attack.collection
attack.t1114
attack.t1114.003
·
Share on:
twitter
facebook
linkedin
copy
Enumerating Domain Trust Relationships with Nltest.exe
calendar
Mar 26, 2024
·
attack.discovery
attack.t1482
·
Share on:
twitter
facebook
linkedin
copy
Gamarue Rundll32.exe Long Commandlines
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
attack.t1027.010
·
Share on:
twitter
facebook
linkedin
copy
In-memory Downloading and Compiling of Applets as Payloads
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Kerberos .kirbi Ticket Files
calendar
Mar 26, 2024
·
attack.s0002
attack.credential_access
attack.t1558
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Mac AppleScript Input Prompt
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Module Names
calendar
Mar 26, 2024
·
attack.credential_access
attack.t1003
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Network Connections from the Command Line with no Parameters
calendar
Mar 26, 2024
·
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Non-depmod Process Modifying modules.dep
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Non-Microsoft App Package Installation Process
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1546
attack.t1546.016
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated Commands - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Obfuscation and Escape Characters - Powershell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Office Products Spawning WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Package Support Framework (PSF) Advanced Installer Processes
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1546
attack.t1546.016
·
Share on:
twitter
facebook
linkedin
copy
PowerShell -encodedcommand Switch
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoding
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Startup Folder Persistence
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Suspicious .NET Methods
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1140
attack.t1574
attack.t1574.013
·
Share on:
twitter
facebook
linkedin
copy
Processes Executing with Unusual Command Lines
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Qbot Mounted Drive Script Executions
calendar
Mar 26, 2024
·
attack.s0650
attack.execution
attack.t1059
attack.t1204
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Injection into LSASS
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 with Suspicious Process Lineage
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Without a Command Line
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
SecretsDump File Modification
calendar
Mar 26, 2024
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Secretsdump.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Service Control Manager Spawning Command Shell with Suspect Strings
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1569
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Shells Modifying Files in Known Linux Kernel Modules Directories
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
SMBexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1569
attack.t1569.002
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Export Functionalities - Rundll32
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.011
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Cmdlets - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.t1059
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Lineage - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Systemd Loading a Linux Kernel Module Using insmod
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Systemd Loading a Linux Kernel Module Using modprobe
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Unexpected Internal Process Name
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Unusual Module Loads - WMI
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Unusual or Suspicious Process Ancestry - Command Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Web Browser Loading Extension
calendar
Mar 26, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Whoami Recon Writing Output to File
calendar
Mar 26, 2024
·
attack.discovery
attack.t1033
·
Share on:
twitter
facebook
linkedin
copy
Windows Explorer Spawning Command Shell with Start and Exit Commands
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Windows Installer (msiexec.exe) Downloading and Executing Packages
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Creating Shell
calendar
Mar 26, 2024
·
attack.execution
attack.t1059
attack.t1059.003
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
WMI Reconnaissance
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.discovery
attack.t1087
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.execution
attack.t1047
attack.lateral_movement
attack.t1021
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
WScript Spawned from a Browser Making External Network Connections
calendar
Mar 26, 2024
·
attack.initial_access
attack.t1189
·
Share on:
twitter
facebook
linkedin
copy
ZIP File Spawning JavaScript
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
to-top