open-menu
closeme
Cobalt Strike DNS Beaconing
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
DNS Exfiltration and Tunneling Tools Execution
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.001
attack.command-and-control
attack.t1071.004
attack.t1132.001
·
Share on:
twitter
facebook
linkedin
copy
DNS TXT Answer with Possible Execution Strings
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Silence.EDA Detection
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1071.004
attack.t1572
attack.impact
attack.t1529
attack.g0091
attack.s0363
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cobalt Strike DNS Beaconing - DNS Client
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Cobalt Strike DNS Beaconing - Sysmon
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious DNS Query with B64 Encoded String
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1048.003
attack.command-and-control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
DNSCat2 Powershell Implementation Detection Via Process Creation
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1071
attack.t1071.004
attack.t1001.003
attack.t1041
·
Share on:
twitter
facebook
linkedin
copy
High DNS Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High DNS Requests Rate - Firewall
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High NULL Records Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
High TXT Records Requests Rate
calendar
Apr 21, 2023
·
attack.exfiltration
attack.t1048.003
attack.command_and_control
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Possible DNS Tunneling
calendar
Apr 21, 2023
·
attack.command_and_control
attack.t1071.004
attack.exfiltration
attack.t1048.003
·
Share on:
twitter
facebook
linkedin
copy
DNS Query From Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Download by Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
Network Connection From Process with Double File Extension
calendar
Jan 30, 2023
·
attack.defense_evasion
attack.command_and_control
attack.t1218
attack.t1218.009
attack.t1071
attack.t1071.004
·
Share on:
twitter
facebook
linkedin
copy
to-top