open-menu
closeme
Suspicious Non-Browser Network Communication With Telegram API
calendar
Apr 1, 2024
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Wuauclt Network Connection
calendar
Mar 26, 2024
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection to IP Lookup Service APIs
calendar
Mar 22, 2024
·
attack.discovery
attack.t1016
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Outbound Kerberos Connection
calendar
Mar 18, 2024
·
attack.credential_access
attack.t1558
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
Communication To Uncommon Destination Ports
calendar
Mar 13, 2024
·
attack.persistence
attack.command_and_control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Dllhost.EXE Initiated Network Connection To Non-Local IP Address
calendar
Mar 13, 2024
·
attack.defense_evasion
attack.t1218
attack.execution
attack.t1559.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Mar 13, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection To Non-Local IP
calendar
Mar 13, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Mar 13, 2024
·
attack.defense_evasion
attack.execution
attack.command_and_control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication
calendar
Mar 13, 2024
·
attack.persistence
attack.command_and_control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
RDP Over Reverse SSH Tunnel
calendar
Mar 13, 2024
·
attack.command_and_control
attack.t1572
attack.lateral_movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Mar 13, 2024
·
attack.defense_evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Script Initiated Connection to Non-Local Network
calendar
Mar 13, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Binary Suspicious Communication Endpoint
calendar
Mar 6, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Network Connection To Notion API
calendar
Mar 1, 2024
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service Initiated
calendar
Feb 12, 2024
·
attack.exfiltration
attack.command_and_control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Connection Initiated Via Certutil.EXE
calendar
Feb 12, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Equation Editor Network Connection
calendar
Feb 12, 2024
·
attack.execution
attack.t1203
·
Share on:
twitter
facebook
linkedin
copy
Msiexec.EXE Initiated Network Connection Over HTTP
calendar
Feb 12, 2024
·
attack.defense_evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Network Communication With Crypto Mining Pool
calendar
Feb 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By AddinUtil.EXE
calendar
Feb 12, 2024
·
attack.defense_evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By IMEWDBLD.EXE
calendar
Feb 12, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Regsvr32.EXE
calendar
Feb 12, 2024
·
attack.execution
attack.t1559.001
attack.defense_evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To DevTunnels Domain
calendar
Feb 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Mega.nz
calendar
Feb 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated Via Notepad.EXE
calendar
Feb 12, 2024
·
attack.command_and_control
attack.execution
attack.defense_evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection Over Uncommon Ports
calendar
Feb 12, 2024
·
attack.defense_evasion
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Outbound RDP Connections Over Non-Standard Tools
calendar
Feb 12, 2024
·
attack.lateral_movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Dead Drop Resolvers
calendar
Feb 12, 2024
·
attack.command_and_control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote PowerShell Session Initiated
calendar
Feb 12, 2024
·
attack.execution
attack.t1059.001
attack.lateral_movement
attack.t1021.006
·
Share on:
twitter
facebook
linkedin
copy
Process Initiated Network Connection To Ngrok Domain
calendar
Feb 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Python Initiated Connection
calendar
Feb 12, 2024
·
attack.discovery
attack.t1046
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Google API
calendar
Feb 12, 2024
·
attack.command_and_control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Feb 12, 2024
·
attack.defense_evasion
attack.command_and_control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Location with Network Connections
calendar
Dec 21, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
Nov 20, 2023
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Cmstp Making Network Connection
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
RDP to HTTP or HTTPS Target Ports
calendar
Oct 17, 2023
·
attack.command_and_control
attack.t1572
attack.lateral_movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Script Initiated Connection
calendar
Oct 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dropbox API Usage
calendar
Oct 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection Binary No CommandLine
calendar
Oct 17, 2023
·
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outbound SMTP Connections
calendar
Oct 17, 2023
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Silenttrinity Stager Msbuild Activity
calendar
Oct 26, 2022
·
attack.execution
attack.t1127.001
·
Share on:
twitter
facebook
linkedin
copy
to-top