open-menu
closeme
Potential Peach Sandstorm APT C2 Communication Activity
calendar
Dec 1, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot C2 Activity
calendar
Dec 1, 2024
·
attack.command-and-control
attack.t1573
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM IOCs
calendar
Nov 25, 2024
·
attack.credential-access
attack.command-and-control
attack.t1212
attack.t1071
attack.g0093
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PUA - Fast Reverse Proxy (FRP) Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nimgrab Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PUA - NPS Tunneling Tool Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
PUA- IOX Tunneling Tool Execution
calendar
Nov 25, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Exploitation Framework Detection
calendar
Nov 4, 2024
·
attack.execution
attack.t1203
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Portable Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Quick Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Connections Cleanup
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnel Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1102
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Cloudflared Tunnels Related DNS Requests
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed Cloudflared.EXE Execution
calendar
Nov 1, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
New Connection Initiated To Potential Dead Drop Resolver Domain
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Devtunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - MeshAgent Command Execution via MeshCentral
calendar
Sep 22, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Remote Access Software Domain From Non-Browser App
calendar
Sep 13, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Incoming Connection
calendar
Sep 2, 2024
·
attack.persistence
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DNS Communication Indicators
calendar
Sep 2, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Renamed VsCode Code Tunnel Execution - File Indicator
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Remote File Creation
calendar
Sep 2, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Service Installation
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio Code Tunnel Shell Execution
calendar
Sep 2, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Put.io - DNS Client
calendar
Aug 23, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location
calendar
Aug 23, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Activity from Anonymous IP Addresses
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity from Infrequent Country
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Activity from Suspicious IP Addresses
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
ADSI-Cache File Creation By Uncommon Tool
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Temporary Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
AppX Package Installation Attempts Via AppInstaller.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
APT User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
APT40 Dropbox Tool User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via GfxDownloadWrapper.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon TLD
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Browser Execution In Headless Mode
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Chafer Malware URL Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Change User Agents with WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Cisco Stage Data
calendar
Aug 12, 2024
·
attack.collection
attack.lateral-movement
attack.command-and-control
attack.exfiltration
attack.t1074
attack.t1105
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Cobalt Strike DNS Beaconing
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Communication To LocaltoNet Tunneling Service Initiated
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.t1090
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Communication To LocaltoNet Tunneling Service Initiated - Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.t1090
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service Initiated
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Communication To Uncommon Destination Ports
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
ComRAT Network Communication
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.g0010
·
Share on:
twitter
facebook
linkedin
copy
Crypto Miner User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Curl Usage on Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Default Cobalt Strike Certificate
calendar
Aug 12, 2024
·
attack.command-and-control
attack.s0154
·
Share on:
twitter
facebook
linkedin
copy
Devil Bait Potential C2 Communication Traffic
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DNS Exfiltration and Tunneling Tools Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.001
attack.command-and-control
attack.t1071.004
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To AzureWebsites.NET By Non-Browser Process
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Tor .Onion Address - Sysmon
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.003
·
Share on:
twitter
facebook
linkedin
copy
DNS TXT Answer with Possible Execution Strings
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Download File To Potentially Suspicious Directory Via Wget
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Download from Suspicious Dyndns Hosts
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
attack.t1568
·
Share on:
twitter
facebook
linkedin
copy
DPRK Threat Actor - C2 Communication DNS Indicators
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Equation Group C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
attack.t1041
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Executable from Webdav
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Exploit Framework User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
File Download And Execution Via IEExec.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From Browser Process Via Inline URL
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using Notepad++ GUP Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download via CertOC.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Nscurl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download with Headless Browser
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Finger.EXE Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM Artefacts - Builtin
calendar
Aug 12, 2024
·
attack.credential-access
attack.command-and-control
attack.t1071
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Potential C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
GoToAssist Temporary Installation Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Gzip Archive Decode Via PowerShell
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - BabyShark Agent Default URL Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike Malleable Profile Patterns - Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire UserAgent URI Combo
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Htran/NATBypass Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
attack.s0040
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Inveigh Execution Artefacts
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RemoteKrbRelay SMB Relay Secrets Dump Module Indicators
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpChisel Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SILENTTRINITY Stager DLL Load
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SILENTTRINITY Stager Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071
·
Share on:
twitter
facebook
linkedin
copy
Hijack Legit RDP Session to Move Laterally
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
HTTP Request With Empty User Agent
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Import LDAP Data Interchange Format File Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1218
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Installation of TeamViewer Desktop
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Local Network Connection Initiated By Script Interpreter
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Lolbas OneDriveStandaloneUpdater.exe Proxy Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Malicious IP Address Sign-In Failure Rate
calendar
Aug 12, 2024
·
attack.t1090
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Malicious IP Address Sign-In Suspicious
calendar
Aug 12, 2024
·
attack.t1090
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Malware User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Mesh Agent Service Installation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
MsiExec Web Install
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Mstsc.EXE Execution With Local RDP File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Netcat The Powershell Version
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1095
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To Portmap.IO Domain
calendar
Aug 12, 2024
·
attack.t1041
attack.command-and-control
attack.t1090.002
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By IMEWDBLD.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To AzureWebsites.NET By Non-Browser Process
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
attack.t1102.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Cloudflared Tunnels Domains
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated Via Notepad.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
New Kind of Network (NKN) Detection
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
New Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
New Port Forwarding Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
New PortProxy Registry Entry Added
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Ngrok Usage with Remote Desktop Service
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection Over Uncommon Ports
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Security Threat Detected
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - Telnet Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.command-and-control
attack.t1133
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Script Interpreter
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.command-and-control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Pandemic Registry Key
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Port Forwarding Activity Via SSH.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.lateral-movement
attack.t1572
attack.t1021.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Encoded User-Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - Process Creation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - PS Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - DNS
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - Netcon
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - Proxy
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp ICO C2 File Download
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CSharp Streamer RAT Loading .NET Executable Image
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - File Downloads
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - Share Access
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - URL Marker
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2303-36884 URL Request Pattern Traffic
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL File Download Via PowerShell Invoke-WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Download/Upload Activity Using Type Command
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Download And Compile Of Payloads
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.007
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - DNS
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - Proxy
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Tunneling Via Plink
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Potential RDP Tunneling Via SSH
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Desktop Connection to Non-Domain Host
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential SocGholish Second Stage C2 DNS Query
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Child Process Of 3CXDesktopApp
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential WizardUpdate Malware Infection
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Network Connection To Notion API
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Usage Of Qemu
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
PowerShell DownloadFile
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1104
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PrintBrm ZIP Creation of Extraction
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
PUA - 3Proxy Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
PUA - Chisel Tunneling Tool Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - Netcat Suspicious Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1095
·
Share on:
twitter
facebook
linkedin
copy
PUA - Ngrok Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
·
Share on:
twitter
facebook
linkedin
copy
PwnDrp Access
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.t1102.001
attack.t1102.003
·
Share on:
twitter
facebook
linkedin
copy
Query Tor Onion Address - DNS Client
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.003
·
Share on:
twitter
facebook
linkedin
copy
Raw Paste Service Access
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.t1102.001
attack.t1102.003
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
RDP Over Reverse SSH Tunnel
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.lateral-movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
RDP over Reverse SSH Tunnel WFP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.lateral-movement
attack.t1090.001
attack.t1090.002
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
RDP Port Forwarding Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
RDP to HTTP or HTTPS Target Ports
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.lateral-movement
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Anydesk Execution From Suspicious Folder
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Piped Password Via CLI
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Silent Installation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - GoToAssist Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - LogMeIn Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - ScreenConnect Potential Suspicious Remote Command Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - Simple Help Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - UltraViewer Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Remote File Copy
calendar
Aug 12, 2024
·
attack.command-and-control
attack.lateral-movement
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Desktopimgdownldr Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Renamed Remote Utilities RAT (RURAT) Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.collection
attack.command-and-control
attack.discovery
attack.s0592
·
Share on:
twitter
facebook
linkedin
copy
Renamed Visual Studio Code Tunnel Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Replace.exe Usage
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect Temporary Installation Artefact
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Sign-In From Malware Infected IP
calendar
Aug 12, 2024
·
attack.t1090
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Silence.EDA Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1071.004
attack.t1572
attack.impact
attack.t1529
attack.g0091
attack.s0363
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Potential C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Base64 Encoded User-Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary Writes Via AnyDesk
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious C2 Activities
calendar
Aug 12, 2024
·
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Certreq Command to Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Manage Engine ServiceDesk
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cobalt Strike DNS Beaconing - DNS Client
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cobalt Strike DNS Beaconing - Sysmon
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl Change User Agents - Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl.EXE Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Command
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Target File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Diantz Download and Compress Into a CAB File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Query with B64 Encoded String
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Z Flag Bit Set
calendar
Aug 12, 2024
·
attack.t1095
attack.t1571
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download from Office Domain
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.t1608
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dropbox API Usage
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Extrac32 Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious FromBase64String Usage On Gzip Archive - Process Creation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious FromBase64String Usage On Gzip Archive - Ps Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Installer Package Child Process
calendar
Aug 12, 2024
·
attack.t1059
attack.t1059.007
attack.t1071
attack.t1071.001
attack.execution
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution With DirectIP
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LDAP-Attributes Used
calendar
Aug 12, 2024
·
attack.t1001.003
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mstsc.EXE Execution With Local RDP File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Google API
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Non-Browser Network Communication With Telegram API
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Plink Port Forwarding
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1572
attack.lateral-movement
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SSL Connection
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1573
·
Share on:
twitter
facebook
linkedin
copy
Suspicious TCP Tunnel Via PowerShell Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Suspicious TSCON Start as SYSTEM
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
TacticalRMM Service Installation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Domain Query By Non-TeamViewer Application
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Remote Session
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Telegram API Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.t1102.002
·
Share on:
twitter
facebook
linkedin
copy
Telegram Bot API Request
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1102.002
·
Share on:
twitter
facebook
linkedin
copy
Testing Usage of Uncommonly Used Port
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Tor Client/Browser Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1090.003
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Network Connection Initiated By Certutil.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Malware C2 URL Pattern
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1204.002
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Malware Download URL Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Use of UltraVNC Remote Access Software
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Wannacry Killswitch Domain
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Wget Creating Files in Tmp Directory
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Windows PowerShell User Agent
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Windows WebDAV User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
to-top