open-menu
closeme
Disable Windows Defender Functionalities Via Registry Keys
calendar
Oct 8, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
COM Object Hijacking Via Modification Of Default System CLSID Default Value
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Patching Activity
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Execution Policy Enabled
calendar
Sep 2, 2024
·
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Filter Driver Disallowed On Dev Drive - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Driver Added To Disallowed Images In HVCI - Registry
calendar
Aug 21, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Blackbyte Ransomware Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using Event Viewer
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Change the Fax Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change User Account Associated with the FAX Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change Winevt Channel Access Permission Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
ClickOnce Trust Prompt Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
COM Hijack via Sdclt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1546
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
COM Hijacking via TreatAs
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Common Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CrashControl CrashDump Disabled
calendar
Aug 12, 2024
·
attack.t1564
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CurrentControlSet Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion NT Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Default RDP Port Changed to Non Standard Port
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
DHCP Callout DLL Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Directory Service Restore Mode(DSRM) Registry Value Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disable Administrative Share Creation at Startup
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Disable Exploit Guard Network Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Macro Runtime Scan Scope
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Microsoft Defender Firewall via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Privacy Settings Experience in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable PUA Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Tamper Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Event Logging Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Firewall by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disabled Windows Defender Eventlog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Displaying Hidden Files Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Enable Microsoft Dynamic Data Exchange
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.002
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For rpcrt4.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For SCM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Sysmon Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Execution DLL of Choice Using WAB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Hide Schedule Task Via Index Value Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Hypervisor Enforced Code Integrity Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hypervisor Enforced Paging Translation Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
IE Change Domain Zone
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer DisableFirstRunCustomize Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Lolbas OneDriveStandaloneUpdater.exe Proxy Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Lsass Full Dump Request Via DumpType Registry Settings
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Macro Enabled In A Potentially Suspicious Document
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
MaxMpxCt Registry Value Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office Protected View Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Modification of IE Registry Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
NET NGenAssemblyUsageLog Registry Key Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New Application in AppCompat
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom DB Path Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom VBScript Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom WMI Query Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New File Association Using Exefile
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
New ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New Root or CA or AuthRoot Certificate to Store
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
New RUN Key Pointing to Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New TimeProviders Registered With Uncommon DLL Name
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
Office Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Office Macros Warning Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Old TLS1.0/TLS1.1 Protocol Version Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Outlook Security Settings Updated - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Periodic Backup For System Registry Hives Enabled
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Disk Cleanup Handler - Autorun
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Hhctrl.ocx
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI COM Server Hijacking
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Associations Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Attachments Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential AutoLogger Sessions Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Service Installations - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - REG
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential EventLog File Location Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Potential PendingFileRenameOperations Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Using DebugPath
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via App Paths Default Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AppCompat RegisterAppRestart Layer
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AutodialDLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via CHM Helper DLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Custom Protocol Handler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via DLLPathOverride
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Event Viewer Events.asp
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Excel Add-in - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.defense-evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via LSA Extensions
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Mpnotify
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Scrobj.dll COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database In Uncommon Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via TypedPaths
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Visual Studio Tools for Office
calendar
Aug 12, 2024
·
attack.t1137.006
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution - REG
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential PSFactoryBuffer COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware Activity Using LegalNotice Message
calendar
Aug 12, 2024
·
attack.impact
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via DbgManagedDebugger
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via Windows Telemetry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential SentinelOne Shell Context Menu Scan Command Tampering
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential WerFault ReflectDebugger Registry Value Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell as a Service in Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Logging Disabled Via Registry Key Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed to Zero
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Register New IFiltre For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Registry Disable System Restore
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Registry Explorer Policy Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Hide Function from User
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification to Hidden File Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Explorer Run Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Service in Safe Mode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Running Chrome VPN Extensions via the Registry 2 VPN Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Scheduled TaskCache Change by Uncommon Program
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
ScreenSaver Registry Key Set
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Scripted Diagnostics Turn Off Check Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service Binary in Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
ServiceDll Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Session Manager Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Application Allowed Through Exploit Guard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Environment Variable Has Been Registered
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Keyboard Layout Load
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell In Registry Run Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Printer Driver Empty Manufacturer
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installed
calendar
Aug 12, 2024
·
attack.t1562.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Driver Altitude Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
System Scripts Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper With Sophos AV Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Trust Access Disable For VBApplications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Event Viewer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Sdclt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Notification Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Secure Desktop Prompt Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Microsoft Office Trusted Location Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Usage of Renamed Sysinternals Tools - RegistrySet
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1588.002
·
Share on:
twitter
facebook
linkedin
copy
VBScript Payload Stored in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wdigest Enable UseLogonCredential
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Service Disabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Recall Feature Enabled - Registry
calendar
Aug 12, 2024
·
attack.collection
attack.t1113
·
Share on:
twitter
facebook
linkedin
copy
Winget Admin Settings Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Winlogon AllowMultipleTSSessions Enable
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Notify Key Logon Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
WinSock2 Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
to-top