open-menu
closeme
Network Connection Initiated To DevTunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Visual Studio Code Tunnels Domain
calendar
Oct 1, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To BTunnels Domains
calendar
Sep 13, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Csvde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.discovery
attack.t1087.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Structure Export Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
APT40 Dropbox Tool User Agent
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via ConfigSecurityPolicy.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Master Password Change
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Data Management Tampering
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS Snapshot Backup Exfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Cisco Stage Data
calendar
Aug 12, 2024
·
attack.collection
attack.lateral-movement
attack.command-and-control
attack.exfiltration
attack.t1074
attack.t1105
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Communication To Ngrok Tunneling Service Initiated
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567
attack.t1568.002
attack.t1572
attack.t1090
attack.t1102
attack.s0508
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Creation Via Tar.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Compressed File Extraction Via Tar.EXE
calendar
Aug 12, 2024
·
attack.collection
attack.exfiltration
attack.t1560
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Copy From Or To Admin Share Or Sysvol Folder
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.exfiltration
attack.t1039
attack.t1048
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Data Compressed
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Data Exfiltration to Unsanctioned Apps
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Data Exfiltration with Wget
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Disk Image Creation Via Hdiutil - MacOS
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
DNS Exfiltration and Tunneling Tools Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.001
attack.command-and-control
attack.t1071.004
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Anonfiles.com Domain - DNS Client
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Anonfiles.com Domain - Sysmon
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To MEGA Hosting Website
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To MEGA Hosting Website - DNS Client
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Ufile.io
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS Query To Ufile.io - DNS Client
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
DNS TOR Proxies
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Email Exifiltration Via Powershell
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Exports Critical Registry Keys To a File
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
Exports Registry Key To a File
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1012
·
Share on:
twitter
facebook
linkedin
copy
LOLBAS Data Exfiltration by DataSvcUtil.exe
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
Network Communication Initiated To Portmap.IO Domain
calendar
Aug 12, 2024
·
attack.t1041
attack.command-and-control
attack.t1090.002
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Cloudflared Tunnels Domains
calendar
Aug 12, 2024
·
attack.exfiltration
attack.command-and-control
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated To Mega.nz
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - FTP Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.exfiltration
attack.t1190
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - TFTP Request
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1041
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-23397 Exploitation Attempt - SMB
calendar
Aug 12, 2024
·
attack.exfiltration
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Via Audio File
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Powershell DNSExfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Powershell Exfiltration Over SMTP
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell ICMP Exfiltration
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script With File Hostname Resolving Capabilities
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script With File Upload Capabilities
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
Process Initiated Network Connection To Ngrok Domain
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - Rclone Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Rclone Activity via Proxy
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Rclone Config File Creation
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Restore Public AWS RDS Instance
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
Split A File Into Pieces
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1030
·
Share on:
twitter
facebook
linkedin
copy
Split A File Into Pieces - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1030
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl File Upload - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Query with B64 Encoded String
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Inbox Forwarding
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
Suspicious OAuth App File Download Activities
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outbound SMTP Connections
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Mailbox Export to Share
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Mailbox Export to Share - PS
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PowerShell Mailbox SMTP Forward Rule
calendar
Aug 12, 2024
·
attack.exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Redirection to Local Admin Share
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SQL Query
calendar
Aug 12, 2024
·
attack.exfiltration
attack.initial-access
attack.privilege-escalation
attack.t1190
attack.t1505.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WebDav Client Execution Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
cve.2023-23397
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Strings In URI
calendar
Aug 12, 2024
·
attack.persistence
attack.exfiltration
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation - Security
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Tap Installer Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
WebDav Client Execution Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
WebDav Put Request
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Data Exfiltration via AWS CLI
calendar
Apr 29, 2024
·
attack.exfiltration
attack.t1567.002
dist.public
·
Share on:
twitter
facebook
linkedin
copy
DNS Query for Ufile.io Upload Domain
calendar
Feb 23, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Rclone SMB Share Exfiltration
calendar
Feb 23, 2024
·
attack.exfiltration
attack.t1567.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious BlackCat-Related Exfiltration Command
calendar
Sep 1, 2023
·
attack.exfiltration
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Download Userdata
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1020
·
Share on:
twitter
facebook
linkedin
copy
High DNS Bytes Out
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
High DNS Bytes Out - Firewall
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
High DNS Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High DNS Requests Rate - Firewall
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High NULL Records Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High TXT Records Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Large domain name request
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
Possible DNS Tunneling
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1071.004
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Exfiltration of Compressed Files
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1560.001
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Tap Driver Installation
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048
·
Share on:
twitter
facebook
linkedin
copy
to-top