open-menu
closeme
Self Extraction Directive File Created In Potentially Suspicious Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Creation of WerFault.exe/Wer.dll in Unusual Folder
calendar
Nov 29, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Potential File Extension Spoofing Using Right-to-Left Override
calendar
Nov 18, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created by Outlook Process
calendar
Nov 4, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created By Uncommon Application
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PSScriptPolicyTest Creation By Uncommon Process
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon File Created In Office Startup Folder
calendar
Nov 1, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Files
calendar
Oct 8, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious PowerShell Scripts - FileCreation
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential SAM Database Dump
calendar
Sep 13, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Creation Via Taskmgr.EXE
calendar
Sep 2, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created By Non-PowerShell Process
calendar
Sep 2, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Temporary File
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed VsCode Code Tunnel Execution - File Indicator
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LNK Double Extension File Created
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Remote File Creation
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
ADSI-Cache File Creation By Uncommon Tool
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Advanced IP Scanner - File Event
calendar
Aug 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT File Artifact
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Temporary Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Assembly DLL Creation Via AspNetCompiler
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
BloodHound Collection Files
calendar
Aug 12, 2024
·
attack.discovery
attack.t1087.001
attack.t1087.002
attack.t1482
attack.t1069.001
attack.t1069.002
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Creation Exe for Service with Unquoted Path
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Diagcab
calendar
Aug 12, 2024
·
attack.resource-development
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Cred Dump Tools Dropped Files
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.t1003.002
attack.t1003.003
attack.t1003.004
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
CSExec Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Backup Keys And Certificate Export Activity IOC
calendar
Aug 12, 2024
·
attack.t1555
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Drop Binaries Into Spool Drivers Color Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dynamic CSharp Compile Artefact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
EVTX Created In Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
File Creation In Suspicious Directory By Msdt.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
File With Uncommon Extension Created By An Office Application
calendar
Aug 12, 2024
·
attack.t1204.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Files With System DLL Name In Unsuspected Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Files With System Process Name In Unsuspected Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
GatherNetworkInfo.VBS Reconnaissance Script Output
calendar
Aug 12, 2024
·
attack.discovery
·
Share on:
twitter
facebook
linkedin
copy
GoToAssist Temporary Installation Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec File Indicators
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Dumpert Process Dumper Default File
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Inveigh Execution Artefacts
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Mimikatz Kirbi File Creation
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
HackTool - NPPSpy Hacktool Usage
calendar
Aug 12, 2024
·
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential Remote Credential Dumping Activity Via CrackMapExec Or Impacket-Secretsdump
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Powerup Write Hijack DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - QuarksPwDump Dump File
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RemoteKrbRelay SMB Relay Secrets Dump Module Indicators
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SafetyKatz Dump Indicator
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Typical HiveNightmare SAM File Export
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
cve.2021-36934
·
Share on:
twitter
facebook
linkedin
copy
Hijack Legit RDP Session to Move Laterally
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Installation of TeamViewer Desktop
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
ISO File Created Within Temp Folders
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
ISO or Image Mount Indicator in Recent Files
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Archive
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Script
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Kernel Memory Dump File Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Dump Artefact In CrashDumps Folder
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
New Custom Shim Database Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
New Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
NTDS Exfiltration Filename Patterns
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Created
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Octopus Scanner Malware
calendar
Aug 12, 2024
·
attack.t1195
attack.t1195.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macro File Creation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macro File Creation From Suspicious Process
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macro File Download
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
OneNote Attachment File Dropped In Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PCRE.NET Package Temp Files
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
PDF File Created By RegEdit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Or Script Dropper Via PowerShell
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential DCOM InternetExplorer.Application DLL Hijack
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters in Filename
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Initial Access via DLL Search Order Hijacking
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.001
attack.initial-access
attack.t1574
attack.t1574.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via ErrorHandler.Cmd
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Add-In
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Notepad++ Plugins
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Form
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential RipZip Attack on Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Potential Startup Shortcut Persistence Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Webshell Creation On Static Website
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Winnti Dropper Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious DMP/HDMP File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Dropped Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Process Explorer Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Process Monitor Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Remote Execution File Artefact
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.execution
attack.persistence
attack.t1136.002
attack.t1543.003
attack.t1570
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
PsExec Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
Publisher Attachment File Dropped In Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Rclone Config File Creation
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
RemCom Service File Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
SCR File Write Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect Temporary Installation Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Startup Folder File Write
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ASPX File Drop by Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary Writes Via AnyDesk
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Creation TXT File in User Desktop
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Creation with Colorcpl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious desktop.ini Action
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Target File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DotNET CLR Usage Log Artifact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Double Extension Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Executable File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created In PerfLogs
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created Via OneNote Application
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation In Uncommon AppData Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Drop by Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1190
attack.initial-access
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Files in Default GPO Folder
calendar
Aug 12, 2024
·
attack.t1036.005
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-Variable.exe Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Interactive PowerShell as SYSTEM
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSExchangeMailboxReplication ASPX Write
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PFX File Creation
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PROCEXP152.sys File Created In TMP
calendar
Aug 12, 2024
·
attack.t1562.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Write to System32 Tasks
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Screensaver Binary File Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Startup Folder Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Remote Session
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using .NET Code Profiler on MMC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using EventVwr
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - FileCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon File Creation By Mysql Daemon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
VHD Image Download Via Browser
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
WerFault LSASS Process Memory Dump
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Binaries Write Suspicious Extensions
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Application File Write to Suspicious Folder
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Terminal Profile Settings Modification By Uncommon Process
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.015
·
Share on:
twitter
facebook
linkedin
copy
WinSxS Executable File Creation By Non-System Process
calendar
Aug 12, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Script Event Consumer File Write
calendar
Aug 12, 2024
·
attack.t1546.003
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Wmiexec Default Output File
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Writing Local Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
WScript or CScript Dropper - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
to-top