open-menu
closeme
Active Directory Kerberos DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Parsing DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
CLR DLL Loaded Via Office Applications
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
DotNET Assembly DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Blacklist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Whitelist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Droppers Exploiting CVE-2017-11882
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-11882
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-0261
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-0261
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-8759
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-8759
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
File Was Not Allowed To Run
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.006
attack.t1059.007
·
Share on:
twitter
facebook
linkedin
copy
File With Uncommon Extension Created By An Office Application
calendar
Aug 12, 2024
·
attack.t1204.002
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Flash Player Update from Suspicious Location
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1189
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1036.005
·
Share on:
twitter
facebook
linkedin
copy
GAC DLL Loaded Via Office Applications
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - LittleCorporal Generated Maldoc Injection
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1055.003
·
Share on:
twitter
facebook
linkedin
copy
Kapeka Backdoor Loaded Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.defense-evasion
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Excel Add-In Loaded From Uncommon Location
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Microsoft VBA For Outlook Addin Loaded Via Outlook
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
New Application in AppCompat
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Browser Launch From Document Reader Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Remote DLL Load Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Binary In User Directory Spawned From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.g0046
car.2013-05-002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft Office Child Process - MacOS
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.t1059.002
attack.t1137.002
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outlook Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WMIC Execution Via Office Process
calendar
Aug 12, 2024
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious WmiPrvSE Child Process
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1047
attack.t1204.002
attack.t1218.010
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Malware C2 URL Pattern
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566.001
attack.execution
attack.t1204.002
attack.command-and-control
attack.t1071.001
·
Share on:
twitter
facebook
linkedin
copy
VBA DLL Loaded Via Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE - sdiagnhost.exe spawning command
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
ms-msdt for RCE CVE-2022-30190
calendar
Aug 10, 2024
·
attack.execution
attack.T1059.003
attack.T1204.002
·
Share on:
twitter
facebook
linkedin
copy
File Creation by Office Applications
calendar
Apr 21, 2023
·
attack.t1204.002
attack.t1047
attack.t1218.010
attack.execution
attack.defense_evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Old)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious User-Initiated Process Execution on External Drive (Sysmon)
calendar
Dec 28, 2022
·
attack.s0650
attack.s0483
attack.execution
attack.t1059
attack.t1204
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
to-top