open-menu
closeme
Potential PrintNightmare Exploitation Attempt
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
·
Share on:
twitter
facebook
linkedin
copy
Windows Spooler Service Suspicious Binary Load
calendar
Sep 13, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574
cve.2021-1675
cve.2021-34527
·
Share on:
twitter
facebook
linkedin
copy
Persistence and Execution at Scale via GPO Scheduled Task
calendar
Sep 6, 2024
·
attack.persistence
attack.lateral-movement
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Feature Enabled Via DISM
calendar
Sep 3, 2024
·
attack.persistence
attack.t1548.002
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Access Installation - PsScript
calendar
Sep 3, 2024
·
attack.persistence
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
COM Object Hijacking Via Modification Of Default System CLSID Default Value
calendar
Sep 2, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Remote Access Tool - AnyDesk Incoming Connection
calendar
Sep 2, 2024
·
attack.persistence
attack.command-and-control
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Sep 2, 2024
·
attack.persistence
attack.t1136.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Sep 2, 2024
·
attack.persistence
attack.t1505.001
cve.2023-27363
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created By Non-PowerShell Process
calendar
Sep 2, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Schtasks Creation Or Modification With SYSTEM Privileges
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Serpent Backdoor Payload Execution Via Scheduled Task
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From File Sharing Domains
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download From File-Sharing Website Via Bitsadmin
calendar
Aug 23, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
User Risk and MFA Registration Policy Updated
calendar
Aug 21, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Multi Factor Authentication Disabled For User Account
calendar
Aug 21, 2024
·
attack.credential-access
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Added to a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Member Was Removed From a Security-Enabled Global Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A New Trust Was Created To A Domain
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
A Security-Enabled Global Group Was Deleted
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Abuse of Service Permissions to Hide Services Via Set-Service - PS
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Account Tampering - Suspicious Failed Logon Reasons
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Activity From Anonymous IP Address
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To AeDebug For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Debugger Entry To Hangs Key For Persistence
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Add Port Monitor Persistence in Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Added Credentials to Existing Application
calendar
Aug 12, 2024
·
attack.t1098.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Addition of SID History to Active Directory Object
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1134.005
·
Share on:
twitter
facebook
linkedin
copy
Allow Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Anomalous User Activity
calendar
Aug 12, 2024
·
attack.t1098
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Web Shell Detection
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Anydesk Remote Access Software Service Installation
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
App Granted Privileged Delegated Or App Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
App Role Added
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.privilege-escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Aug 12, 2024
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential-access
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Application Using Device Code Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Applications That Are Using ROPC Authentication Flow
calendar
Aug 12, 2024
·
attack.t1078
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Aruba Network Service Potential DLL Sideloading
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Atbroker Registry Change
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Atypical Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
AWS ECS Task Definition That Queries The Credential Endpoint
calendar
Aug 12, 2024
·
attack.persistence
attack.t1525
·
Share on:
twitter
facebook
linkedin
copy
AWS ElastiCache Security Group Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Backdoor Users Keys
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser LoginProfile Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser Templated S3 Bucket Policy Creation
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.009
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM S3Browser User or AccessKey Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.009
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
AWS Identity Center Identity Provider Change
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS User Login Profile Was Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Threat Intelligence
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Admission Controller
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Bitbucket Global Permission Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download From Direct IP
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Download To Potential Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job Downloading File Potential Suspicious Extension
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
BITS Transfer Job With Uncommon Or Suspicious Remote TLD
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon IP Server Address
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bitsadmin to Uncommon TLD
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.001
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
·
Share on:
twitter
facebook
linkedin
copy
Bulk Deletion Changes To Privileged Account Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC Using Event Viewer
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Removed by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
CA Policy Updated by Non Approved Actor
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1548
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Certificate Request Export to Exchange Webserver
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Certificate-Based Authentication Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association To Executable Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change Default File Association Via Assoc
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.001
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1556
attack.persistence
attack.defense-evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Changes To PIM Settings
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Changing Existing Service ImagePath Value Via Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Chopper Webshell Process Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
attack.t1018
attack.t1033
attack.t1087
·
Share on:
twitter
facebook
linkedin
copy
Chromium Browser Instance Executed With Custom Extension
calendar
Aug 12, 2024
·
attack.persistence
attack.t1176
·
Share on:
twitter
facebook
linkedin
copy
Cisco BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco Local Accounts
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Cisco Modify Configuration
calendar
Aug 12, 2024
·
attack.persistence
attack.impact
attack.t1490
attack.t1505
attack.t1565.002
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Classes Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Code Executed Via Office Add-in XLL File
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Code Injection by ld.so Preload
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1574.006
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COM Hijacking via TreatAs
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Common Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Communication To Uncommon Destination Ports
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Items
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.002
attack.persistence
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
CosmicDuke Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Creation Exe for Service with Unquoted Path
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Local Hidden User Account by Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of A Local User Account
calendar
Aug 12, 2024
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Creation Of An User Account
calendar
Aug 12, 2024
·
attack.t1136.001
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Creation of an WerFault.exe in Unusual Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
Creation Of Non-Existent System DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
CurrentControlSet Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CurrentVersion NT Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
cve.2021-40539
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1708 - ScreenConnect Path Traversal Exploitation
calendar
Aug 12, 2024
·
attack.persistence
cve.2024-1708
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1708 - ScreenConnect Path Traversal Exploitation - Security
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
cve.2024-1708
·
Share on:
twitter
facebook
linkedin
copy
CVE-2024-1709 - ScreenConnect Authentication Bypass Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
cve.2024-1709
·
Share on:
twitter
facebook
linkedin
copy
Default RDP Port Changed to Non Standard Port
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.010
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Deny Service Access Using Security Descriptor Tampering Via Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
DEWMODE Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Direct Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Directory Service Restore Mode(DSRM) Registry Value Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabled MFA to Bypass Authentication Mechanisms
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Disabling Multi Factor Authentication
calendar
Aug 12, 2024
·
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
DLL Load via LSASS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1547.008
·
Share on:
twitter
facebook
linkedin
copy
DLL Search Order Hijackig Via Additional Space in Path
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DLL Sideloading Of ShellChromeAPI.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
DNS HybridConnectionManager Service Bus
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
Driver Load From A Temporary Directory
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Enable Local Manifest Installation With Winget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Enabled User Right in AD to Control User Objects
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Enabling COR Profiler Environment Variables
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.012
·
Share on:
twitter
facebook
linkedin
copy
ESXi Account Creation Via ESXCLI
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136
·
Share on:
twitter
facebook
linkedin
copy
Exchange Set OabVirtualDirectory ExternalUrl Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Failed Logon From Public IP
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.t1078
attack.t1190
attack.t1133
·
Share on:
twitter
facebook
linkedin
copy
Failed MSExchange Transport Agent Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
Fax Service DLL Search Order Hijack
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
File Creation In Suspicious Directory By Msdt.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
cve.2022-30190
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To A Suspicious Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Bitsadmin To An Uncommon Target Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
File With Suspicious Extension Downloaded Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
attack.s0190
attack.t1036.003
·
Share on:
twitter
facebook
linkedin
copy
FlowCloud Registry Markers
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Custom Protocol Handler Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Forest Blizzard APT - Custom Protocol Handler DLL Registry Set
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
GCP Access Policy Deleted
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Github Fork Private Repositories Setting Enabled/Cleared
calendar
Aug 12, 2024
·
attack.persistence
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Aug 12, 2024
·
attack.credential-access
attack.defense-evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Github New Secret Created
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github Outside Collaborator Detected
calendar
Aug 12, 2024
·
attack.persistence
attack.collection
attack.t1098.001
attack.t1098.003
attack.t1213.003
·
Share on:
twitter
facebook
linkedin
copy
Github Repository/Organization Transferred
calendar
Aug 12, 2024
·
attack.persistence
attack.t1020
attack.t1537
·
Share on:
twitter
facebook
linkedin
copy
Github Self Hosted Runner Changes Detected
calendar
Aug 12, 2024
·
attack.impact
attack.discovery
attack.collection
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.initial-access
attack.t1526
attack.t1213.003
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Github SSH Certificate Configuration Changed
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Service Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Admission Controller
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes CronJob
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Application Access Level Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Granted Domain API Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace User Granted Admin Privileges
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Granting Of Permissions To An Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Guest User Invited By Non Approved Inviters
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.credential-access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Default PowerSploit/Empire Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.privilege-escalation
attack.s0111
attack.g0022
attack.g0060
car.2013-08-001
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Powerup Write Hijack DLL
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharPersist Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
HAFNIUM Exchange Exploitation Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.t1053
attack.g0125
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Hidden Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
HybridConnectionManager Service Running
calendar
Aug 12, 2024
·
attack.persistence
attack.t1554
·
Share on:
twitter
facebook
linkedin
copy
IE Change Domain Zone
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
IIS Native-Code Module Command Line Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Important Scheduled Task Deleted/Disabled
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Impossible Travel
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Internet Explorer Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Invalid PIM License
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.credential-access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Autorun Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Configuration Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Scheduled Task Creation
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes Admission Controller Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1078
attack.credential-access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Kubernetes CronJob/Job Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Launch Agent/Daemon Execution Via Launchctl
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1569.001
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Leviathan Registry Key Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Linux Webshell Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Loading of Kernel Module via Insmod
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.006
·
Share on:
twitter
facebook
linkedin
copy
Local User Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
MacOS Emond Launch Daemon
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.014
·
Share on:
twitter
facebook
linkedin
copy
Mailbox Export to Exchange Webserver
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL File Dropped in the Teams or OneDrive Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.defense-evasion
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Manipulation of User Computer or Group Security Principals Across AD
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Office DLL Sideload
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
MITRE BZAR Indicators for Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.004
·
Share on:
twitter
facebook
linkedin
copy
Modify User Shell Folders Startup Value
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Modifying Crontab
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit - System
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
calendar
Aug 12, 2024
·
cve.2023-34362
detection.emerging-threats
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
MSExchange Transport Agent Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
MSExchange Transport Agent Installation - Builtin
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.002
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Add Account To Sysadmin Role
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Extended Stored Procedure Backdoor Maggie
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL SPProcoption Set
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Narrator's Feedback-Hub Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
NetSupport Manager Service Install
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New ActiveScriptEventConsumer Created Via Wmic.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.003
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via Bitsadmin
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New BITS Job Created Via PowerShell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1197
·
Share on:
twitter
facebook
linkedin
copy
New Country
calendar
Aug 12, 2024
·
attack.t1078
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
New Custom Shim Database Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.009
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppCertDlls Registry Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.009
·
Share on:
twitter
facebook
linkedin
copy
New DLL Added to AppInit_DLLs Registry Key
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.010
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Federated Domain Added - Exchange
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Github Organization Member Added
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.003
·
Share on:
twitter
facebook
linkedin
copy
New Kernel Driver Via SC.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Netsh Helper DLL Registered From A Suspicious Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
New ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
New Outlook Macro Created
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
New Root Certificate Authority Added
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
New RUN Key Pointing to Suspicious Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using PowerShell
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New Service Creation Using Sc.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
·
Share on:
twitter
facebook
linkedin
copy
New TimeProviders Registered With Uncommon DLL Name
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1547.003
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
New User Created Via Net.EXE With Never Expire Option
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Number Of Resource Creation Or Deployment Activities
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Office Application Startup - Office Test
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.002
·
Share on:
twitter
facebook
linkedin
copy
Office Autorun Keys Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assigned to an User or Group
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.003
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Role Assignment Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Okta API Token Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Okta Identity Provider Created
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098.001
·
Share on:
twitter
facebook
linkedin
copy
Okta MFA Reset or Deactivated
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.defense-evasion
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SSH Login Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.persistence
attack.t1133
attack.t1021
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
OpenCanary - SSH New Connection Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.lateral-movement
attack.persistence
attack.t1133
attack.t1021
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.t1505.003
cve.2018-2894
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outlook Macro Execution Without Warning Setting Enabled
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Outlook Security Settings Updated - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Outlook Task/Note Reminder Received
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Password Change on Directory Service Restore Mode (DSRM) Account
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Password Reset By User Account
calendar
Aug 12, 2024
·
attack.persistence
attack.credential-access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Path To Screensaver Binary Modified
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.002
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Cron Files
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Disk Cleanup Handler - Autorun
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Hhctrl.ocx
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via New SIP Provider
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1553.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via Sudoers Files
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.003
·
Share on:
twitter
facebook
linkedin
copy
Persistence Via TypedPaths - CommandLine
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PIM Alert Setting Changes To Disabled
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor DLL Loading Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Possible Privilege Escalation via Weak Service Permissions
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential 7za.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential ACTINIUM Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Antivirus Software DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Binary Or Script Dropper Via PowerShell
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerDU.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential CCleanerReactivator.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Chrome Frame Helper DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Load
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT Windows User Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Object Hijacking Via TreatAs Subkey - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Dropped File
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection
calendar
Aug 12, 2024
·
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.defense-evasion
cve.2024-3400
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGCORE.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of DBGHELP.DLL
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Libcurl.DLL Via GUP.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Of Non-Existent DLLs From System Folders
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via ClassicExplorer32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via comctl32.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Sideloading Via JsSchHlp
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Encrypted Registry Blob Related To SNAKE Malware
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Shutdown Schedule Task Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Winlogon Shell Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Libvlc.DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Amazon SSM Agent Hijacking
calendar
Aug 12, 2024
·
attack.command-and-control
attack.persistence
attack.t1219
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via ErrorHandler.Cmd
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Existing Service Tampering
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1574.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Attempt Via Run Keys Using Reg.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Using DebugPath
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via App Paths Default Property
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.012
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AppCompat RegisterAppRestart Layer
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via AutodialDLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via CHM Helper DLL
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Disk Cleanup Handler - Registry
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via DLLPathOverride
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Event Viewer Events.asp
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Excel Add-in - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via GlobalFlags
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.defense-evasion
attack.t1546.012
car.2013-01-002
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - CommandLine
calendar
Aug 12, 2024
·
attack.persistence
attack.t1037.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Logon Scripts - Registry
calendar
Aug 12, 2024
·
attack.t1037.001
attack.persistence
attack.lateral-movement
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via LSA Extensions
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Compatibility Appraiser
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Add-In
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.006
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Microsoft Office Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Mpnotify
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via MyComputer Registry Keys
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.007
attack.s0108
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Netsh Helper DLL - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.007
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via New AMSI Providers - Registry
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Notepad++ Plugins
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Form
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook LoadMacroProviderOnBoot Setting
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1137
attack.t1008
attack.t1546
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PlistBuddy
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.001
attack.t1543.004
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Powershell Search Order Hijacking - Task
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via PowerShell User Profile Using Add-Content
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Scrobj.dll COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Security Descriptors - ScriptBlock
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database In Uncommon Location
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Shim Database Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via TypedPaths
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Visual Studio Tools for Office
calendar
Aug 12, 2024
·
attack.t1137.006
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via VMwareToolBoxCmd.EXE VM State Change Script
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Attempt Via .Exe.Local Technique
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation Using Symlink Between Osk and Cmd
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.persistence
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
Potential PSFactoryBuffer COM Hijacking
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546.015
·
Share on:
twitter
facebook
linkedin
copy
Potential Ransomware or Unauthorized MBR Tampering Via Bcdedit.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.persistence
attack.t1542.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via DbgManagedDebugger
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574
·
Share on:
twitter
facebook
linkedin
copy
Potential Registry Persistence Attempt Via Windows Telemetry
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Potential RipZip Attack on Startup Folder
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547
·
Share on:
twitter
facebook
linkedin
copy
Potential Ryuk Ransomware Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SentinelOne Shell Context Menu Scan Command Tampering
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Shim Database Persistence via Sdbinst.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Startup Shortcut Persistence Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Aug 12, 2024
·
attack.discovery
attack.persistence
attack.defense-evasion
attack.credential-access
attack.privilege-escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious BPF Activity - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Winget Package Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential System DLL Sideloading From Non System Locations
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Wazuh Security Platform DLL Sideloading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Webshell Creation On Static Website
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Malware Callback Communication - Linux
calendar
Aug 12, 2024
·
attack.persistence
attack.command-and-control
attack.t1571
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious ODBC Driver Registered
calendar
Aug 12, 2024
·
attack.persistence
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Shell Script Creation in Profile Folder
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Create Local User
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.persistence
attack.t1136.001
·
Share on:
twitter
facebook
linkedin
copy
Powershell Create Scheduled Task
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
·
Share on:
twitter
facebook
linkedin
copy
Powershell LocalAccount Manipulation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Module File Created
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Profile Modification
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1546.013
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Dropped Via PowerShell.EXE
calendar
Aug 12, 2024
·
attack.persistence
·
Share on:
twitter
facebook
linkedin
copy
Powerview Add-DomainObjectAcl DCSync AD Extend Right
calendar
Aug 12, 2024
·
attack.persistence
attack.t1098
·
Share on:
twitter