open-menu
closeme
Writing Of Malicious Files To The Fonts Folder
calendar
Dec 4, 2023
·
attack.t1211
attack.t1059
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Dec 1, 2023
·
attack.credential_access
attack.defense_evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Outside Collaborator Detected
calendar
Dec 1, 2023
·
attack.persistence
attack.collection
attack.t1098.001
attack.t1098.003
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Dec 1, 2023
·
attack.impact
attack.discovery
attack.collection
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharPersist Execution
calendar
Dec 1, 2023
·
attack.persistence
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
New Github Organization Member Added
calendar
Dec 1, 2023
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assignment Created
calendar
Dec 1, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Dec 1, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious BPF Activity - Linux
calendar
Dec 1, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shells Spawn by Java Utility Keytool
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Startup Folder Persistence
calendar
Dec 1, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Uncommon One Time Only Scheduled Task At 00:00
calendar
Dec 1, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage
calendar
Dec 1, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Unsigned AppX Installation Attempt Using Add-AppxPackage - PsScript
calendar
Dec 1, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
VsCode Powershell Profile Modification
calendar
Dec 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Nov 28, 2023
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Nov 28, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Nov 28, 2023
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Nov 28, 2023
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Chromium Browser Instance Executed With Custom Extension
calendar
Nov 28, 2023
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
HAFNIUM Exchange Exploitation Activity
calendar
Nov 28, 2023
·
attack.persistence
attack.t1546
attack.t1053
attack.g0125
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Creation
calendar
Nov 27, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.t1053.005
attack.s0111
car.2013-08-001
stp.1u
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Permissions Weakness Check
calendar
Nov 27, 2023
·
attack.persistence
attack.t1574.011
stp.2a
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Nov 27, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Installation via Sdbinst.EXE
calendar
Nov 15, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Userinit Child Process
calendar
Nov 15, 2023
·
attack.t1037.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process By Web Server Process
calendar
Nov 11, 2023
·
attack.persistence
attack.t1505.003
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Shell Process Spawned by Java.EXE
calendar
Nov 10, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by Java.EXE
calendar
Nov 10, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Webshell Detection With Command Line Keywords
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell Hacking Activity Patterns
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Webshell Tool Reconnaissance Activity
calendar
Nov 10, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Office Application Startup - Office Test
calendar
Nov 8, 2023
·
attack.persistence
attack.t1137.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Creation Activity From Fake Recycle.Bin Folder
calendar
Nov 6, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process Execution From Fake Recycle.Bin Folder
calendar
Nov 6, 2023
·
attack.persistence
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Linux Webshell Indicators
calendar
Nov 2, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sudoers Files
calendar
Nov 2, 2023
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Notepad++ Plugins
calendar
Nov 2, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Nov 2, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential RipZip Attack on Startup Folder
calendar
Nov 2, 2023
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Nov 2, 2023
·
attack.discovery
attack.persistence
attack.defense_evasion
attack.credential_access
attack.privilege_escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Nov 2, 2023
·
attack.t1566
attack.t1566.002
attack.initial_access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Windows Strings In URI
calendar
Nov 2, 2023
·
attack.persistence
attack.exfiltration
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Triple Cross eBPF Rootkit Default Persistence
calendar
Nov 2, 2023
·
attack.persistence
attack.defense_evasion
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Win Susp Computer Name Containing Samtheadmin
calendar
Nov 2, 2023
·
cve.2021.42278
cve.2021.42287
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
App Role Added
calendar
Oct 28, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Oct 28, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Potential Amazon SSM Agent Hijacking
calendar
Oct 28, 2023
·
attack.command_and_control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Or Script Dropper Via PowerShell
calendar
Oct 28, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Amazon SSM Agent Hijacking
calendar
Oct 28, 2023
·
attack.command_and_control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via App Paths Default Property
calendar
Oct 28, 2023
·
attack.persistence
attack.t1546.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via COM Hijacking From Suspicious Locations
calendar
Oct 28, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Dropped Via PowerShell.EXE
calendar
Oct 28, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Oct 28, 2023
·
attack.defense_evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
WMI ActiveScriptEventConsumers Activity Via Scrcons.EXE DLL Load
calendar
Oct 28, 2023
·
attack.lateral_movement
attack.privilege_escalation
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Oct 28, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Oct 28, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Oct 28, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Oct 26, 2023
·
attack.persistence
attack.t1136.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Extended Stored Procedure Backdoor Maggie
calendar
Oct 26, 2023
·
attack.persistence
attack.t1546
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Oct 26, 2023
·
attack.persistence
attack.t1505.001
cve.2023.27363
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Dropped File
calendar
Oct 26, 2023
·
attack.persistence
attack.defense_evasion
cve.2023.36884
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
StoneDrill Service Install
calendar
Oct 26, 2023
·
attack.persistence
attack.g0064
attack.t1543.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Turla PNG Dropper Service
calendar
Oct 26, 2023
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Service Install
calendar
Oct 26, 2023
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created By Non-PowerShell Process
calendar
Oct 23, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add User to Local Administrators Group
calendar
Oct 18, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Web Shell Detection
calendar
Oct 18, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Oct 18, 2023
·
attack.persistence
attack.t1053.003
attack.privilege_escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From Direct IP
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Common Autorun Keys Modification
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion Autorun Keys Modification
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion NT Autorun Keys Modification
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Failed Logon From Public IP
calendar
Oct 18, 2023
·
attack.initial_access
attack.persistence
attack.t1078
attack.t1190
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
FlowCloud Malware
calendar
Oct 18, 2023
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Narrator's Feedback-Hub Persistence
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppInit_DLLs Registry Key
calendar
Oct 18, 2023
·
attack.persistence
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
New RUN Key Pointing to Suspicious Folder
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE
calendar
Oct 18, 2023
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE With Never Expire Option
calendar
Oct 18, 2023
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Office Autorun Keys Modification
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.lateral_movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Existing Service Tampering
calendar
Oct 18, 2023
·
attack.persistence
attack.t1543.003
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via COM Search Order Hijacking
calendar
Oct 18, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Startup Folder
calendar
Oct 18, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Potential Webshell Creation On Static Website
calendar
Oct 18, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - Process Hacker Execution
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.discovery
attack.persistence
attack.privilege_escalation
attack.t1622
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
PUA - System Informer Execution
calendar
Oct 18, 2023
·
attack.persistence
attack.privilege_escalation
attack.discovery
attack.defense_evasion
attack.t1082
attack.t1564
attack.t1543
·
Share on:
twitter
facebook
linkedin
copy
Register New IFiltre For Persistence
calendar
Oct 18, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via Explorer Run Key
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Task Creation via ATSVC Named Pipe - Zeek
calendar
Oct 18, 2023
·
attack.lateral_movement
attack.persistence
car.2013-05-004
car.2015-04-001
attack.t1053.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Utilities Host Service Install
calendar
Oct 18, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executed From A Suspicious Location
calendar
Oct 18, 2023
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executed Uncommon LOLBIN
calendar
Oct 18, 2023
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Add User to Remote Desktop Users Group
calendar
Oct 18, 2023
·
attack.persistence
attack.lateral_movement
attack.t1133
attack.t1136.001
attack.t1021.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Environment Variable Has Been Registered
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WindowsTerminal Child Processes
calendar
Oct 18, 2023
·
attack.execution
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsService Execution
calendar
Oct 18, 2023
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sysinternals PsSuspend Execution
calendar
Oct 18, 2023
·
attack.discovery
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Tasks Folder Evasion
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.execution
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Third Party Software DLL Sideloading
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMToolsd Suspicious Child Process
calendar
Oct 18, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
WMI Persistence
calendar
Oct 18, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node CurrentVersion Autorun Keys Modification
calendar
Oct 18, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Added Credentials to Existing Application
calendar
Oct 17, 2023
·
attack.t1098.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Remote Access Software Service Installation
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Oct 17, 2023
·
attack.persistence
attack.credential_access
attack.privilege_escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Oct 17, 2023
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Oct 17, 2023
·
attack.t1078
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Oct 17, 2023
·
attack.t1078
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Admission Controller
calendar
Oct 17, 2023
·
attack.persistence
attack.t1078
attack.credential_access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Oct 17, 2023
·
attack.command_and_control
attack.t1071.001
attack.defense_evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bulk Deletion Changes To Privileged Account Permissions
calendar
Oct 17, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Removed by Non Approved Actor
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Updated by Non Approved Actor
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Changes To PIM Settings
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Local Hidden User Account by Registry
calendar
Oct 17, 2023
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Creation of an WerFault.exe in Unusual Folder
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Failed MSExchange Transport Agent Installation
calendar
Oct 17, 2023
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Admission Controller
calendar
Oct 17, 2023
·
attack.persistence
attack.t1078
attack.credential_access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Guest User Invited By Non Approved Inviters
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Modifying Crontab
calendar
Oct 17, 2023
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit - System
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Add Account To Sysadmin Role
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
MSSQL SPProcoption Set
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
NetSupport Manager Service Install
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New Kernel Driver Via SC.EXE
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Password Reset By User Account
calendar
Oct 17, 2023
·
attack.persistence
attack.credential_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via TypedPaths - CommandLine
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PIM Alert Setting Changes To Disabled
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via ErrorHandler.Cmd
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Powerview Add-DomainObjectAcl DCSync AD Extend Right
calendar
Oct 17, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Privileged Account Creation
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Privileged User Has Been Created
calendar
Oct 17, 2023
·
attack.persistence
attack.t1136.001
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence Mechanisms in Recycle Bin
calendar
Oct 17, 2023
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
RTCore Suspicious Service Installation
calendar
Oct 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Service DACL Abuse To Hide Services Via Sc.EXE
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Service Installation in Suspicious Folder
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Sticky Key Like Backdoor Usage - Registry
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.008
car.2014-11-003
car.2014-11-008
·
Share on:
twitter
facebook
linkedin
copy
Suspicious ASPX File Drop by Exchange
calendar
Oct 17, 2023
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Drop by Exchange
calendar
Oct 17, 2023
·
attack.persistence
attack.t1190
attack.initial_access
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-Variable.exe Creation
calendar
Oct 17, 2023
·
attack.persistence
attack.t1546
attack.defense_evasion
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-WmiObject
calendar
Oct 17, 2023
·
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GetTypeFromCLSID ShellExecute
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GrpConv Execution
calendar
Oct 17, 2023
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Service Creation
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Processes Spawned by WinRM
calendar
Oct 17, 2023
·
attack.t1190
attack.initial_access
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Creation
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Scheduled Task Update
calendar
Oct 17, 2023
·
attack.execution
attack.privilege_escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Schtasks Execution AppData Folder
calendar
Oct 17, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Screensaver Binary File Creation
calendar
Oct 17, 2023
·
attack.persistence
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet
calendar
Oct 17, 2023
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service DACL Modification Via Set-Service Cmdlet - PS
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Service Installation Script
calendar
Oct 17, 2023
·
attack.persistence
attack.privilege_escalation
car.2013-09-005
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Temporary Access Pass Added To An Account
calendar
Oct 17, 2023
·
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - FileCreation
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
UEFI Persistence Via Wpbbin - ProcessCreation
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1542.001
·
Share on:
twitter
facebook
linkedin
copy
User Added To Group With CA Policy Modification Access
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
User Added To Root/Sudoers Group Using Usermod
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
User Removed From Group With CA Policy Modification Access
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
VMGuestLib DLL Sideload
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Oct 17, 2023
·
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.t1574
cve.2021.1675
cve.2021.34527
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Helper DLL
calendar
Oct 17, 2023
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
AWS ECS Task Definition That Queries The Credential Endpoint
calendar
Oct 12, 2023
·
attack.persistence
attack.t1525
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
Oct 12, 2023
·
attack.persistence
attack.t1136
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Backdoor Users Keys
calendar
Oct 12, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Oct 12, 2023
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Oct 12, 2023
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Oct 12, 2023
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Identity Center Identity Provider Change
calendar
Oct 12, 2023
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Oct 12, 2023
·
attack.persistence
attack.credential_access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Oct 12, 2023
·
attack.persistence
attack.credential_access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS User Login Profile Was Modified
calendar
Oct 12, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Oct 12, 2023
·
attack.credential_access
attack.t1556
attack.persistence
attack.defense_evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Disabled MFA to Bypass Authentication Mechanisms
calendar
Oct 12, 2023
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabling Multi Factor Authentication
calendar
Oct 12, 2023
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Granted Domain API Access
calendar
Oct 12, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace User Granted Admin Privileges
calendar
Oct 12, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Granting Of Permissions To An Account
calendar
Oct 12, 2023
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added
calendar
Oct 12, 2023
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added - Exchange
calendar
Oct 12, 2023
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
Number Of Resource Creation Or Deployment Activities
calendar
Oct 12, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
User Added to an Administrator's Azure AD Role
calendar
Oct 12, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1098.003
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Oct 12, 2023
·
attack.execution
attack.defense_evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Oct 12, 2023
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Leviathan Registry Key Activity
calendar
Oct 4, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Module Loaded by ClickOnce Application
calendar
Oct 4, 2023
·
attack.persistence
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Service Registry Key Read Access Request
calendar
Sep 29, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activated Too Frequently
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Activation Doesn't Require MFA
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Are Not Being Used
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Roles Assigned Outside PIM
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Stale Accounts In A Privileged Role
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Too Many Global Admins
calendar
Sep 14, 2023
·
attack.t1078
attack.persistence
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Sep 11, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Okta Identity Provider Created
calendar
Sep 11, 2023
·
attack.persistence
attack.t1098.001
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor DLL Loading Activity
calendar
Sep 7, 2023
·
attack.persistence
attack.t1574.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
VMMap Signed Dbghelp.DLL Potential Sideloading
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
VMMap Unsigned Dbghelp.DLL Potential Sideloading
calendar
Sep 7, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
ESXi Account Creation Via ESXCLI
calendar
Sep 6, 2023
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Anomalous User Activity
calendar
Sep 6, 2023
·
attack.t1098
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Browser Activity
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Unfamiliar Sign-In Properties
calendar
Sep 6, 2023
·
attack.t1078
attack.persistence
attack.defense_evasion
attack.privilege_escalation
attack.initial_access
·
Share on:
twitter
facebook
linkedin
copy
Shrpubw Execution from Unexpected File Path
calendar
Sep 1, 2023
·
attack.persistence
attack.t1574
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious 'Admin' Local User Creation with Net Command
calendar
Sep 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1136.001
attack.t1136
attack.t1078
attack.t1078.003
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Added to a Security-Enabled Global Group
calendar
Aug 28, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Removed From a Security-Enabled Global Group
calendar
Aug 28, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Security-Enabled Global Group Was Deleted
calendar
Aug 28, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 28, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.credential_access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
calendar
Aug 28, 2023
·
cve.2023.34362
detection.emerging_threats
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 28, 2023
·
cve.2021.42287
detection.emerging_threats
attack.defense_evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious IIS Module Registration
calendar
Aug 28, 2023
·
attack.persistence
attack.t1505.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Visual Studio Tools for Office
calendar
Aug 28, 2023
·
attack.t1137.006
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Root Account Enable Via Dsenableroot
calendar
Aug 22, 2023
·
attack.t1078
attack.t1078.001
attack.t1078.003
attack.initial_access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using Event Viewer
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Changing RDP Port to Non Standard Number
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Classes Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
COM Hijacking via TreatAs
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
CurrentControlSet Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
IE Change Domain Zone
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New ODBC Driver Registered
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 17, 2023
·
attack.persistence
attack.command_and_control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Outlook Security Settings Updated - Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Outlook Task/Note Reminder Received
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
cve.2023.23397
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Disk Cleanup Handler - Autorun
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Hhctrl.ocx
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT Windows User Creation
calendar
Aug 17, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encrypted Registry Blob Related To SNAKE Malware
calendar
Aug 17, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Using DebugPath
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AutodialDLL
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via CHM Helper DLL
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via DLLPathOverride
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Excel Add-in - Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via LSA Extensions
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Mpnotify
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 17, 2023
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 17, 2023
·
attack.persistence
attack.command_and_control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Pages
calendar
Aug 17, 2023
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Scrobj.dll COM Hijacking
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database In Uncommon Location
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via TypedPaths
calendar
Aug 17, 2023
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential PSFactoryBuffer COM Hijacking
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via DbgManagedDebugger
calendar
Aug 17, 2023
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via Windows Telemetry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ODBC Driver Registered
calendar
Aug 17, 2023
·
attack.persistence
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification to Hidden File Extension
calendar
Aug 17, 2023
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Running Chrome VPN Extensions via the Registry 2 VPN Extension
calendar
Aug 17, 2023
·
attack.persistence
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Scheduled TaskCache Change by Uncommon Program
calendar
Aug 17, 2023
·
attack.persistence
attack.t1053
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
ServiceDll Hijack
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Session Manager Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
Set TimeProviders DllName
calendar
Aug 17, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Registry Persistence
calendar
Aug 17, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New Printer Ports in Registry (CVE-2020-1048)
calendar
Aug 17, 2023
·
attack.persistence
attack.execution
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Powershell In Registry Run Keys
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Shim Database Patching Activity
calendar
Aug 17, 2023
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
System Scripts Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
VBScript Payload Stored in Registry
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Winget Admin Settings Modification
calendar
Aug 17, 2023
·
attack.defense_evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Winlogon AllowMultipleTSSessions Enable
calendar
Aug 17, 2023
·
attack.persistence
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Winlogon Notify Key Logon Persistence
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
WinSock2 Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Classes Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Wow6432Node Windows NT CurrentVersion Autorun Keys Modification
calendar
Aug 17, 2023
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor Activity
calendar
Aug 2, 2023
·
attack.persistence
attack.t1574.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
New Shim Database Created in the Default Directory
calendar
Aug 1, 2023
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Potential Shim Database Persistence via Sdbinst.EXE
calendar
Aug 1, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Jul 31, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Jul 27, 2023
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Jul 24, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Terminal Profile Settings Modification By Uncommon Process
calendar
Jul 24, 2023
·
attack.persistence
attack.t1547.015
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Jul 20, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Encoded Payload from Registry
calendar
Jul 20, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Scheduled Task Executing Payload from Registry
calendar
Jul 20, 2023
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Enabled User Right in AD to Control User Objects
calendar
Jun 26, 2023
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - Security
calendar
Jun 21, 2023
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool Services Have Been Installed - System
calendar
Jun 21, 2023
·
attack.persistence
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Local User Creation
calendar
Jun 21, 2023
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Jun 20, 2023
·
attack.defense_evasion
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Jun 20, 2023
·
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Jun 20, 2023
·
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Jun 20, 2023
·
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit
calendar
Jun 20, 2023
·
attack.initial_access
attack.t1190
attack.persistence
attack.t1505.003
cve.2021.40539
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation
calendar
Jun 20, 2023
·
attack.persistence
attack.t1053.005
attack.s0111
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation - Security
calendar
Jun 20, 2023
·
attack.persistence
attack.t1053
attack.s0111
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
DEWMODE Webshell Access
calendar
Jun 20, 2023
·
attack.persistence
attack.t1505.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Service Creation
calendar
Jun 20, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Jun 20, 2023
·
attack.persistence
attack.privilege_escalation
attack.t1543.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Jun 20, 2023
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense_evasion
attack.t1112
attack.command_and_control
attack.t1071.004
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Jun 20, 2023
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense_evasion
attack.t1112
attack.command_and_control
attack.t1071.004
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Jun 20, 2023
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense_evasion
attack.t1112
attack.command_and_control
attack.t1071.004
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit
calendar
Jun 20, 2023
·
attack.t1190
attack.initial_access
attack.persistence
attack.t1505.003
cve.2018.2894
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor File Indicators
calendar
Jun 20, 2023
·
attack.persistence
attack.t1574.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential ACTINIUM Persistence Activity
calendar
Jun 20, 2023
·
attack.persistence
attack.t1053
attack.t1053.005
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Creation
calendar
Jun 20, 2023
·
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Load
calendar
Jun 20, 2023
·
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT File Indicators
calendar
Jun 20, 2023
·
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ryuk Ransomware Activity
calendar
Jun 20, 2023
·
attack.persistence
attack.t1547.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Serv-U Exploitation CVE-2021-35211 by DEV-0322
calendar
Jun 20, 2023
·
attack.persistence
attack.t1136.001
cve.2021.35211
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware CommandLine Indicator
calendar
Jun 20, 2023
·
attack.persistence
attack.t1574.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Covert Store Registry Key
calendar
Jun 20, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Service Persistence
calendar
Jun 20, 2023
·
attack.persistence
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Solarwinds SUPERNOVA Webshell Access
calendar
Jun 20, 2023
·
attack.persistence
attack.t1505.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
SOURGUM Actor Behaviours
calendar
Jun 20, 2023
·
attack.t1546
attack.t1546.015
attack.persistence
attack.privilege_escalation
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrinterPorts Creation (CVE-2020-1048)
calendar
Jun 20, 2023
·
attack.persistence
attack.execution
attack.t1059.001
cve.2020.1048
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBScript UN2452 Pattern
calendar
Jun 20, 2023
·
attack.persistence
attack.t1547.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Barracuda ESG Exploitation Indicators
calendar
Jun 20, 2023
·
attack.execution
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Email Exfiltration File Pattern
calendar
Jun 20, 2023
·
attack.execution
attack.persistence
attack.defense_evasion
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Jun 11, 2023
·
attack.defense_evasion
attack.persistence
attack.privilege_escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - CommandLine
calendar
Jun 9, 2023
·
attack.persistence
attack.t1037.001
·
Share on:
twitter
facebook
linkedin
copy