open-menu
closeme
AWS Key Pair Import Activity
calendar
Dec 19, 2024
·
attack.initial-access
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Webshell Detection With Command Line Keywords
calendar
Dec 14, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
COM Object Hijacking Via Modification Of Default System CLSID Default Value
calendar
Dec 14, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - Security
calendar
Dec 7, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Dec 1, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process By Web Server Process
calendar
Dec 1, 2024
·
attack.persistence
attack.t1505.003
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation via Masqueraded XML File
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.persistence
attack.t1036.005
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
GCP Access Policy Deleted
calendar
Dec 1, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Access Level Modified
calendar
Dec 1, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Dec 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Dec 1, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Creation of WerFault.exe/Wer.dll in Unusual Folder
calendar
Nov 29, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.discovery
attack.persistence
attack.privilege-escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Nov 25, 2024
·
attack.persistence
attack.privilege-escalation
attack.discovery
attack.defense-evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
ESXi Account Creation Via ESXCLI
calendar
Nov 20, 2024
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
App Assigned To Azure RBAC/Microsoft Entra Role
calendar
Nov 20, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Web Shell Detection
calendar
Nov 4, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AppCompat RegisterAppRestart Layer
calendar
Nov 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor
calendar
Nov 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Tasks Names Used By SVR For GraphicalProton Backdoor - Task Scheduler
calendar
Nov 1, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 1, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Oct 25, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New Module Module Added To IIS Server
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Previously Installed IIS Module Was Removed
calendar
Oct 6, 2024
·
attack.defense-evasion
attack.persistence
attack.t1562.002
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Oct 1, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Patching Activity
calendar
Oct 1, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Persistence and Execution at Scale via GPO Scheduled Task
calendar
Sep 6, 2024
·
attack.persistence
attack.lateral-movement
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Feature Enabled Via DISM
calendar
Sep 3, 2024
·
attack.persistence
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Installation - PsScript
calendar
Sep 3, 2024
·
attack.persistence
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Incoming Connection
calendar
Sep 2, 2024
·
attack.persistence
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Sep 2, 2024
·
attack.persistence
attack.t1136.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Sep 2, 2024
·
attack.persistence
attack.t1505.001
cve.2023-27363
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created By Non-PowerShell Process
calendar
Sep 2, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Serpent Backdoor Payload Execution Via Scheduled Task
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
User Risk and MFA Registration Policy Updated
calendar
Aug 21, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Multi Factor Authentication Disabled For User Account
calendar
Aug 21, 2024
·
attack.credential-access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Added to a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Removed From a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A New Trust Was Created To A Domain
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Security-Enabled Global Group Was Deleted
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Added Credentials to Existing Application
calendar
Aug 12, 2024
·
attack.t1098.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Addition of SID History to Active Directory Object
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1134.005
·
Share on:
twitter
facebook
linkedin
copy
Allow Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Anomalous User Activity
calendar
Aug 12, 2024
·
attack.t1098
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Remote Access Software Service Installation
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.privilege-escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Aug 12, 2024
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Aruba Network Service Potential DLL Sideloading
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
AWS ECS Task Definition That Queries The Credential Endpoint
calendar
Aug 12, 2024
·
attack.persistence
attack.t1525
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Backdoor Users Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Identity Center Identity Provider Change
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS User Login Profile Was Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Admission Controller
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Permission Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From Direct IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download To Potential Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Downloading File Potential Suspicious Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job With Uncommon Or Suspicious Remote TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon TLD
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bulk Deletion Changes To Privileged Account Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using Event Viewer
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Removed by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Updated by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Certificate Request Export to Exchange Webserver
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Certificate-Based Authentication Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association To Executable Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
attack.persistence
attack.defense-evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Changes To PIM Settings
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Changing Existing Service ImagePath Value Via Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Local Accounts
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Cisco Modify Configuration
calendar
Aug 12, 2024
·
attack.persistence
attack.impact
attack.t1490
attack.t1505
attack.t1565.002
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Code Executed Via Office Add-in XLL File
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Code Injection by ld.so Preload
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COM Hijacking via TreatAs
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Common Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Communication To Uncommon Destination Ports
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
CosmicDuke Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Creation Exe for Service with Unquoted Path
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Local Hidden User Account by Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of A Local User Account
calendar
Aug 12, 2024
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Creation Of An User Account
calendar
Aug 12, 2024
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CurrentControlSet Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion NT Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
cve.2021-40539
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1708 - ScreenConnect Path Traversal Exploitation
calendar
Aug 12, 2024
·
attack.persistence
cve.2024-1708
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - Security
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
cve.2024-1708
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1709 - ScreenConnect Authentication Bypass Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
Default RDP Port Changed to Non Standard Port
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Deny Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
DEWMODE Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Direct Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Directory Service Restore Mode(DSRM) Registry Value Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabled MFA to Bypass Authentication Mechanisms
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabling Multi Factor Authentication
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
DLL Load via LSASS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1547.008
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DNS HybridConnectionManager Service Bus
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
Driver Load From A Temporary Directory
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Enabled User Right in AD to Control User Objects
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Exchange Set OabVirtualDirectory ExternalUrl Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Failed Logon From Public IP
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.t1078
attack.t1190
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Failed MSExchange Transport Agent Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
Fax Service DLL Search Order Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
File Creation In Suspicious Directory By Msdt.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To A Suspicious Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To An Uncommon Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File With Suspicious Extension Downloaded Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
FlowCloud Registry Markers
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Custom Protocol Handler Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Custom Protocol Handler DLL Registry Set
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Github Fork Private Repositories Setting Enabled/Cleared
calendar
Aug 12, 2024
·
attack.persistence
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Outside Collaborator Detected
calendar
Aug 12, 2024
·
attack.persistence
attack.collection
attack.t1098.001
attack.t1098.003
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Repository/Organization Transferred
calendar
Aug 12, 2024
·
attack.persistence
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github SSH Certificate Configuration Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Service Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Admission Controller
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Granted Domain API Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace User Granted Admin Privileges
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Granting Of Permissions To An Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Guest User Invited By Non Approved Inviters
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Powerup Write Hijack DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharPersist Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
HAFNIUM Exchange Exploitation Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.t1053
attack.g0125
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Hidden Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Running
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
IE Change Domain Zone
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
IIS Native-Code Module Command Line Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Autorun Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Configuration Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Admission Controller Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes CronJob/Job Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Launch Agent/Daemon Execution Via Launchctl
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1569.001
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Leviathan Registry Key Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Linux Webshell Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Loading of Kernel Module via Insmod
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
MacOS Emond Launch Daemon
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.014
·
Share on:
twitter
facebook
linkedin
copy
Mailbox Export to Exchange Webserver
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Manipulation of User Computer or Group Security Principals Across AD
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Modifying Crontab
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit - System
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
calendar
Aug 12, 2024
·
cve.2023-34362
detection.emerging-threats
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
MSExchange Transport Agent Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
MSExchange Transport Agent Installation - Builtin
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Add Account To Sysadmin Role
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Extended Stored Procedure Backdoor Maggie
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL SPProcoption Set
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Narrator's Feedback-Hub Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
NetSupport Manager Service Install
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New ActiveScriptEventConsumer Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
New Custom Shim Database Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppCertDlls Registry Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppInit_DLLs Registry Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added - Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Github Organization Member Added
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Kernel Driver Via SC.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Authority Added
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
New RUN Key Pointing to Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using PowerShell
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New TimeProviders Registered With Uncommon DLL Name
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE With Never Expire Option
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Number Of Resource Creation Or Deployment Activities
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Office Application Startup - Office Test
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.002
·
Share on:
twitter
facebook
linkedin
copy
Office Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assigned to an User or Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assignment Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Okta API Token Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Okta Identity Provider Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.001
·
Share on:
twitter
facebook
linkedin
copy
Okta MFA Reset or Deactivated
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.defense-evasion
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SSH Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.persistence
attack.t1133
attack.t1021
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SSH New Connection Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.persistence
attack.t1133
attack.t1021
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.t1505.003
cve.2018-2894
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Outlook Security Settings Updated - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Outlook Task/Note Reminder Received
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Password Change on Directory Service Restore Mode (DSRM) Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Password Reset By User Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Path To Screensaver Binary Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Cron Files
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Disk Cleanup Handler - Autorun
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Hhctrl.ocx
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sudoers Files
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via TypedPaths - CommandLine
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PIM Alert Setting Changes To Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor DLL Loading Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential ACTINIUM Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Antivirus Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Or Script Dropper Via PowerShell
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Chrome Frame Helper DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Load
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT Windows User Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Object Hijacking Via TreatAs Subkey - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Dropped File
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
cve.2024-3400
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGCORE.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGHELP.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Libcurl.DLL Via GUP.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Encrypted Registry Blob Related To SNAKE Malware
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Shutdown Schedule Task Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Winlogon Shell Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Libvlc.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via ErrorHandler.Cmd
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Existing Service Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Run Keys Using Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Using DebugPath
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via App Paths Default Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AutodialDLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via CHM Helper DLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Disk Cleanup Handler - Registry
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via DLLPathOverride
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Event Viewer Events.asp
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Excel Add-in - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.defense-evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - CommandLine
calendar
Aug 12, 2024
·
attack.persistence
attack.t1037.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - Registry
calendar
Aug 12, 2024
·
attack.t1037.001
attack.persistence
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via LSA Extensions
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Compatibility Appraiser
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Add-In
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Mpnotify
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via New AMSI Providers - Registry
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Notepad++ Plugins
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Form
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PlistBuddy
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PowerShell User Profile Using Add-Content
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Scrobj.dll COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database In Uncommon Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via TypedPaths
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Visual Studio Tools for Office
calendar
Aug 12, 2024
·
attack.t1137.006
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Potential PSFactoryBuffer COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.persistence
attack.t1542.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via DbgManagedDebugger
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via Windows Telemetry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential RipZip Attack on Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Potential Ryuk Ransomware Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SentinelOne Shell Context Menu Scan Command Tampering
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Shim Database Persistence via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Startup Shortcut Persistence Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.defense-evasion
attack.credential-access
attack.privilege-escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious BPF Activity - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Winget Package Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Wazuh Security Platform DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Webshell Creation On Static Website
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Shell Script Creation in Profile Folder
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Create Local User
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Create Scheduled Task
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Powershell LocalAccount Manipulation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Dropped Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Powerview Add-DomainObjectAcl DCSync AD Extend Right
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Privileged Account Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Privileged User Has Been Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Process Explorer Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
Process Monitor Driver Creation By Non-Sysinternals Binary
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1068
·
Share on:
twitter
facebook
linkedin
copy
PSEXEC Remote Execution File Artefact
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.execution
attack.persistence
attack.t1136.002
attack.t1543.003
attack.t1570
attack.s0029
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed to Zero
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Register New IFiltre For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification to Hidden File Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence Mechanisms in Recycle Bin
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Explorer Run Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Registry-Free Process Scope COR_PROFILER
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - System
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Activity via SVCCTL Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Task Creation via ATSVC Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
car.2013-05-004
car.2015-04-001
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Task Creation via ATSVC Named Pipe - Zeek
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
car.2013-05-004
car.2015-04-001
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Utilities Host Service Install
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Roles Activated Too Frequently
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activation Doesn't Require MFA
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Are Not Being Used
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Assigned Outside PIM
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Root Account Enable Via Dsenableroot
calendar
Aug 12, 2024
·
attack.t1078
attack.t1078.001
attack.t1078.003
attack.initial-access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
RTCore Suspicious Service Installation
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Registered COM Objects
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Running Chrome VPN Extensions via the Registry 2 VPN Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - Linux
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Cron Task/Job - MacOs
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation Via Schtasks.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executed From A Suspicious Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executed Uncommon LOLBIN
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Encoded Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Payload from Registry
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task/Job At
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Scheduled TaskCache Change by Uncommon Program
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
ScreenConnect User Database Modification
calendar
Aug 12, 2024
·
attack.persistence
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
Security Support Provider (SSP) Added to LSA Configuration
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.005
·
Share on:
twitter
facebook
linkedin
copy
Serv-U Exploitation CVE-2021-35211 by DEV-0322
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
cve.2021-35211
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Service DACL Abuse To Hide Services Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Installation in Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Service Installation with Suspicious Folder Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Permissions Weakness Check
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.011
stp.2a
·
Share on:
twitter
facebook
linkedin
copy
Service Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
ServiceDll Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Session Manager Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
Setuid and Setgid
calendar
Aug 12, 2024
·
attack.persistence
attack.t1548.001
·
Share on:
twitter
facebook
linkedin
copy
Shell Process Spawned by Java.EXE
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Shellshock Expression
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware CommandLine Indicator
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Covert Store Registry Key
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Service Persistence
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Solarwinds SUPERNOVA Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SOURGUM Actor Behaviours
calendar
Aug 12, 2024
·
attack.t1546
attack.t1546.015
attack.persistence
attack.privilege-escalation
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Stale Accounts In A Privileged Role
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Startup Folder File Write
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Startup Item File Created - MacOS
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1037.005
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Execution
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Usage - Registry
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
StoneDrill Service Install
calendar
Aug 12, 2024
·
attack.persistence
attack.g0064
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ASPX File Drop by Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of SQL Server
calendar
Aug 12, 2024
·
attack.t1505.003
attack.t1190
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Child Process Of Veeam Dabatase
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 12, 2024
·
cve.2021-42287
detection.emerging-threats
attack.defense-evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Debugger Registration Cmdline
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious desktop.ini Action
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From Direct IP Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Driver Install by pnputil.exe
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Encoded Scripts in a WMI Consumer
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Environment Variable Has Been Registered
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.002
attack.initial-access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Drop by Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1190
attack.initial-access
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-Variable.exe Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.defense-evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GetTypeFromCLSID ShellExecute
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GrpConv Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS Module Registration
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious MSExchangeMailboxReplication ASPX Write
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Service Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell In Registry Run Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrinterPorts Creation (CVE-2020-1048)
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1059.001
cve.2020-1048
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by WinRM
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Run Key from Download
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation Involving Temp Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Write to System32 Tasks
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Execution AppData Folder
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Screensaver Binary File Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation Script
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Path Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shells Spawn by Java Utility Keytool
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Startup Folder Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBScript UN2452 Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows ANONYMOUS LOGON Local Account Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1136.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Strings In URI
calendar
Aug 12, 2024
·
attack.persistence
attack.exfiltration
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WindowsTerminal Child Processes
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsService Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsSuspend Execution
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
System Scripts Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Systemd Service Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.002
·
Share on:
twitter
facebook
linkedin
copy
Systemd Service Reload or Start
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.002
·
Share on:
twitter
facebook
linkedin
copy
Tasks Folder Evasion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.execution
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Temporary Access Pass Added To An Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Third Party Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Too Many Global Admins
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Default Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Turla PNG Dropper Service
calendar
Aug 12, 2024
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Service Install
calendar
Aug 12, 2024
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UAC Bypass With Fake DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1548.002
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - FileCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - ProcessCreation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Barracuda ESG Exploitation Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Email Exfiltration File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Extension Shim Database Installation Via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Service Installation Image Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Userinit Child Process
calendar
Aug 12, 2024
·
attack.t1037.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Unix Shell Configuration Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.004
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage - PsScript
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Module Loaded by ClickOnce Application
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
User Added to an Administrator's Azure AD Role
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
User Added To Group With CA Policy Modification Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
User Added To Highly Privileged Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrator Group
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1078
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added to Local Administrators Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added to Remote Desktop Users Group
calendar
Aug 12, 2024
·
attack.persistence
attack.lateral-movement
attack.t1133
attack.t1136.001
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
User Added To Root/Sudoers Group Using Usermod
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
User Removed From Group With CA Policy Modification Access
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
VBScript Payload Stored in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
VMGuestLib DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Webshell Hacking Activity Patterns
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell ReGeorg Detection Via Web Logs
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Webshell Remote Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Webshell Tool Reconnaissance Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Win Susp Computer Name Containing Samtheadmin
calendar
Aug 12, 2024
·
cve.2021-42278
cve.2021-42287
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Windows Network Access Suspicious desktop.ini Action
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Windows Terminal Profile Settings Modification By Uncommon Process
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.015
·
Share on:
twitter
facebook
linkedin
copy
Windows Webshell Strings
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
WINEKEY Registry Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Winget Admin Settings Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Winlogon AllowMultipleTSSessions Enable
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Helper DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Notify Key Logon Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
WinSock2 Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
WMI ActiveScriptEventConsumers Activity Via Scrcons.EXE DLL Load
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.privilege-escalation
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Backdoor Exchange Transport Agent
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Event Subscription
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Command Line Event Consumer
calendar
Aug 12, 2024
·
attack.t1546.003
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Script Event Consumer
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Script Event Consumer File Write
calendar
Aug 12, 2024
·
attack.t1546.003
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Writing Of Malicious Files To The Fonts Folder
calendar
Aug 12, 2024
·
attack.t1211
attack.t1059
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Detection
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.001
attack.persistence
attack.T1176
attack.T1053.005
·
Share on:
twitter
facebook
linkedin
copy
Detecting Ammy Admin RMM Agent Execution
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Detection of CMD Execution via AnyViewer RMM
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Detection of Suspicious triggering of ErrorHandler.cmd Execution
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Aug 10, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
AppInit DLL Installation
calendar
Mar 26, 2024
·
attack.privilege_escalation
attack.persistence
attack.t1546
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader NW.js Runtime App Installation Paths
calendar
Mar 26, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Non-depmod Process Modifying modules.dep
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Non-Microsoft App Package Installation Process
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1546
attack.t1546.016
·
Share on:
twitter
facebook
linkedin
copy
Package Support Framework (PSF) Advanced Installer Processes
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1546
attack.t1546.016
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Startup Folder Persistence
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Shells Modifying Files in Known Linux Kernel Modules Directories
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Systemd Loading a Linux Kernel Module Using insmod
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Systemd Loading a Linux Kernel Module Using modprobe
calendar
Mar 26, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1547
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Web Browser Loading Extension
calendar
Mar 26, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Exchange Webshell creation
calendar
Feb 23, 2024
·
attack.t1505.003
attack.persistence
attack.t1190
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
QBot process creation from scheduled task REGSVR32 (regsvr32.exe), -s flag and SYSTEM in the command line
calendar
Feb 23, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
QBot scheduled task REGSVR32 with C$ image path
calendar
Feb 23, 2024
·
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation to execute LOLbins
calendar
Feb 22, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Shrpubw Execution from Unexpected File Path
calendar
Sep 1, 2023
·
attack.persistence
attack.t1574
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious 'Admin' Local User Creation with Net Command
calendar
Sep 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1136.001
attack.t1136
attack.t1078
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
AdSearch Reg Runkey Persistence Execution (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
AdSearch Startup Folder Persistence File Creation (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Failed Logins with Different Accounts from Single Source System
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Failed NTLM Logins with Different Accounts from Single Source System
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Files Dropped to Program Files by Non-Priviledged Process
calendar
Apr 21, 2023
·
attack.persistence
attack.defense_evasion
attack.t1574
attack.t1574.010
·
Share on:
twitter
facebook
linkedin
copy
Malicious Service Installations
calendar
Apr 21, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1003
attack.t1035
attack.t1050
car.2013-09-005
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Creation
calendar
Apr 21, 2023
·
attack.lateral_movement
attack.persistence
attack.execution
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Scheduled task executing powershell encoded payload from registry
calendar
Jan 8, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Webshell Usage with ManageEngine Product
calendar
Jan 8, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Commands by SQL Server
calendar
Jan 8, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Fsutil Execution Allowing Remote Connections
calendar
Dec 6, 2022
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Child Process
calendar
Nov 19, 2022
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Calc DLL Load
calendar
Nov 19, 2022
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Chrome Spawned by Powershell with Load-Extension in Command Line
calendar
Nov 9, 2022
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Unusual or Suspicious Process Ancestry
calendar
Nov 9, 2022
·
attack.persistence
attack.t1505
attack.execution
attack.t1059.003
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Behaving Improperly or Suspiciously
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Create Shell
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Windows Scheduled Task Making Suspicious Network Connection
calendar
Nov 9, 2022
·
attack.persistence
attack.execution
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
to-top