open-menu
closeme
Lummac Stealer Activity - Execution Of More.com And Vbc.exe
calendar
Dec 19, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential Secure Deletion with SDelete
calendar
Dec 14, 2024
·
attack.impact
attack.defense-evasion
attack.t1070.004
attack.t1027.005
attack.t1485
attack.t1553.002
attack.s0195
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack - Registry
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Rename Of Highly Relevant Binaries
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1036.003
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Msiexec Quiet Installation
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Non-privileged Usage of Reg or Powershell
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Dec 1, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation via Masqueraded XML File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.persistence
attack.t1036.005
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Dec 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Disk Cleanup
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using DismHost
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using PkgMgr and DISM
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass WSReset
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Setup16.EXE Execution With Custom .Lst File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ShellExec_RunDLL Call Via Ordinal
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of ShellExec_RunDLL
calendar
Dec 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
All Rules Have Been Deleted From The Windows Firewall Configuration
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
CodePage Modification Via MODE.COM To Russian Language
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
GCP Break-glass Container Workload Deployed
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution - Filter Added
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Pikabot Fake DLL Extension Execution Via Rundll32.EXE
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Hollowing Activity
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1055.012
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Self Extraction Directive File Created
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote CHM File Download/Execution Via HH.EXE
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Dec 1, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Self Extraction Directive File Created In Potentially Suspicious Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
System Control Panel Item Loaded From Uncommon Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Filtering Platform Blocked Connection From EDR Agent Binary
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Creation of WerFault.exe/Wer.dll in Unusual Folder
calendar
Nov 29, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - GMER Rootkit Detector and Remover Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
cve.2023-21746
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PPID Spoofing SelectMyParent Tool Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1134.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpEvtMute DLL Load
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool Named File Stream Created
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL Load By Compromised 3CXDesktopApp
calendar
Nov 25, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution From Unusual Location
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed NetSupport RAT Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
WinDivert Driver Load
calendar
Nov 25, 2024
·
attack.collection
attack.defense-evasion
attack.t1599.001
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
ESXi Syslog Configuration Change Via ESXCLI
calendar
Nov 20, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1562.003
·
Share on:
twitter
facebook
linkedin
copy
Potential File Extension Spoofing Using Right-to-Left Override
calendar
Nov 18, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 17, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created by Outlook Process
calendar
Nov 4, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created By Uncommon Application
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Forfiles.EXE Child Process Masquerading
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EfsPotato Named Pipe Creation
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Decoded From Images
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
PSScriptPolicyTest Creation By Uncommon Process
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using System_Profiler
calendar
Nov 1, 2024
·
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - PSClassic
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - ScriptBlockLogging
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Service Tampering
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender Functionalities Via Registry Keys
calendar
Oct 8, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Python DLL SideLoading
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging/Processing Option Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
HTTP Logging Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
New Module Module Added To IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Previously Installed IIS Module Was Removed
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Oct 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Process Code Injection Via DD Utility
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1055.009
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Registry Key - Write Access Requested
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-time Protection Disabled
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DInjector PowerShell Cradle Execution
calendar
Sep 13, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets
calendar
Sep 9, 2024
·
attack.defense-evasion
attack.impact
attack.t1578
attack.t1578.003
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
IISReset Used to Stop IIS Services
calendar
Sep 9, 2024
·
attack.impact
attack.defense-evasion
attack.t1562
attack.t1562.001
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Right-to-Left Override
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Process Deletion of Its Own Executable
calendar
Sep 3, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dism Remove Online Package
calendar
Sep 3, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DLL Sideloading Indicators
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation - Registry
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32 - GuLoader Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
OneNote.EXE Execution of Malicious Embedded Scripts
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 2
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 3
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream - CLI
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LNK Double Extension File Created
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
A Rule Has Been Deleted From The Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AppX Package Locations
calendar
Aug 29, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon New Firewall Rule Added In Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Filter Driver Disallowed On Dev Drive - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Via .NET Reflection
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering - ProcCreation
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
COM Object Execution via Xwizard.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
New Capture Session Launched Via DXCap.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Program Executed Using Proxy/Local Command Via SSH.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Sigverif.EXE Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Xwizard.EXE Execution From Non-Default Location
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote AppX Package Locations
calendar
Aug 23, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Driver Added To Disallowed Images In HVCI - Registry
calendar
Aug 21, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Hidden Flag Set On File/Directory Via Chflags - MacOS
calendar
Aug 21, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Aug 16, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Powershell
calendar
Aug 13, 2024
·
attack.defense-evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Account Created And Deleted Within A Close Time Frame
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
AD Object WriteDAC Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add or Remove Computer from DC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Add SafeBoot Keys Via Reg Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AddinUtil.EXE Execution From Uncommon Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
ADS Zone.Identifier Deleted By Uncommon Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
AMSI Bypass Pattern Assembly GetType
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Loaded Via LOLBIN Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
APT PRIVATELOG Image Load Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT27 - Emissary Panda Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign File Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AspNetCompiler Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Assembly Loading Via CL_LoadAssembly.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.privilege-escalation
attack.t1068
attack.defense-evasion
attack.t1211
attack.credential-access
attack.t1212
attack.lateral-movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via NT Resource Kit Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Auditing Configuration Changes on Linux Host
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Config Disabling Channel/Recorder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS GuardDuty Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS SecurityHub Findings Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory Hybrid Health AD FS New Server
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1578
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory Hybrid Health AD FS Service Delete
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1578.003
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Rule Collection Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Events Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Firewall Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Owner Removed From Application or Service Principal
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Created
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Removed
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Backup Catalog Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Aug 12, 2024
·
attack.t1027
attack.defense-evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Audit Log Configuration Updated
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Secret Scanning Rule Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global SSH Settings Changed
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.t1562.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Project Secret Scanning Allowlist Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Secret Scanning Exempt Repository Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Secret Scanning Rule Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Login Failure
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Bitlocker Key Retrieval
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
BitLockerTogo.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From Direct IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download To Potential Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Downloading File Potential Suspicious Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job With Uncommon Or Suspicious Remote TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon TLD
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Blackbyte Ransomware Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Bpfdoor TCP Ports Redirect
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via CMSTP
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via WSReset.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
C# IL Code Compilation Via Ilasm.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Removed by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Updated by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Change the Fax Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
attack.persistence
attack.defense-evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Change User Account Associated with the FAX Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change Winevt Channel Access Permission Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Changes to Device Registration Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484
·
Share on:
twitter
facebook
linkedin
copy
Chmod Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Clear Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Cisco Crypto Commands
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.t1553.004
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Cisco Disabling Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Cisco Duo Successful MFA Authentication Via Bypass Code
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Cisco File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070.004
attack.t1561.001
attack.t1561.002
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Clear Linux Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Clearing Windows Console History
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
ClickOnce Trust Prompt Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
attack.execution
attack.t1559.001
attack.g0069
attack.g0080
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Registry Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Pattern Regex
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Patterns
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
stp.1k
·
Share on:
twitter
facebook
linkedin
copy
Code Execution via Pcwutl.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Commands to Clear or Remove the Syslog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
ComRAT Network Communication
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.g0010
·
Share on:
twitter
facebook
linkedin
copy
Connection Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
CreateDump Process Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of a Suspicious ADS File Outside a Browser Download
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense-evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text -MacOs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Deployment AppX Package Was Blocked By AppLocker
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Deployment Of The AppX Package Was Blocked By The Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Detect Virtualbox Driver Installation OR Starting Of VMs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.006
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Detection of PowerShell Execution via Sqlps.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Device Registration or Join Without MFA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
DeviceCredentialDeployment Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Devtoolslauncher.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DHCP Callout DLL Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DHCP Server Error Failed Loading the CallOut DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DHCP Server Loaded the CallOut DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
Directory Removal Via Rmdir
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Administrative Share Creation at Startup
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Disable Exploit Guard Network Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Macro Runtime Scan Scope
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Microsoft Defender Firewall via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable of ETW Trace - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562.006
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Disable Or Stop Services
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Powershell Command History
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Disable Privacy Settings Experience in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable PUA Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Events Logging Adding Reg Key MiniNt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable System Firewall
calendar
Aug 12, 2024
·
attack.t1562.004
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Tamper Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender AV Security Monitoring
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Event Logging Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Firewall by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows IIS HTTP Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable-WindowsOptionalFeature Command PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled IE Security Features
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled Volume Snapshots
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled Windows Defender Eventlog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools - Builtin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Displaying Hidden Files Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution via Rasautou.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution Via Register-cimprovider.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
DLL Load By System Process From Suspicious Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded From Suspicious Location Via Cmspt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading by VMware Xfer Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Dllhost.EXE Execution Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
DllUnregisterServer Function Call Via Msiexec.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Request By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
DNS Server Error Failed Loading the ServerLevelPluginDLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Download from Suspicious Dyndns Hosts
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
attack.t1568
·
Share on:
twitter
facebook
linkedin
copy
Driver/DLL Installation Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Drop Binaries Into Spool Drivers Color Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpStack.log Defender Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dynamic .NET Compilation Via Csc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Dynamic CSharp Compile Artefact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Equation Group DLL_U Export Function Load
calendar
Aug 12, 2024
·
attack.g0020
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For rpcrt4.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For SCM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Sysmon Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Tamper In .NET Processes Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Trace Evasion Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562.006
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
EventLog EVTX File Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
EvilNum APT Golden Chickens Deployment Via OCX Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
EVTX Created In Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Exchange PowerShell Cmdlet History Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Code with Pester.bat as Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Execute Files with Msdeploy.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execute From Alternate Data Streams
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Execute MSDT Via Answer File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execute Pcwrun.EXE To Leverage Follina
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Execution DLL of Choice Using WAB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution Of Non-Existing File
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Execution via stordiag.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Execution via WorkFolders.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2015-1641
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
cve.2015-1641
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Explorer NOUACCHECK Flag
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Explorer Process Tree Break
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Exports Registry Key To an Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Failed Code Integrity Checks
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Fax Service DLL Search Order Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
File Creation Date Changed to Another Year
calendar
Aug 12, 2024
·
attack.t1070.006
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
File Decoded From Base64/Hex Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File Deleted Via Sysinternals SDelete
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Deletion Via Del
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
File Download Using ProtocolHandler.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To A Suspicious Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To An Uncommon Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via InstallUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Nscurl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File In Suspicious Location Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
File or Folder Permissions Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
File Time Attribute Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
File Time Attribute Change - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
File With Suspicious Extension Downloaded Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Files With System DLL Name In Unsuspected Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Files With System Process Name In Unsuspected Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Filter Driver Unloaded Via Fltmc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Findstr Launching .lnk File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1202
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Fireball Archer Install
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Firewall Disabled via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Deleted Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Firewall Rule Update Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Flash Player Update from Suspicious Location
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1189
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Flush Iptables Ufw Chain
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Folder Removed From Exploit Guard ProtectedFolders List - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - File Creation Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - JavaScript Constrained File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Process Creation Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Suspicious Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Function Call From Undocumented COM Interface EditionUpgradeManager
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Gatekeeper Bypass via Xattr
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.001
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Push Protection Bypass Detected
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Github Push Protection Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Github Secret Scanning Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor IOC
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Firewall Modified or Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Gpscript Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Greedy File Deletion Using Del
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Guest User Invited By Non Approved Inviters
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CACTUSTORCH Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1055.012
attack.t1059.005
attack.t1059.007
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike BOF Injection Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CobaltStrike Malleable Profile Patterns - Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Covenant PowerShell Launcher
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1564.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec PowerShell Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire PowerShell UAC Bypass
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Empire UserAgent URI Combo
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - F-Secure C3 Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz Duplicating LSASS Handle
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Potential CobaltStrike Process Injection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PowerTool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Powerup Write Hijack DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - RedMimicry Winnti Playbook Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1106
attack.t1059.003
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpDPAPI Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpEvtMute Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpImpersonation Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SysmonEnte Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Wmiexec Default Powershell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
HackTool - XORDump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden Executable In NTFS Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Hidden Files and Directories
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Hidden User Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Hide Schedule Task Via Index Value Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Hiding Files with Attrib.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
HTTP Request With Empty User Agent
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Hypervisor Enforced Code Integrity Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hypervisor Enforced Paging Translation Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
IE ZoneMap Setting Downgraded To MyComputer Zone For HTTP Protocols Via CLI
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Ie4uinit Lolbin Use From Invalid Path
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
IIS WebServer Access Logs Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
ImagingDevices Unusual Parent/Child Processes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Import LDAP Data Interchange Format File Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1218
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Event Auditing Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Service Terminated Unexpectedly
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Service Terminated With Error
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Imports Registry Key From a File
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Imports Registry Key From an ADS
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Increased Failed Authentications Of Any Type
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Indicator Removal on Host - Clear Mac System Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution By Program Compatibility Wizard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Indirect Command Execution From Script File Via Bash.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Indirect Inline Command Execution Via Bash.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
InfDefaultInstall.exe .inf Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Insensitive Subfolder Search Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Install New Package Via Winget Local Manifest
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Install Root Certificate
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Interactive Bash Suspicious Children
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.004
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer DisableFirstRunCustomize Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation CLIP+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation COMPRESS OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Obfuscated IEX Invocation - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation RUNDLL LAUNCHER - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation STDIN+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR+ Launcher - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Stdin - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Clip - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use MSHTA - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Invoke-Obfuscation Via Use Rundll32 - System
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
JScript Compiler Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Configuration Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Execution Via RunDLL32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Loaded Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Kavremover Dropped Binary LOLBIN Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Kernel Memory Dump Via LiveKD
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Launch-VsDevShell.PS1 Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216.001
·
Share on:
twitter
facebook
linkedin
copy
Lazarus System Binary Masquerading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Archive
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Legitimate Application Dropped Script
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Pipe to Shell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Base64 Encoded Shebang In CLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Linux Command History Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Linux Package Uninstall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Linux Shell Pipe to Shell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Driver Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
LiveKD Kernel Memory Dump File Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Logging Configuration Changes on Linux Host
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
LOL-Binary Copied From System Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
LOLBIN Execution From Abnormal Drive
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Runexehelper Use As Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Lolbin Unregmp2.exe Use As Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
LSA PPL Protection Disabled Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.010
·
Share on:
twitter
facebook
linkedin
copy
Macro Enabled In A Potentially Suspicious Document
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious Named Pipe Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Malicious PE Execution by Microsoft Visual Studio Debugger
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Malicious Usage Of IMDS Credentials Outside Of AWS Infrastructure
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078
attack.t1078.002
·
Share on:
twitter
facebook
linkedin
copy
Malicious Windows Script Components File Execution by TAEF Detection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Malware Shellcode in Verclsid Target Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
ManageEngine Endpoint Central Dctask64.EXE Potential Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Masquerading as Linux Crond Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Mavinject Inject DLL Into Running Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
MaxMpxCt Registry Value Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Measurable Increase Of Successful Authentications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Defender Blocked from Loading Unsigned DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Defender Tamper Protection Trigger
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Malware Protection Engine Crash
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1211
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Malware Protection Engine Crash - WER
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1211
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office Protected View Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Sync Center Suspicious Network Connections
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Modification of IE Registry Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Modification of ld.so.preload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify Group Policy Settings - ScriptBlockLogging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484.001
·
Share on:
twitter
facebook
linkedin
copy
Modify System Firewall
calendar
Aug 12, 2024
·
attack.t1562.004
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Monitoring For Persistence Via BITS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
MSHTA Suspicious Execution 01
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1218.005
attack.execution
attack.t1059.007
cve.2020-1599
·
Share on:
twitter
facebook
linkedin
copy
Mshtml.DLL RunHTMLApplication Suspicious Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
MSI Installation From Web
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
MsiExec Web Install
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Disable Audit Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Msxsl.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
NET NGenAssemblyUsageLog Registry Key Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Netsh Allow Group Policy on Microsoft Defender Firewall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By AddinUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated Via Notepad.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom DB Path Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom VBScript Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom WMI Query Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New CA Policy by Non-approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
New DLL Registered Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed Via Dnscmd.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New File Association Using Exefile
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added In Windows Firewall Exception List For Potential Suspicious Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added In Windows Firewall Exception List Via WmiPrvSE.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
New Firewall Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
attack.s0246
·
Share on:
twitter
facebook
linkedin
copy
New or Renamed User Account with '$' Character
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
New Port Forwarding Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
New PortProxy Registry Entry Added
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
New Process Created Via Taskmgr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Installed Via CertMgr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Installed Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Node Process Executions
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
NotPetya Ransomware Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.t1070.001
attack.credential-access
attack.t1003.001
car.2016-04-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Nslookup PowerShell Download Cradle - ProcessCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
NtdllPipe Like Activity Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
NTFS Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
NTLMv1 Logon Between Client and Server
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1550.002
·
Share on:
twitter
facebook
linkedin
copy
OceanLotus Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Odbcconf.EXE Suspicious DLL Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Office Application Initiated Network Connection Over Uncommon Ports
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
Office Macros Warning Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta MFA Reset or Deactivated
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.defense-evasion
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
Okta User Session Start Via An Anonymising Proxy Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
Old TLS1.0/TLS1.1 Protocol Version Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
OneNote Attachment File Dropped In Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - HTTPPROXY Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.defense-evasion
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
OpenWith.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Cmstp.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection To Public IP Via Winlogon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.command-and-control
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Outgoing Logon with New Credentials
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1550
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Email Attachment)
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.t1027
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Payload Decoded and Decrypted via Built-in Utilities
calendar
Aug 12, 2024
·
attack.t1059
attack.t1204
attack.execution
attack.t1140
attack.defense-evasion
attack.s0482
attack.s0402
·
Share on:
twitter
facebook
linkedin
copy
PDF File Created By RegEdit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Ping Hex IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Access Token Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1134.001
stp.4u
·
Share on:
twitter
facebook
linkedin
copy
Potential Adplus.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Script Using NULL Bits
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Using NULL Bits
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI COM Server Hijacking
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Antivirus Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Application Whitelisting Bypass via Dnx.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Potential appverifUI.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential APT-C-12 BlueMushroom DLL Load Activity Via Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Code Execution Via Node.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Using Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary Command Execution Via FTP.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary DLL Load Using Winword
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Using Office Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Arbitrary File Download Via Cmdl32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Associations Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Attachment Manager Settings Attachments Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential AutoLogger Sessions Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential AVKkid.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Azure Browser SSO Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Impersonating Sysinternals Tools
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via Cdb.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1106
attack.defense-evasion
attack.t1218
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Proxy Execution Via VSDiagnostics.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.defense-evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Chrome Frame Helper DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Load
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Command Line Path Traversal Evasion Attempt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Commandline Obfuscation Using Escape Characters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Update Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Dropped File
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
cve.2024-3400
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Binary Rename
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Raw Disk Access By Uncommon Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1006
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Malware Reconnaissance
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Related Indicator
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Injection Or Execution Using Tracker.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055.001
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGCORE.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGHELP.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DbgModel.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of KeyScramblerIE.DLL Via KeyScrambler.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Libcurl.DLL Via GUP.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of MpSvc.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of MsCorSvc.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via DeviceEnroller.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via VMware Xfer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Dridex Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.discovery
attack.t1135
attack.t1033
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EACore.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Edputil.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EmpireMonkey Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encoded PowerShell Patterns In CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential EventLog File Location Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Fake Instance Of Hxtsr.EXE Executed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Goofy Guineapig GoolgeUpdate Process Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Goopdate.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Homoglyph Attack Using Lookalike Characters in Filename
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Execution Using Reflection.Assembly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
Potential Initial Access via DLL Search Order Hijacking
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.001
attack.initial-access
attack.t1574
attack.t1574.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Iviewers.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Kapeka Decrypted Backdoor Indicator
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Ke3chang/TidePool Malware Activity
calendar
Aug 12, 2024
·
attack.g0004
attack.defense-evasion
attack.t1562.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential LethalHTA Technique Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Libvlc.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential LSASS Process Dump Via Procdump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.credential-access
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious AppX Package Installation Attempts
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Manage-bde.wsf Abuse To Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potential Memory Dumping Activity Via LiveKD
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Mfdetours.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mftrace.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading Via Defender Binaries
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Mpclient.DLL Sideloading Via OfflineScannerShell.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential MsiExec Masquerading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Potential MuddyWater APT Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential NetWire RAT Activity - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential NTLM Coercion Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Obfuscated Ordinal Call Via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Password Spraying Attempt Using Dsacls.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential PendingFileRenameOperations Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Custom Protocol Handler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Event Viewer Events.asp
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.defense-evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential PlugX Activity
calendar
Aug 12, 2024
·
attack.s0013
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Command Line Obfuscation
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Via DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Alias Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Using Character Join
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1027
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via Reversed Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Obfuscation Via WCHAR
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privileged System Service Operation - SeLoadDriverPrivilege
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Execution Proxy Via CL_Invocation.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Injection Via Msra.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Provisioning Registry Key Abuse For Binary Proxy Execution - REG
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Provlaunch.EXE Binary Proxy Execution Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.persistence
attack.t1542.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Aclui Dll SideLoading
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin CPL Execution Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Registry Set Internet Settings ZoneMap
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Rcdll.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential ReflectDebugger Content Execution Via WerFault.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential Register_App.Vbs LOLScript Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Regsvr32 Commandline Flag Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RemoteFXvGPUDisablement.EXE Abuse - PowerShell ScriptBlock
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RjvPlatform.DLL Sideloading From Non-Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential RoboForm.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Rundll32 Execution With DLL Stored In ADS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Script Proxy Execution Via CL_Mutexverifiers.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Functionality Abuse
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential ShellDispatch.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Signing Bypass Via Windows Developer Features - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential SmadHook.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential SolidPDFCreator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.defense-evasion
attack.credential-access
attack.privilege-escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious BPF Activity - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Mofcomp Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Registry File Imported Via Reg.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Windows Feature Enabled
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Windows Feature Enabled - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Winget Package Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential SysInternals ProcDump Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Tampering With RDP Related Registry Keys Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Tampering With Security Products Via WMIC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Vivaldi_elf.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Waveedit.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Wazuh Security Platform DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential WerFault ReflectDebugger Registry Value Abuse
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Winnti Dropper Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential WWlib.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Over Permissive Permissions Granted Using Dsacls.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ASP.NET Compilation Via AspNetCompiler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Call To Win32_NTEventlogFile Class
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Call To Win32_NTEventlogFile Class - PSScript
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of ClickOnce Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of DiskShadow.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process of KeyScrambler.exe
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1203
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious CMD Shell Output Redirect
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious DLL Registered Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious DMP/HDMP File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Event Viewer Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Parent Process In Public Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1564
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution From Tmp Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Execution Of Regasm/Regsvcs With Uncommon Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious File Download From ZIP TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious GoogleUpdate Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Ping/Copy Command Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Regsvr32 HTTP IP Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Regsvr32 HTTP/FTP Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Rundll32 Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Windows App Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Wuauclt Network Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded FromBase64String Cmdlet
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Invoke Keyword
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Powershell Base64 Encoded MpPreference Cmdlet
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded Reflective Assembly Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
attack.t1620
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Base64 Encoded WMI Classes
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Called from an Executable Version Mismatch
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Console History Logs Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Core DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Decompress Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Powershell Defender Disable Scan Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Defender Exclusion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Deleted Mounted Share
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Powershell Detect Virtualization Environment
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Downgrade Attack - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Executed From Headless ConHost Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1059.001
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Logging Disabled Via Registry Key Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Change Permission Via Set-Acl
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Change Permission Via Set-Acl - PsScript
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Set-Acl On Windows Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Set-Acl On Windows Folder - PsScript
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ShellCode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Store File In Alternate Data Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Powershell Timestomp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
PowerShell WMI Win32_Product Install MSI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Write-EventLog Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Prefetch File Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
PrintBrm ZIP Creation of Extraction
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Procdump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Process Access via TrolleyExpress Exclusion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.credential-access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Process Creation Using Sysnative Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Process Execution From A Potentially Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Process Launched Without Image Name
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Comsvcs.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1036
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Dotnet-Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Proxy Execution Via Wuauclt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Ps.exe Renamed SysInternals Tool
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.g0035
attack.t1036.003
car.2013-05-009
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1564.003
attack.t1134.002
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - AdvancedRun Suspicious Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1134.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - CleanWipe Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - DefenderCheck Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.005
·
Share on:
twitter
facebook
linkedin
copy
PUA - Potential PE Metadata Tamper Using Rcedit
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
attack.t1036
attack.t1027.005
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Publisher Attachment File Dropped In Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Pubprn.vbs Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216.001
·
Share on:
twitter
facebook
linkedin
copy
Python Image Load By Non-Python Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.002
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Regsvr32 Calc Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Exports Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Fake DLL Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raccine Uninstall
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Rare Remote Thread Creation By Uncommon Source Image
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Raw Paste Service Access
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.t1102.001
attack.t1102.003
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
RDP Connection Allowed Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
RDP over Reverse SSH Tunnel WFP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.lateral-movement
attack.t1090.001
attack.t1090.002
attack.t1021.001
car.2013-07-002
·
Share on:
twitter
facebook
linkedin
copy
RDP Port Forwarding Rule Added Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.command-and-control
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed to Zero
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RedMimicry Winnti Playbook Registry Manipulation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Reg Add Suspicious Paths
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RegAsm.EXE Initiating Network Connection To Public IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.009
·
Share on:
twitter
facebook
linkedin
copy
REGISTER_APP.VBS Proxy Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Registry Explorer Policy Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Hide Function from User
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification Via Regini.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Service in Safe Mode
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 DLL Execution With Suspicious File Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 DLL Execution With Uncommon Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 Execution From Highly Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Regsvr32 Execution From Potential Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - RURAT Execution From Unusual Location
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Remote Code Execute via Winrm.vbs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Created In Shell Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation By Uncommon Source Image
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Uncommon Target Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Ttdinject.exe Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
RemoteFXvGPUDisablement Abuse Via AtomicTestHarnesses
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remotely Hosted HTA File Executed Via Mshta.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Removal Of AMSI Provider Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Removal Of Index Value to Hide Schedule Task - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Removal of Potential COM Hijacking Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Removal Of SD Value to Hide Schedule Task - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Remove Exported Mailbox from Exchange Webserver
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Remove Immutable File Attribute
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Remove Immutable File Attribute - Auditd
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Remove Scheduled Cron Task/Job
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoHotkey.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed BOINC Client Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Renamed CreateDump Utility Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed FTP.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed Jusched.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed Mavinject.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.001
attack.t1218.013
·
Share on:
twitter
facebook
linkedin
copy
Renamed MegaSync Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Renamed Microsoft Teams Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed Msdt.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed NirCmd.EXE Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Renamed Office Binary Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed Plink Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Renamed ProcDump Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Renamed Remote Utilities RAT (RURAT) Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.collection
attack.command-and-control
attack.discovery
attack.s0592
·
Share on:
twitter
facebook
linkedin
copy
Renamed Vmnat.exe Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Renamed ZOHO Dctask64 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1055.001
attack.t1202
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Response File Execution Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Restricted Software Access By SRP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1072
·
Share on:
twitter
facebook
linkedin
copy
Rhadamanthys Stealer Module Launch Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Root Certificate Installed - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Root Certificate Installed From Susp Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Run Once Task Configuration in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Run Once Task Execution as Configured in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from ADS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Run PowerShell Script from Redirected Input Stream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution With Uncommon DLL Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without CommandLine Parameters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 InstallScreenSaver Execution
calendar
Aug 12, 2024
·
attack.t1218.011
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Internet Connection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Spawned Via Explorer.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
RunDLL32 Spawning Explorer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 UNC Path Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1021.002
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
SafeBoot Registry Key Deleted Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
SCR File Write Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect - SlashAndGrab Exploitation Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect User Database Modification - Security
calendar
Aug 12, 2024
·
attack.defense-evasion
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
ScreenSaver Registry Key Set
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Scripted Diagnostics Turn Off Check Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Scripting/CommandLine Process Spawned Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Security Eventlog Cleared
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Security Service Disabled Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Self Extracting Package Creation Via Iexpress.EXE From Potentially Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Server Side Template Injection Strings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1221
·
Share on:
twitter
facebook
linkedin
copy
Service Binary in Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Service DACL Abuse To Hide Services Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Deleted Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service StartupType Change Via PowerShell Set-Service
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Service StartupType Change Via Sc.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
SES Identity Has Been Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Set Suspicious Files as System Files Using Attrib.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Open Registry Keys Manipulation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Shell32 DLL Execution in Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
ShimCache Flush
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sign-ins by Unknown Devices
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Sign-ins from Non-Compliant Devices
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware File Indicator Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Space After Filename - macOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.006
·
Share on:
twitter
facebook
linkedin
copy
SQL Client Tools PowerShell Session Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Start of NT Virtual DOS Machine
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Steganography Extract Files with Steghide
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Steganography Hide Files with Steghide
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Steganography Hide Zip Information in Picture File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Steganography Unzip Hidden Information From Picture File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.003
·
Share on:
twitter
facebook
linkedin
copy
Suspect Svchost Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Advpack Call Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Application Allowed Through Exploit Guard
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AppX Package Installation Attempt
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious AppX Package Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cabinet File Execution Via Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calculator Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process of AspNetCompiler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious CodePage Switch Via CHCP
calendar
Aug 12, 2024
·
attack.t1036
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 12, 2024
·
cve.2021-42287
detection.emerging-threats
attack.defense-evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Control Panel DLL Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Copy From or To System Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Creation with Colorcpl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Csi.exe Usage
calendar
Aug 12, 2024
·
attack.execution
attack.t1072
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious CustomShellHost Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Diantz Alternate Data Stream Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Digital Signature Of AppX Package
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DotNET CLR Usage Log Artifact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Double Extension Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From Direct IP Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Driver/DLL Installation Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded And Obfuscated Reflection Assembly Load Function Call
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.001
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Environment Variable Has Been Registered
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Eventlog Clear
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Eventlog Clearing or Configuration Change Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.001
attack.t1562.002
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Executable File Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of InstallUtil Without Log
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.002
attack.initial-access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Extrac32 Alternate Data Stream Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Created Via OneNote Application
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation In Uncommon AppData Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From Direct IP Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Encoded To Base64 Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Files in Default GPO Folder
calendar
Aug 12, 2024
·
attack.t1036.005
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-Variable.exe Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GUP Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hyper-V Cmdlets
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.006
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS URL GlobalRules Rewrite Via AppCmd
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Forwarding Identity Protection
calendar
Aug 12, 2024
·
attack.t1140
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Manipulation Rules
calendar
Aug 12, 2024
·
attack.t1140
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-Item From Mount-DiskImage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IO.FileStream
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious JavaScript Execution Via Mshta.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Mount-DiskImage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Msbuild Execution By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSDT Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSHTA Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.005
car.2013-02-003
car.2013-03-001
car.2014-04-003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MsiExec Embedding Parent
calendar
Aug 12, 2024
·
attack.t1218.007
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Msiexec Execute Arbitrary DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Msiexec Quiet Install From Remote Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection Binary No CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Obfuscated PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Package Installed - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Parent Double Extension File Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Ping/Del Command Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powercfg Execution To Change Lock Screen Timeout
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Invocations - Specific - ProcessCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell WindowStyle Option
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Masquerading As SvcHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Parents
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Start Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PROCEXP152.sys File Created In TMP
calendar
Aug 12, 2024
·
attack.t1562.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Program Location Whitelisted In Firewall Via Netsh.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Provlaunch.EXE Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RASdial Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Recursive Takeown
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Modification From ADS Via Regini.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Regsvr32 Execution From Remote Share
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Renamed Comsvcs DLL Loaded By Rundll32
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Response File Execution Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Activity Invoking Sys File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Execution With Image Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Invoking Inline VBScript
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rundll32 Setupapi.dll Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Runscripthelper.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Binary Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installed
calendar
Aug 12, 2024
·
attack.t1562.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Set Value of MSDT in Registry (CVE-2022-30190)
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1221
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SignIns From A Non Registered Device
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Splwow64 Without Params
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Start-Process PassThru
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Svchost Process Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unblock-File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unsigned Thor Scanner Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Userinit Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBoxDrvInst.exe Parameters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy VSS_PS.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vssapi.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vsstrace.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Vsls-Agent Command With AgentExtensionPath Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Defender Folder Exclusion Added Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Defender Registry Key Tampering Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Trace ETW Session Tamper Via Logman.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1070.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Update Agent Empty Cmdline
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMIC Execution Via Office Process
calendar
Aug 12, 2024
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Workstation Locking via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious X509Enrollment - Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious X509Enrollment - Ps Script
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1553.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious XOR Encoded PowerShell Command
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1140
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ZipExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Bypass Powershell Restriction - PS Module
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Execute Arbitrary PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer Execution to Bypass Powershell Restriction
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
SyncAppvPublishingServer VBS Execute Arbitrary PowerShell Code
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsSuspend Suspicious Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals Tools AppX Versions Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Application Crashed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Blocked Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Blocked File Shredding
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Channel Reference Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Change
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Error
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Configuration Update
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Driver Altitude Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Driver Unloaded Via Fltmc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Sysmon File Executable Creation Detected
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
System File Execution Location Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Via Sysctl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1497.001
attack.discovery
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender Remove-MpPreference
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender Remove-MpPreference - ScriptBlockLogging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper With Sophos AV Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Taskkill Symantec Endpoint Protection
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Taskmgr as LOCAL_SYSTEM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Tasks Folder Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.execution
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
TeamViewer Log File Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Telegram API Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.t1102.002
·
Share on:
twitter
facebook
linkedin
copy
Terminal Server Client Connection History Cleared - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
The Windows Defender Firewall Service Failed To Load Group Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Third Party Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage - Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Tomcat WebServer Logs Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
Touch Suspicious Service File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Default LockFile
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Default Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Execve Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Install Commands
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1014
·
Share on:
twitter
facebook
linkedin
copy
Troubleshooting Pack Cmdlet Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Trust Access Disable For VBApplications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
TrustedPath UAC Bypass Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using .NET Code Profiler on MMC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Event Viewer RecentViews
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using EventVwr
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile - File
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Iscsicpl - ImageLoad
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using WOW64 Logger DLL Hijack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Event Viewer
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via ICMLuaUtil
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass via Sdclt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Via Wsreset
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass With Fake DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Notification Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Secure Desktop Prompt Disabled
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - FileCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - ProcessCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
Ufw Force Stop Using Ufw-Init
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Unauthorized System Time Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.006
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Barracuda ESG Exploitation Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Compressed Files From Temp.sh Using Wget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Tar File From Untrusted Direct IP Via Wget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Email Exfiltration File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - SSL Certificate Exfiltration Via Openssl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Assistive Technology Applications Execution Via AtBroker.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AddinUtil.EXE CommandLine Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of AddinUtil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Appvlp.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of BgInfo.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Defaultpack.EXE
calendar
Aug 12, 2024
·
attack.t1218
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Setres.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Spawned By Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Uncommon File Creation By Mysql Daemon Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon FileSystem Load Attempt By Format.com
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Link.EXE Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Microsoft Office Trusted Location Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Process Access Rights For Target Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Svchost Parent Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Uninstall Crowdstrike Falcon Sensor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uninstall Sysinternals Sysmon
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Unmount Share Via Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage - PsScript
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Binary Loaded From Suspicious Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Unsigned DLL Loaded by Windows Utility
calendar
Aug 12, 2024
·
attack.t1218.011
attack.t1218.010
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Mfdetours.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download from Direct IP Address
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use Icacls to Hide File to Everyone
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
Use NTFS Short Name in Command Line
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use NTFS Short Name in Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use Of Hidden Paths Or Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Use of Remote.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use of Scriptrunner.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use Of The SFTP.EXE Binary As A LOLBIN
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of TTDInject.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use of VisualUiaVerifyNative.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Use of VSIISExeLauncher.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use of Wfc.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Use Short Name Path in Command Line
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Use Short Name Path in Image
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
User Added To Group With CA Policy Modification Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
User Added To Privilege Role
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
User Removed From Group With CA Policy Modification Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Users Added to Global or Device Admin Roles
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Using SettingSyncHost.exe as LOLBin
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1574.008
·
Share on:
twitter
facebook
linkedin
copy
UtilityFunctions.ps1 Proxy Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Verclsid.exe Runs COM Object
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Basic Command Line Compiler Usage
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Arbitrary Binary Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Visual Studio NodejsTools PressAnyKey Renamed Execution
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
VMGuestLib DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Wab Execution From Non Default Location
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Wab/Wabmig Unusual Parent Or Child Processes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
WannaCry Ransomware Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
attack.discovery
attack.t1083
attack.defense-evasion
attack.t1222.001
attack.impact
attack.t1486
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Wdigest CredGuard Registry Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Wdigest Enable UseLogonCredential
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Weak Encryption Enabled and Kerberoast
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Weak or Abused Passwords In CLI
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Win Defender Restored Quarantine File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Binaries Write Suspicious Extensions
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Configuration Changes
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Definition Files Removed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion List Modified
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusions Added - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exploit Guard Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Firewall Has Been Reset To Its Default Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Grace Period Expired
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Malware And PUA Scanning Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Malware Detection History Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-Time Protection Failure/Restart
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Service Disabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Submit Sample Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Threat Detection Service Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Virus Scanning Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Event Auditing Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Disabled via PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Profile Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Firewall Settings Have Been Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Windows Kernel Debugger Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Windows PowerShell User Agent
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Processes Suspicious Parent Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.003
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Service Terminated With Error
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Windows Shell/Scripting Processes Spawning Suspicious Programs
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1059.005
attack.t1059.001
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Winget Admin Settings Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Winlogon AllowMultipleTSSessions Enable
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Winnti Malware HK University Campaign
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0044
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Winnti Pipemon Characteristics
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0044
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Wlrmdr.EXE Uncommon Argument Or Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
WMIC Loading Scripting Libraries
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Write Protect For Storage Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Writing Of Malicious Files To The Fonts Folder
calendar
Aug 12, 2024
·
attack.t1211
attack.t1059
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
WSL Child Process Anomaly
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
XBAP Execution From Uncommon Locations Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
XSL Script Execution Via WMIC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
ZxShell Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.defense-evasion
attack.t1218.011
attack.s0412
attack.g0001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CMSTP installation of malicious code
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Dumpbin LOLBin use for proxying execution via link.exe
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
MSTeams exe side-loading - Update.exe
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
Wermgr.exe spawning without command line arguments
calendar
Aug 10, 2024
·
attack.Defense Evasion
attack.T1218
·
Share on:
twitter
facebook
linkedin
copy
to-top