open-menu
closeme
CVE-2021-31979 CVE-2021-33771 Exploits
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1566
attack.t1203
cve.2021-33771
cve.2021-31979
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits by Sourgum
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1566
attack.t1203
cve.2021-33771
cve.2021-31979
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Blacklist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
Download From Suspicious TLD - Whitelist
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
attack.execution
attack.t1203
attack.t1204.002
·
Share on:
twitter
facebook
linkedin
copy
HTML Help HH.EXE Suspicious Child Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Okta FastPass Phishing Detection
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Phishing Pattern ISO in Archive
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Potential Initial Access via DLL Search Order Hijacking
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.001
attack.initial-access
attack.t1574
attack.t1574.001
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Malicious Usage of CloudTrail System Manager
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1566
attack.t1566.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Execution via macOS Script Editor
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.002
attack.initial-access
attack.t1059
attack.t1059.002
attack.t1204
attack.t1204.001
attack.execution
attack.persistence
attack.t1553
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Suspicious External WebDAV Execution
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Suspicious HH.EXE Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.initial-access
attack.t1047
attack.t1059.001
attack.t1059.003
attack.t1059.005
attack.t1059.007
attack.t1218
attack.t1218.001
attack.t1218.010
attack.t1218.011
attack.t1566
attack.t1566.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Microsoft OneNote Child Process
calendar
Aug 12, 2024
·
attack.t1566
attack.t1566.001
attack.initial-access
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Event 4663)
calendar
Sep 1, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
Search-ms and WebDAV Indicators in URL
calendar
Aug 5, 2023
·
attack.initial_access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
WebDAV Temporary Local File Creation
calendar
Aug 5, 2023
·
attack.initial_access
attack.t1584
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Yellow Cockatoo Powershell Startup Folder Persistence (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Yellow Cockatoo PowerShell Suspicious .NET Methods (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.initial_access
attack.defense_evasion
attack.t1566
·
Share on:
twitter
facebook
linkedin
copy
Malicious QakBot Dropped File Creation (Sysmon)
calendar
Nov 18, 2022
·
attack.initial_access
attack.defense_evasion
attack.t1566
attack.t1027
attack.t1553
·
Share on:
twitter
facebook
linkedin
copy
to-top