This rule detects the execution of the extended storage procedure backdoor named Maggie in the context of Microsoft SQL server
Read MoreOutlook Macro Execution Without Warning Setting Enabled
Feb 9, 2023 · attack.persistence attack.command_and_control attack.t1137 attack.t1008 attack.t1546 ·Detects the modification of Outlook security setting to allow unprompted execution of macros.
Read MorePotential Persistence Via Outlook LoadMacroProviderOnBoot Setting
Feb 9, 2023 · attack.persistence attack.command_and_control attack.t1137 attack.t1008 attack.t1546 ·Detects the modification of Outlook setting "LoadMacroProviderOnBoot" which if enabled allows the automatic loading of any configured VBA project/module
Read MoreThe infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers
Read MoreGet-Variable is a valid PowerShell cmdlet WindowsApps is by default in the path where PowerShell is executed. So when the Get-Variable command is issued on PowerShell execution, the system first looks for the Get-Variable executable in the path and executes the malicious binary instead of looking for the PowerShell cmdlet.
Read More