open-menu
closeme
Active Directory Database Snapshot Via ADExplorer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Copying Sensitive Files with Credential Data
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
car.2013-07-001
attack.s0404
·
Share on:
twitter
facebook
linkedin
copy
Create Volume Shadow Copy with Powershell
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Cred Dump Tools Dropped Files
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.001
attack.t1003.002
attack.t1003.003
attack.t1003.004
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Gather Credentials
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Invocation of Active Directory Diagnostic Tool (ntdsutil.exe)
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS Exfiltration Filename Patterns
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Created
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Parent Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Process
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Ntdsutil Abuse
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity - Zeek
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Russian APT Credential Theft Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PUA - DIT Snapshot Viewer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Sensitive File Dump Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Sensitive File Recovery From Backup Via Wbadmin.EXE
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Shadow Copies Creation Using Operating Systems Utilities
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Active Directory Database Snapshot Via ADExplorer
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-ADDBAccount Usage
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of Active Directory Diagnostic Tool (ntdsutil.exe)
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares - Zeek
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
VolumeShadowCopy Symlink Creation Via Mklink
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Secretsdump.py Execution
calendar
Mar 26, 2024
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket Secretsdump.py Activity
calendar
Sep 1, 2023
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
NTDSutil Pulling of NTDS.dit File
calendar
Nov 29, 2022
·
attack.credential_access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
to-top