open-menu
closeme
NetNTLM Downgrade Attack - Registry
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Rename Of Highly Relevant Binaries
calendar
Dec 3, 2024
·
attack.defense-evasion
attack.t1036.003
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
CMSTP UAC Bypass via COM Object Access
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
Msiexec Quiet Installation
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
Non-privileged Usage of Reg or Powershell
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Dec 1, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential UAC Bypass Via Sdclt.EXE
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious High IntegrityLevel Conhost Legacy Option
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation via Masqueraded XML File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.persistence
attack.t1036.005
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Dec 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.privilege-escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Abusing Winsat Path Parsing - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Tools Using ComputerDefaults
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using ChangePK and SLUI
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Consent and Comctl32 - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Disk Cleanup
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using DismHost
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IDiagnostic Profile
calendar
Dec 1, 2024
·
attack.execution
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using IEInstal - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using MSConfig Token Modification - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using NTFS Reparse Point - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using PkgMgr and DISM
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass Using Windows Media Player - Process
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass WSReset
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Setup16.EXE Execution With Custom .Lst File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1574.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ShellExec_RunDLL Call Via Ordinal
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of ShellExec_RunDLL
calendar
Dec 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
All Rules Have Been Deleted From The Windows Firewall Configuration
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
CodePage Modification Via MODE.COM To Russian Language
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
GCP Break-glass Container Workload Deployed
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1548
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution - Filter Added
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Pikabot Fake DLL Extension Execution Via Rundll32.EXE
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Hollowing Activity
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1055.012
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Self Extraction Directive File Created
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote CHM File Download/Execution Via HH.EXE
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed PingCastle Binary Execution
calendar
Dec 1, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Self Extraction Directive File Created In Potentially Suspicious Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
System Control Panel Item Loaded From Uncommon Location
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Windows Filtering Platform Blocked Connection From EDR Agent Binary
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Creation of WerFault.exe/Wer.dll in Unusual Folder
calendar
Nov 29, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
HackTool - GMER Rootkit Detector and Remover Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Impersonate Execution
calendar
Nov 25, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1134.001
attack.t1134.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LocalPotato Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
cve.2023-21746
·
Share on:
twitter
facebook
linkedin
copy
HackTool - PPID Spoofing SelectMyParent Tool Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1134.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpEvtMute DLL Load
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Stracciatella Execution
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1059
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - UACMe Akagi Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool Named File Stream Created
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL Load By Compromised 3CXDesktopApp
calendar
Nov 25, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MpiExec Lolbin
calendar
Nov 25, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SquiblyTwo Technique Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1047
attack.t1220
attack.execution
attack.t1059.005
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - NetSupport Execution From Unusual Location
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed AutoIt Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Renamed NetSupport RAT Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Renamed PAExec Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
WinDivert Driver Load
calendar
Nov 25, 2024
·
attack.collection
attack.defense-evasion
attack.t1599.001
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
ESXi Syslog Configuration Change Via ESXCLI
calendar
Nov 20, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1562.003
·
Share on:
twitter
facebook
linkedin
copy
Potential File Extension Spoofing Using Right-to-Left Override
calendar
Nov 18, 2024
·
attack.execution
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Cabinet File Expansion
calendar
Nov 17, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created by Outlook Process
calendar
Nov 4, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
.RDP File Created By Uncommon Application
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Binary Proxy Execution Via Dotnet-Trace.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Forfiles.EXE Child Process Masquerading
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EDRSilencer Execution
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
HackTool - EfsPotato Named Pipe Creation
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential Base64 Decoded From Images
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential PowerShell Execution Policy Tampering
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
PSScriptPolicyTest Creation By Uncommon Process
calendar
Nov 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Wordpad Outbound Connections
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.command-and-control
·
Share on:
twitter
facebook
linkedin
copy
System Information Discovery Using System_Profiler
calendar
Nov 1, 2024
·
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1497.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - PSClassic
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Tamper Windows Defender - ScriptBlockLogging
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Child Process Of Conhost.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Service Tampering
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Unusual File Download From File Sharing Websites - File Stream
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.s0139
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender Functionalities Via Registry Keys
calendar
Oct 8, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Python DLL SideLoading
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging/Processing Option Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
HTTP Logging Disabled On IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
New Module Module Added To IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Previously Installed IIS Module Was Removed
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Add Potential Suspicious New Download Source To Winget
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via IMEWDBLD.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSEDGE_PROXY.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Elevated System Shell Spawned From Uncommon Parent Location
calendar
Oct 1, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Execution of Suspicious File Type Extension
calendar
Oct 1, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - WinPwn Execution - ScriptBlock
calendar
Oct 1, 2024
·
attack.credential-access
attack.defense-evasion
attack.discovery
attack.execution
attack.privilege-escalation
attack.t1046
attack.t1082
attack.t1106
attack.t1518
attack.t1548.002
attack.t1552.001
attack.t1555
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Important Windows Eventlog Cleared
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1070.001
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Potential File Download Via MS-AppInstaller Protocol Handler
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Process Code Injection Via DD Utility
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1055.009
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Hollowing Activity
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055.012
·
Share on:
twitter
facebook
linkedin
copy
Process Proxy Execution Via Squirrel.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation Via PowerShell In Uncommon Target
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote XSL Execution Via Msxsl.EXE
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1220
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Path In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension In Keyboard Layout IME File Registry Value
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Exclusion Registry Key - Write Access Requested
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Defender Real-time Protection Disabled
calendar
Sep 22, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - DInjector PowerShell Cradle Execution
calendar
Sep 13, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets
calendar
Sep 9, 2024
·
attack.defense-evasion
attack.impact
attack.t1578
attack.t1578.003
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
IISReset Used to Stop IIS Services
calendar
Sep 9, 2024
·
attack.impact
attack.defense-evasion
attack.t1562
attack.t1562.001
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Potential CommandLine Obfuscation Using Unicode Characters From Suspicious Image
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Via Right-to-Left Override
calendar
Sep 6, 2024
·
attack.defense-evasion
attack.t1036.002
·
Share on:
twitter
facebook
linkedin
copy
Process Deletion of Its Own Executable
calendar
Sep 3, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dism Remove Online Package
calendar
Sep 3, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DLL Sideloading Indicators
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation - Registry
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CoercedPotato Named Pipe Creation
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32 - GuLoader Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Obfuscated PowerShell OneLiner Execution
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.execution
attack.t1059.001
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
OneNote.EXE Execution of Malicious Embedded Scripts
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1218.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 1
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 2
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 3
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion Activity Via Emoji Usage In CommandLine - 4
calendar
Sep 2, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Directory Creation Via NTFS INDEX_ALLOCATION Stream - CLI
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Child Process Of VsCode
calendar
Sep 2, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Office Document Executed From Trusted Location
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Renamed CURL.EXE Execution
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LNK Double Extension File Created
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1036.007
·
Share on:
twitter
facebook
linkedin
copy
A Rule Has Been Deleted From The Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Uncommon AppX Package Locations
calendar
Aug 29, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Uncommon New Firewall Rule Added In Windows Firewall Exception List
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Filter Driver Disallowed On Dev Drive - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Hiding User Account Via SpecialAccounts Registry Key
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1564.002
·
Share on:
twitter
facebook
linkedin
copy
Potential AMSI Bypass Via .NET Reflection
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Python Function Execution Security Warning Disabled In Excel - Registry
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering - ProcCreation
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sdiagnhost Calling Suspicious Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1036
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
COM Object Execution via Xwizard.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
New Capture Session Launched Via DXCap.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Using Coregen.exe
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
Program Executed Using Proxy/Local Command Via SSH.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Wermgr.EXE
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Sigverif.EXE Child Process
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Windows Binary Executed From WSL
calendar
Aug 29, 2024
·
attack.execution
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
Xwizard.EXE Execution From Non-Default Location
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote AppX Package Locations
calendar
Aug 23, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Driver Added To Disallowed Images In HVCI - Registry
calendar
Aug 21, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Hidden Flag Set On File/Directory Via Chflags - MacOS
calendar
Aug 21, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Execution From Potential Suspicious Location
calendar
Aug 16, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Powershell Token Obfuscation - Powershell
calendar
Aug 13, 2024
·
attack.defense-evasion
attack.t1027.009
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abusing Print Executable
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Account Created And Deleted Within A Close Time Frame
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
AD Object WriteDAC Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.001
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add Insecure Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add New Download Source To Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Add or Remove Computer from DC
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Add SafeBoot Keys Via Reg Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AddinUtil.EXE Execution From Uncommon Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
ADS Zone.Identifier Deleted By Uncommon Application
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
AgentExecutor PowerShell Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
AMSI Bypass Pattern Assembly GetType
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Loaded Via LOLBIN Process
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
APT PRIVATELOG Image Load Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT27 - Emissary Panda Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign File Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary DLL or Csproj Code Execution Via Dotnet.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSOHTMED.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via MSPUB.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via PresentationHost.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary MSI Download Via Devinit.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
AspNetCompiler Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Assembly Loading Via CL_LoadAssembly.ps1
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.privilege-escalation
attack.t1068
attack.defense-evasion
attack.t1211
attack.credential-access
attack.t1212
attack.lateral-movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Audit Policy Tampering Via NT Resource Kit Auditpol
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Auditing Configuration Changes on Linux Host
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.006
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
AWL Bypass with Winrm.vbs and Malicious WsmPty.xsl/WsmTxt.xsl - File
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1216
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS Config Disabling Channel/Recorder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS GuardDuty Important Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
AWS SecurityHub Findings Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory Hybrid Health AD FS New Server
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1578
·
Share on:
twitter
facebook
linkedin
copy
Azure Active Directory Hybrid Health AD FS Service Delete
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1578.003
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Rule Collection Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Events Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Firewall Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Owner Removed From Application or Service Principal
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Created
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Removed
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Backup Catalog Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoded PowerShell Command Detected
calendar
Aug 12, 2024
·
attack.t1027
attack.defense-evasion
attack.t1140
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - Linux
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Binary Padding - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Audit Log Configuration Updated
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Secret Scanning Rule Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global SSH Settings Changed
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.defense-evasion
attack.t1562.001
attack.t1021.004
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Project Secret Scanning Allowlist Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Secret Scanning Exempt Repository Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Secret Scanning Rule Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket User Login Failure
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.credential-access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Bitlocker Key Retrieval
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
BitLockerTogo.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From Direct IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download To Potential Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Downloading File Potential Suspicious Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job With Uncommon Or Suspicious Remote TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon TLD
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Blackbyte Ransomware Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Bpfdoor TCP Ports Redirect
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using DelegateExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using SilentCleanup Task
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via CMSTP
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via WSReset.exe
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.defense-evasion
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
C# IL Code Compilation Via Ilasm.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Removed by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Updated by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via Certutil.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Change the Fax Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
attack.persistence
attack.defense-evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Change User Account Associated with the FAX Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change Winevt Channel Access Permission Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Changes to Device Registration Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1484
·
Share on:
twitter
facebook
linkedin
copy
Chmod Suspicious Directory
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1222.002
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Clear Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Cisco Crypto Commands
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.t1553.004
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Cisco Disabling Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Cisco Duo Successful MFA Authentication Via Bypass Code
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Cisco File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070.004
attack.t1561.001
attack.t1561.002
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Clear Linux Logs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
Clearing Windows Console History
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
ClickOnce Trust Prompt Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
attack.execution
attack.t1559.001
attack.g0069
attack.g0080
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Process Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CMSTP Execution Registry Event
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.003
attack.g0069
car.2019-04-001
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Load by Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Pattern Regex
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Named Pipe Patterns
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
stp.1k
·
Share on:
twitter
facebook
linkedin
copy
Code Execution via Pcwutl.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Commands to Clear or Remove the Syslog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.002
·
Share on:
twitter
facebook
linkedin
copy
ComRAT Network Communication
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1071.001
attack.g0010
·
Share on:
twitter
facebook
linkedin
copy
Connection Proxy
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1090
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
ConvertTo-SecureString Cmdlet Usage Via CommandLine
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Created Files by Microsoft Sync Center
calendar
Aug 12, 2024
·
attack.t1055
attack.t1218
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
CreateDump Process Dump
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of a Suspicious ADS File Outside a Browser Download
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Csc.EXE Execution Form Potentially Suspicious Parent
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
attack.defense-evasion
attack.t1218.005
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Custom File Open Handler Executes PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Decode Base64 Encoded Text -MacOs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Deployment AppX Package Was Blocked By AppLocker
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Deployment Of The AppX Package Was Blocked By The Policy
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Detect Virtualbox Driver Installation OR Starting Of VMs
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.006
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
Detection of PowerShell Execution via Sqlps.exe
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1127
·
Share on:
twitter
facebook
linkedin
copy
Device Registration or Join Without MFA
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
DeviceCredentialDeployment Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Devtoolslauncher.exe Executes Specified Binary
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DHCP Callout DLL Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DHCP Server Error Failed Loading the CallOut DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DHCP Server Loaded the CallOut DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Diagnostic Library Sdiageng.DLL Loaded By Msdt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1202
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
Directory Removal Via Rmdir
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Administrative Share Creation at Startup
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.005
·
Share on:
twitter
facebook
linkedin
copy
Disable Exploit Guard Network Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Macro Runtime Scan Scope
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Microsoft Defender Firewall via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable of ETW Trace - Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1562.006
car.2016-04-002
·
Share on:
twitter
facebook
linkedin
copy
Disable Or Stop Services
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Powershell Command History
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070.003
·
Share on:
twitter
facebook
linkedin
copy
Disable Privacy Settings Experience in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable PUA Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Events Logging Adding Reg Key MiniNt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable System Firewall
calendar
Aug 12, 2024
·
attack.t1562.004
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Disable Tamper Protection on Windows Defender
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Defender AV Security Monitoring
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Event Logging Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Firewall by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows IIS HTTP Logging
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.002
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable-WindowsOptionalFeature Command PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled IE Security Features
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled Volume Snapshots
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabled Windows Defender Eventlog
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Disabling Security Tools - Builtin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Diskshadow Script Mode - Uncommon Script Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
Displaying Hidden Files Feature Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1564.001
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution via Rasautou.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Execution Via Register-cimprovider.exe
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
DLL Load By System Process From Suspicious Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded From Suspicious Location Via Cmspt.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.003
·
Share on:
twitter
facebook
linkedin
copy
DLL Loaded via CertOC.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading by VMware Xfer Utility
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Dllhost.EXE Execution Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1055
·
Share on:
twitter
facebook
linkedin
copy
DllUnregisterServer Function Call Via Msiexec.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
·
Share on:
twitter
facebook
linkedin
copy
DNS Query Request By Regsvr32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1559.001
attack.defense-evasion
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
DNS Server Error Failed Loading the ServerLevelPluginDLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Download from Suspicious Dyndns Hosts
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
attack.t1568
·
Share on:
twitter
facebook
linkedin
copy
Driver/DLL Installation Via Odbcconf.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.008
·
Share on:
twitter
facebook
linkedin
copy
Drop Binaries Into Spool Drivers Color Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
DumpMinitool Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
DumpStack.log Defender Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Dynamic .NET Compilation Via Csc.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Dynamic CSharp Compile Artefact
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1027.004
·
Share on:
twitter
facebook
linkedin
copy
Enable BPF Kprobes Tracing
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy