open-menu
closeme
Clipboard Data Collection Via OSAScript
calendar
Dec 1, 2023
·
attack.collection
attack.execution
attack.t1115
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
JXA In-memory Execution Via OSAScript
calendar
Dec 1, 2023
·
attack.t1059.002
attack.t1059.007
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
OSACompile Run-Only Execution
calendar
Dec 1, 2023
·
attack.t1059.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Discovery Activity Using Find - MacOS
calendar
Nov 2, 2023
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Nov 2, 2023
·
attack.t1566
attack.t1566.002
attack.initial_access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - MacOS
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Macos Remote System Discovery
calendar
Oct 18, 2023
·
attack.discovery
attack.t1018
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Dscl
calendar
Oct 18, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via DseditGroup
calendar
Oct 18, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
Indicator Removal on Host - Clear Mac System Logs
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Oct 17, 2023
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense_evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
Potential WizardUpdate Malware Infection
calendar
Oct 17, 2023
·
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Download And Compile Of Payloads
calendar
Aug 22, 2023
·
attack.command_and_control
attack.execution
attack.t1059.007
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
User Added To Admin Group Via Sysadminctl
calendar
Aug 22, 2023
·
attack.initial_access
attack.privilege_escalation
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Potential Suspicious Child Process
calendar
Aug 22, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
JAMF MDM Execution
calendar
Aug 22, 2023
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Root Account Enable Via Dsenableroot
calendar
Aug 22, 2023
·
attack.t1078
attack.t1078.001
attack.t1078.003
attack.initial_access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Child Process - MacOS
calendar
Apr 5, 2023
·
attack.initial_access
attack.execution
attack.t1189
attack.t1203
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Osacompile Execution By Potentially Suspicious Applet/Osascript
calendar
Apr 3, 2023
·
attack.execution
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PlistBuddy
calendar
Feb 28, 2023
·
attack.persistence
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Feb 21, 2023
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Guest Account Enabled Via Sysadminctl
calendar
Feb 20, 2023
·
attack.initial_access
attack.t1078
attack.t1078.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of A Local User Account
calendar
Feb 20, 2023
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
MacOS Scripting Interpreter AppleScript
calendar
Feb 1, 2023
·
attack.execution
attack.t1059.002
·
Share on:
twitter
facebook
linkedin
copy
Credentials from Password Stores - Keychain
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1555.001
·
Share on:
twitter
facebook
linkedin
copy
File Time Attribute Change
calendar
Jan 12, 2023
·
attack.defense_evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Space After Filename - macOS
calendar
Jan 4, 2023
·
attack.defense_evasion
attack.t1036.006
·
Share on:
twitter
facebook
linkedin
copy
System Network Discovery - macOS
calendar
Dec 29, 2022
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
System Network Connections Discovery - MacOs
calendar
Dec 29, 2022
·
attack.discovery
attack.t1049
·
Share on:
twitter
facebook
linkedin
copy
GUI Input Capture - macOS
calendar
Dec 27, 2022
·
attack.credential_access
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Local Groups Discovery - MacOs
calendar
Nov 28, 2022
·
attack.discovery
attack.t1069.001
·
Share on:
twitter
facebook
linkedin
copy
Local System Accounts Discovery - MacOs
calendar
Nov 28, 2022
·
attack.discovery
attack.t1087.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - MacOs
calendar
Nov 28, 2022
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery - MacOs
calendar
Nov 28, 2022
·
attack.discovery
attack.t1518.001
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text -MacOs
calendar
Nov 27, 2022
·
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - MacOs
calendar
Nov 27, 2022
·
attack.discovery
attack.credential_access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
System Shutdown/Reboot - MacOs
calendar
Nov 27, 2022
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery - MacOS
calendar
Nov 25, 2022
·
attack.discovery
attack.t1083
·
Share on:
twitter
facebook
linkedin
copy
Credentials In Files
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Tools
calendar
Oct 25, 2022
·
attack.defense_evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Gatekeeper Bypass via Xattr
calendar
Oct 25, 2022
·
attack.defense_evasion
attack.t1553.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden User Creation
calendar
Oct 25, 2022
·
attack.defense_evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
MacOS Network Service Scanning
calendar
Oct 25, 2022
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Screen Capture - macOS
calendar
Oct 25, 2022
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Split A File Into Pieces
calendar
Oct 25, 2022
·
attack.exfiltration
attack.t1030
·
Share on:
twitter
facebook
linkedin
copy
Suspicious History File Operations
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MacOS Firmware Activity
calendar
Oct 9, 2022
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
to-top