open-menu
closeme
Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder
calendar
Oct 25, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Download From IP Based URL Via CertOC.EXE
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location
calendar
Aug 23, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Hidden Flag Set On File/Directory Via Chflags - MacOS
calendar
Aug 21, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
AppX Package Installation Attempts Via AppInstaller.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Arbitrary File Download Via GfxDownloadWrapper.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Browser Execution In Headless Mode
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Cisco Stage Data
calendar
Aug 12, 2024
·
attack.collection
attack.lateral-movement
attack.command-and-control
attack.exfiltration
attack.t1074
attack.t1105
attack.t1560.001
·
Share on:
twitter
facebook
linkedin
copy
Command Line Execution with Suspicious URL and AppData Strings
calendar
Aug 12, 2024
·
attack.execution
attack.command-and-control
attack.t1059.003
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Curl Download And Execute Combination
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Curl Usage on Linux
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Download File To Potentially Suspicious Directory Via Wget
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Download from Suspicious Dyndns Hosts
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
attack.t1568
·
Share on:
twitter
facebook
linkedin
copy
Executable from Webdav
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download And Execution Via IEExec.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download From Browser Process Via Inline URL
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Using Notepad++ GUP Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download via CertOC.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Nscurl - MacOS
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download Via Windows Defender MpCmpRun.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
File Download with Headless Browser
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Finger.EXE Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Import LDAP Data Interchange Format File Via Ldifde.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1218
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Insensitive Subfolder Search Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Local Network Connection Initiated By Script Interpreter
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Lolbas OneDriveStandaloneUpdater.exe Proxy Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
MsiExec Web Install
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.007
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Network Connection Initiated By IMEWDBLD.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Outbound Network Connection Initiated By Script Interpreter
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Pandemic Registry Key
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Password Protected ZIP File Opened (Suspicious Filenames)
calendar
Aug 12, 2024
·
attack.command-and-control
attack.defense-evasion
attack.t1027
attack.t1105
attack.t1036
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - Process Creation
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential COM Objects Download Cradles Usage - PS Script
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL File Download Via PowerShell Invoke-WebRequest
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Download/Upload Activity Using Type Command
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential In-Memory Download And Compile Of Payloads
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.007
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PowerShell DownloadFile
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1104
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Web Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1059.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
PrintBrm ZIP Creation of Extraction
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1564.004
·
Share on:
twitter
facebook
linkedin
copy
PUA - Nimgrab Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote File Copy
calendar
Aug 12, 2024
·
attack.command-and-control
attack.lateral-movement
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Desktopimgdownldr Utility
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download Via Findstr.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.t1564.004
attack.t1552.001
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Replace.exe Usage
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Certreq Command to Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl File Upload - Linux
calendar
Aug 12, 2024
·
attack.exfiltration
attack.t1567
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Curl.EXE Download
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Command
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Desktopimgdownldr Target File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Diantz Download and Compress Into a CAB File
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Download from Office Domain
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
attack.t1608
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dropbox API Usage
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Extrac32 Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Invoke-WebRequest Execution With DirectIP
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Network Connection Initiated By Certutil.EXE
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Wget Creating Files in Tmp Directory
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Certreq Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
CertUtil Downloading Malicious Binaries
calendar
Mar 26, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Operator Bring Your Own Tools
calendar
Feb 23, 2024
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Autoit3.exe Executable File Creation Matching DarkGate Behavior
calendar
Oct 14, 2023
·
attack.command_and_control
attack.execution
attack.t1105
attack.t1059
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Certutil Downloading Malicious Binaries (RedCanary Threat Detection Report)
calendar
May 17, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Possible Raspberry Robin DLL Download Using msiexec (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Exe File Event With System Image
calendar
Apr 16, 2023
·
attack.lateral_movement
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Key Added: LanmanServer Parameters
calendar
Jan 12, 2023
·
attack.command_and_control
attack.defense_evasion
attack.t1105
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Key Set (MaxMpxCt)
calendar
Jan 12, 2023
·
attack.command_and_control
attack.defense_evasion
attack.t1105
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Modification of MaxMpxCt Parameters
calendar
Dec 6, 2022
·
attack.command_and_control
attack.defense_evasion
attack.t1105
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
Executable Deployment from Remote Share
calendar
Nov 29, 2022
·
attack.lateral_movement
attack.command_and_control
attack.t1105
attack.t1021
·
Share on:
twitter
facebook
linkedin
copy
BITSAdmin Downloading Malicious Binaries
calendar
Nov 9, 2022
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
CertUtil Downloading Malicious Binaries
calendar
Nov 9, 2022
·
attack.command_and_control
attack.t1105
·
Share on:
twitter
facebook
linkedin
copy
to-top