open-menu
closeme
Load Of RstrtMgr.DLL By A Suspicious Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Load Of RstrtMgr.DLL By An Uncommon Process
calendar
Oct 1, 2024
·
attack.impact
attack.defense-evasion
attack.t1486
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Portable Gpg.EXE Execution
calendar
Oct 1, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Hyper-V Virtual Machine Discovery Shutdown via Powershell Cmdlets
calendar
Sep 9, 2024
·
attack.defense-evasion
attack.impact
attack.t1578
attack.t1578.003
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
IISReset Used to Stop IIS Services
calendar
Sep 9, 2024
·
attack.impact
attack.defense-evasion
attack.t1562
attack.t1562.001
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Versioning Disable
calendar
Sep 2, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Disable Important Scheduled Task
calendar
Aug 26, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Aug 12, 2024
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential-access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Activity Performed by Terminated User
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
All Backups Deleted Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Apache Segmentation Fault
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Application Uninstalled
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.privilege-escalation
attack.t1068
attack.defense-evasion
attack.t1211
attack.credential-access
attack.t1212
attack.lateral-movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Disable EBS Encryption
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS Fileshare Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS Fileshare Mount Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
AWS EKS Cluster Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Credential Modified
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Deleted
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Gateway Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Application Security Group Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Container Registry Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Device No Longer Managed or Compliant
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Device or Configuration Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Azure DNS Zone Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Rule Collection Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.004
·
Share on:
twitter
facebook
linkedin
copy
Azure Firewall Rule Configuration Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Key Vault Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Keyvault Key Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Keyvault Secrets Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Cluster Created or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Network Policy Change
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Pods Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes RoleBinding/ClusterRoleBinding Modified and Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.credential-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Secret or Config Object Access
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Sensitive Role Access
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Service Account Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Firewall Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1562.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Network Security Configuration Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Point-to-site VPN Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Suppression Rule Created
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Virtual Network Device Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Virtual Network Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Azure VPN Connection Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Backup Files Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
BlueSky Ransomware Artefacts
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Cisco Denial of Service
calendar
Aug 12, 2024
·
attack.impact
attack.t1495
attack.t1529
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Cisco File Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070.004
attack.t1561.001
attack.t1561.002
·
Share on:
twitter
facebook
linkedin
copy
Cisco Modify Configuration
calendar
Aug 12, 2024
·
attack.persistence
attack.impact
attack.t1490
attack.t1505
attack.t1565.002
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Commands to Clear or Remove the Syslog - Builtin
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Copy From VolumeShadowCopy Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
DD File Overwrite
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Delete All Scheduled Tasks
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Delete Important Scheduled Task
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume Shadow Copies Via WMI With PowerShell
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume Shadow Copies via WMI with PowerShell - PS Script
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Deleted Data Overwritten Via Cipher.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell - PS Script
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
DNS Events Related To Mining Pools
calendar
Aug 12, 2024
·
attack.execution
attack.t1569.002
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
File Recovery From Backup Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Fsutil Suspicious Invocation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1070
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Github Delete Action Invoked
calendar
Aug 12, 2024
·
attack.impact
attack.collection
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud DNS Zone Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Re-identifies Sensitive Information
calendar
Aug 12, 2024
·
attack.impact
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Service Account Disabled or Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Service Account Modified
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud SQL Database Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Storage Buckets Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud VPN Tunnel Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Removed
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace MFA Disabled
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Role Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Role Privilege Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Group Has Been Deleted Via Groupdel
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
History File Deletion
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Indicators
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Linux Crypto Mining Pool Connections
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Locked Workstation
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
LockerGoga Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 - Potential Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 - Unusual Volume of File Deletion
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Monero Crypto Coin Mining Pool Lookup
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
attack.t1567
·
Share on:
twitter
facebook
linkedin
copy
Network Communication With Crypto Mining Pool
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
New File Exclusion Added To Time Machine Via Tmutil - MacOS
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
New Root or CA or AuthRoot Certificate to Store
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Nginx Core Dump
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
NTFS Vulnerability Exploitation
calendar
Aug 12, 2024
·
attack.impact
attack.t1499.001
·
Share on:
twitter
facebook
linkedin
copy
Okta API Token Revoked
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Application Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Application Sign-On Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Network Zone Deactivated or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Policy Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Policy Rule Modified or Deleted
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta Unauthorized Access to App
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Okta User Account Locked Out
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
OneLogin User Account Locked
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
OneLogin User Assumed Another User
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - NTP Monlist Request
calendar
Aug 12, 2024
·
attack.impact
attack.t1498
·
Share on:
twitter
facebook
linkedin
copy
Overwriting the File with Dev Zero or Null
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - ProcCreation
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsModule
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Active Directory Enumeration Using AD Module - PsScript
calendar
Aug 12, 2024
·
attack.reconnaissance
attack.discovery
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.defense-evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Conti Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.s0575
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Crypto Mining Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1496
·
Share on:
twitter
facebook
linkedin
copy
Potential Dtrack RAT Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential File Overwrite Via Sysinternals SDelete
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware Activity Using LegalNotice Message
calendar
Aug 12, 2024
·
attack.impact
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Change To Sensitive/Critical Files
calendar
Aug 12, 2024
·
attack.impact
attack.t1565.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Add Name Resolution Policy Table Rule
calendar
Aug 12, 2024
·
attack.impact
attack.t1565
·
Share on:
twitter
facebook
linkedin
copy
Registry Disable System Restore
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Remove Account From Domain Admin Group
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
Renamed Gpg.EXE Execution
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Renamed Sysinternals Sdelete Execution
calendar
Aug 12, 2024
·
attack.impact
attack.t1485
·
Share on:
twitter
facebook
linkedin
copy
Replace Desktop Wallpaper by Powershell
calendar
Aug 12, 2024
·
attack.impact
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Secure Deletion with SDelete
calendar
Aug 12, 2024
·
attack.impact
attack.defense-evasion
attack.t1070.004
attack.t1027.005
attack.t1485
attack.t1553.002
attack.s0195
·
Share on:
twitter
facebook
linkedin
copy
Sensitive File Access Via Volume Shadow Copy Backup
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Silence.EDA Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1071.004
attack.t1572
attack.impact
attack.t1529
attack.g0091
attack.s0363
·
Share on:
twitter
facebook
linkedin
copy
Stop Windows Service Via Net.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Stop Windows Service Via PowerShell Stop-Service
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Stop Windows Service Via Sc.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1489
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Appended Extension
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Creation TXT File in User Desktop
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Shutdown
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution of Shutdown to Log Out
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Log Entries
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MacOS Firmware Activity
calendar
Aug 12, 2024
·
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reg Add BitLocker
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy VSS_PS.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vssapi.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vsstrace.dll Load
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
System Shutdown/Reboot - Linux
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
System Shutdown/Reboot - MacOs
calendar
Aug 12, 2024
·
attack.impact
attack.t1529
·
Share on:
twitter
facebook
linkedin
copy
Time Machine Backup Deletion Attempt Via Tmutil - MacOS
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Time Machine Backup Disabled Via Tmutil - MacOS
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
User Has Been Deleted Via Userdel
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
User Logoff Event
calendar
Aug 12, 2024
·
attack.impact
attack.t1531
·
Share on:
twitter
facebook
linkedin
copy
WannaCry Ransomware Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
attack.discovery
attack.t1083
attack.defense-evasion
attack.t1222.001
attack.impact
attack.t1486
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Windows Backup Deleted Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Windows Update Error
calendar
Aug 12, 2024
·
attack.impact
attack.resource-development
attack.t1584
·
Share on:
twitter
facebook
linkedin
copy
WMI Shadow Copy Deletion
calendar
Mar 26, 2024
·
attack.execution
attack.t1047
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Multiple Modsecurity Blocks
calendar
Apr 21, 2023
·
attack.impact
attack.t1499
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Multiple File Rename Or Delete Occurred
calendar
Apr 21, 2023
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Vice Society Encrypted File Extension File Creation
calendar
Nov 29, 2022
·
attack.impact
attack.t1486
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Database (BCD) Manipulation - Registry Modification
calendar
Nov 22, 2022
·
attack.impact
attack.t1490
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
Use of bcdedit to Disrupt Boot Processes
calendar
Nov 22, 2022
·
attack.impact
attack.t1490
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
WMIC Shadow Copy Deletion
calendar
Nov 9, 2022
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
to-top