create_stream_hash

Creation Of a Suspicious ADS File Outside a Browser Download
Apr 18, 2023 · attack.defense_evasion ·
Share on:
Detects the creation of a suspicious ADS (Alternate Data Stream) file by software other than browsers

Read More
Potential Suspicious Winget Package Installation
Apr 18, 2023 · attack.defense_evasion attack.persistence ·
Share on:
Detects potential suspicious winget package installation from a suspicious source.

Read More
Suspicious File Download From File Sharing Websites
Feb 10, 2023 · attack.defense_evasion attack.s0139 attack.t1564.004 ·
Share on:
Detects the download of suspicious file type from a well-known file and paste sharing domain

Read More
Unusual File Download From File Sharing Websites
Feb 10, 2023 · attack.defense_evasion attack.s0139 attack.t1564.004 ·
Share on:
Detects the download of suspicious file type from a well-known file and paste sharing domain

Read More
Hidden Executable In NTFS Alternate Data Stream
Feb 10, 2023 · attack.defense_evasion attack.s0139 attack.t1564.004 ·
Share on:
Detects the creation of an ADS (Alternate Data Stream) that contains an executable (non-empty imphash)

Read More
Unusual File Download from Direct IP Address
Feb 9, 2023 · attack.defense_evasion attack.t1564.004 ·
Share on:
Detects the download of suspicious file type from URLs with IP

Read More
Hacktool Download
Feb 1, 2023 · attack.defense_evasion attack.s0139 attack.t1564.004 ·
Share on:
Detects the creation of a file on disk that has an imphash of a well-known hack tool

Read More
Exports Registry Key To an Alternate Data Stream
Oct 25, 2022 · attack.defense_evasion attack.t1564.004 ·
Share on:
Exports the target Registry key and hides it in the specified alternate data stream.

Read More