open-menu
closeme
Network Connection Initiated By AddinUtil.EXE
calendar
Jul 17, 2024
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To AzureWebsites.NET By Non-Browser Process
calendar
Jul 17, 2024
·
attack.command_and_control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection Over Uncommon Ports
calendar
Jul 17, 2024
·
attack.defense_evasion
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection To Non-Local IP
calendar
Jul 17, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Potential Dead Drop Resolvers
calendar
Jul 17, 2024
·
attack.command_and_control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dropbox API Usage
calendar
Jul 17, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Google API
calendar
Jul 17, 2024
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Network Connection Initiated By Certutil.EXE
calendar
Jul 2, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Outbound RDP Connections Over Non-Standard Tools
calendar
Jun 25, 2024
·
attack.lateral_movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Communication To LocaltoNet Tunneling Service Initiated
calendar
Jun 20, 2024
·
attack.command_and_control
attack.t1572
attack.t1090
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Local Network Connection Initiated By Script Interpreter
calendar
May 31, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder
calendar
May 31, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To Portmap.IO Domain
calendar
May 31, 2024
·
attack.t1041
attack.command_and_control
attack.t1090.002
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Network Communication With Crypto Mining Pool
calendar
May 31, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Eqnedt32.EXE
calendar
May 31, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location
calendar
May 31, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Cloudflared Tunnels Domains
calendar
May 31, 2024
·
attack.exfiltration
attack.command_and_control
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To DevTunnels Domain
calendar
May 31, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Mega.nz
calendar
May 31, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
May 31, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Cmstp.EXE
calendar
May 31, 2024
·
attack.defense_evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Script Interpreter
calendar
May 31, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Network Connection To Notion API
calendar
May 31, 2024
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection to IP Lookup Service APIs
calendar
May 31, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Telegram API
calendar
May 31, 2024
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Microsoft Dialer
calendar
Apr 29, 2024
·
attack.execution
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
RegAsm.EXE Initiating Network Connection To Public IP
calendar
Apr 25, 2024
·
attack.defense_evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Wuauclt Network Connection
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Outbound Kerberos Connection
calendar
Mar 18, 2024
·
attack.credential_access
attack.t1558
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
Communication To Uncommon Destination Ports
calendar
Mar 13, 2024
·
attack.persistence
attack.command_and_control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Mar 13, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Mar 13, 2024
·
attack.defense_evasion
attack.execution
attack.command_and_control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication
calendar
Mar 13, 2024
·
attack.persistence
attack.command_and_control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
RDP Over Reverse SSH Tunnel
calendar
Mar 13, 2024
·
attack.command_and_control
attack.t1572
attack.lateral_movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Mar 13, 2024
·
attack.defense_evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service Initiated
calendar
Feb 12, 2024
·
attack.exfiltration
attack.command_and_control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By IMEWDBLD.EXE
calendar
Feb 12, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Regsvr32.EXE
calendar
Feb 12, 2024
·
attack.execution
attack.t1559.001
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated Via Notepad.EXE
calendar
Feb 12, 2024
·
attack.command_and_control
attack.execution
attack.defense_evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote PowerShell Session Initiated
calendar
Feb 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Process Initiated Network Connection To Ngrok Domain
calendar
Feb 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Python Initiated Connection
calendar
Feb 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Feb 12, 2024
·
attack.defense_evasion
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
RDP to HTTP or HTTPS Target Ports
calendar
Oct 17, 2023
·
attack.command_and_control
attack.t1572
attack.lateral_movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection Binary No CommandLine
calendar
Oct 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outbound SMTP Connections
calendar
Oct 17, 2023
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Silenttrinity Stager Msbuild Activity
calendar
Oct 26, 2022
·
attack.execution
attack.t1127.001
·
Share on:
twitter
facebook
linkedin
copy
to-top