attack.t1557

Cisco BGP Authentication Failures

Apr 28, 2026 · attack.initial-access attack.persistence attack.privilege-escalation attack.credential-access attack.collection attack.stealth attack.t1078 attack.t1110 attack.t1557 ·
Share on:

Detects BGP failures which may be indicative of brute force attacks to manipulate routing

Read More
Cisco LDP Authentication Failures

Apr 28, 2026 · attack.initial-access attack.persistence attack.privilege-escalation attack.credential-access attack.collection attack.stealth attack.t1078 attack.t1110 attack.t1557 ·
Share on:

Detects LDP failures which may be indicative of brute force attacks to manipulate MPLS labels

Read More
Huawei BGP Authentication Failures

Apr 28, 2026 · attack.initial-access attack.persistence attack.privilege-escalation attack.credential-access attack.collection attack.stealth attack.t1078 attack.t1110 attack.t1557 ·
Share on:

Detects BGP failures which may be indicative of brute force attacks to manipulate routing.

Read More
Juniper BGP Missing MD5

Apr 28, 2026 · attack.initial-access attack.persistence attack.privilege-escalation attack.credential-access attack.collection attack.stealth attack.t1078 attack.t1110 attack.t1557 ·
Share on:

Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.

Read More
Potential Suspicious Activity Using SeCEdit

Apr 28, 2026 · attack.collection attack.discovery attack.persistence attack.credential-access attack.privilege-escalation attack.execution attack.stealth attack.defense-impairment attack.t1685.001 attack.t1547.001 attack.t1505.005 attack.t1556.002 attack.t1685 attack.t1574.007 attack.t1564.002 attack.t1546.008 attack.t1546.007 attack.t1547.014 attack.t1547.010 attack.t1547.002 attack.t1557 attack.t1082 ·
Share on:

Detects potential suspicious behaviour using secedit.exe. Such as exporting or modifying the security policy

Read More
Notepad++ Updater DNS Query to Uncommon Domains

Apr 21, 2026 · attack.collection attack.credential-access attack.t1195.002 attack.initial-access attack.t1557 ·
Share on:

Detects when the Notepad++ updater (gup.exe) makes DNS queries to domains that are not part of the known legitimate update infrastructure. This could indicate potential exploitation of the updater mechanism or suspicious network activity that warrants further investigation.

Read More
Uncommon File Created by Notepad++ Updater Gup.EXE

Apr 21, 2026 · attack.collection attack.credential-access attack.t1195.002 attack.initial-access attack.t1557 ·
Share on:

Detects when the Notepad++ updater (gup.exe) creates files in suspicious or uncommon locations. This could indicate potential exploitation of the updater component to deliver unwanted malware or unwarranted files.

Read More
Suspicious Child Process of Notepad++ Updater - GUP.Exe

Feb 4, 2026 · attack.collection attack.credential-access attack.t1195.002 attack.initial-access attack.t1557 ·
Share on:

Detects suspicious child process creation by the Notepad++ updater process (gup.exe). This could indicate potential exploitation of the updater component to deliver unwanted malware.

Read More
ISATAP Router Address Was Set

Oct 23, 2025 · attack.impact attack.credential-access attack.collection attack.initial-access attack.privilege-escalation attack.execution attack.t1557 attack.t1565.002 ·
Share on:

Detects the configuration of a new ISATAP router on a Windows host. While ISATAP is a legitimate Microsoft technology for IPv6 transition, unexpected or unauthorized ISATAP router configurations could indicate a potential IPv6 DNS Takeover attack using tools like mitm6. In such attacks, adversaries advertise themselves as DHCPv6 servers and set malicious ISATAP routers to intercept traffic. This detection should be correlated with network baselines and known legitimate ISATAP deployments in your environment.

Read More