open-menu
closeme
Deletion of Volume Shadow Copies via WMI with PowerShell
calendar
Nov 2, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Versioning Disable
calendar
Oct 28, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume Shadow Copies Via WMI With PowerShell
calendar
Oct 28, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Tampering Via Bcdedit.EXE
calendar
Oct 18, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vssapi.dll Load
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy Vsstrace.dll Load
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
WannaCry Ransomware Activity
calendar
Oct 18, 2023
·
attack.lateral_movement
attack.t1210
attack.discovery
attack.t1083
attack.defense_evasion
attack.t1222.001
attack.impact
attack.t1486
attack.t1490
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Deletion of Volume Shadow Copies via WMI with PowerShell - PS Script
calendar
Oct 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Registry Access via Volume Shadow Copy
calendar
Oct 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
New Root or CA or AuthRoot Certificate to Store
calendar
Aug 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Registry Disable System Restore
calendar
Aug 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Potential Dtrack RAT Activity
calendar
Jun 20, 2023
·
attack.impact
attack.t1490
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Jun 20, 2023
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Amsi.DLL Load By Uncommon Process
calendar
Jun 1, 2023
·
attack.defense_evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Volume Shadow Copy VSS_PS.dll Load
calendar
May 23, 2023
·
attack.defense_evasion
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Copy From VolumeShadowCopy Via Cmd.EXE
calendar
Mar 7, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Backup Files Deleted
calendar
Feb 17, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
SystemStateBackup Deleted Using Wbadmin.EXE
calendar
Feb 5, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Cisco Modify Configuration
calendar
Jan 4, 2023
·
attack.persistence
attack.impact
attack.t1490
attack.t1505
attack.t1565.002
attack.t1053
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume Shadow Copies via WMI with PowerShell - PS Script
calendar
Jan 4, 2023
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
Boot Configuration Database (BCD) Manipulation - Registry Modification
calendar
Nov 22, 2022
·
attack.impact
attack.t1490
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
Use of bcdedit to Disrupt Boot Processes
calendar
Nov 22, 2022
·
attack.impact
attack.t1490
attack.g0092
·
Share on:
twitter
facebook
linkedin
copy
WMIC Shadow Copy Deletion
calendar
Nov 9, 2022
·
attack.impact
attack.t1490
·
Share on:
twitter
facebook
linkedin
copy
to-top