open-menu
closeme
Enable LM Hash Storage
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Using Reg.EXE
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious Desktop Background Change Via Registry
calendar
Nov 1, 2024
·
attack.defense-evasion
attack.impact
attack.t1112
attack.t1491.001
·
Share on:
twitter
facebook
linkedin
copy
Disable Internal Tools or Feature in Registry
calendar
Oct 1, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RestrictedAdminMode Registry Value Tampering - ProcCreation
calendar
Aug 29, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Activate Suppression of Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Add DisallowRun Execution to Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Allow RDP Remote Assistance Feature
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Blackbyte Ransomware Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
·
Share on:
twitter
facebook
linkedin
copy
Change the Fax Dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Change User Account Associated with the FAX Service
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
ClickOnce Trust Prompt Tampering
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CrashControl CrashDump Disabled
calendar
Aug 12, 2024
·
attack.t1564
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-1048 Exploitation Attempt - Suspicious New Printer Ports - Registry
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.defense-evasion
attack.t1112
cve.2020-1048
·
Share on:
twitter
facebook
linkedin
copy
DHCP Callout DLL Installation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Security Events Logging Adding Reg Key MiniNt
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Security Center Notifications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled by Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable LM Hash Storage - ProcCreation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For rpcrt4.dll
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled For SCM
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
ETW Logging Disabled In .NET Processes - Sysmon Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562
·
Share on:
twitter
facebook
linkedin
copy
FlowCloud Registry Markers
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Imports Registry Key From a File
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Imports Registry Key From an ADS
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Macro Enabled In A Potentially Suspicious Document
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Modification of IE Registry Settings
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
NET NGenAssemblyUsageLog Registry Key Tamper
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
NetNTLM Downgrade Attack - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1562.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom DB Path Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom VBScript Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New BgInfo.EXE Custom WMI Query Registry Configuration
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
New DNS ServerLevelPluginDll Installed Via Dnscmd.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Non-privileged Usage of Reg or Powershell
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
OceanLotus Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Office Macros Warning Disabled
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outlook EnableUnsafeClientMailRules Setting Enabled - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential NetWire RAT Activity - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Custom Protocol Handler
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Event Viewer Events.asp
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Home Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Via Outlook Today Page
calendar
Aug 12, 2024
·
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Registry Set Internet Settings ZoneMap
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Registry File Imported Via Reg.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Tampering With RDP Related Registry Keys Via Reg.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.lateral-movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Potential Ursnif Malware Activity - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RDP Sensitive Settings Changed to Zero
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
RedMimicry Winnti Playbook Registry Manipulation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Reg Add Suspicious Paths
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
attack.t1562.001
·
Share on:
twitter
facebook
linkedin
copy
Registry Entries For Azorult Malware
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Explorer Policy Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Hide Function from User
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Registry Modification Via Regini.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Remote Registry Lateral Movement
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Removal of Potential COM Hijacking Registry Keys
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Run Once Task Configuration in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Run Once Task Execution as Configured in Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Service Binary in Suspicious Folder
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
ShimCache Flush
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Registry Modification From ADS Via Regini.EXE
calendar
Aug 12, 2024
·
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBoxDrvInst.exe Parameters
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Sysmon Channel Reference Deletion
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Terminal Server Client Connection History Cleared - Registry
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1070
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Trust Access Disable For VBApplications
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Microsoft Office Trusted Location Added
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Wdigest CredGuard Registry Modification
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Wdigest Enable UseLogonCredential
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Winlogon AllowMultipleTSSessions Enable
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling RDP service via reg.exe command execution
calendar
Aug 10, 2024
·
attack.defense_evasion
attack.lateral_movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable WDigest using PowerShell
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enabling RDP service via reg.exe command execution
calendar
Feb 22, 2024
·
attack.defense_evasion
attack.lateral_movement
attack.t1021.001
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
Enable WDigest using PowerShell (ps_module)
calendar
Jan 8, 2023
·
attack.defense_evasion
attack.t1112
·
Share on:
twitter
facebook
linkedin
copy
to-top