open-menu
closeme
Exploiting CVE-2019-1388
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1068
cve.2019-1388
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-41379 Exploitation Attempt
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1068
cve.2021-41379
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious RazerInstaller Explorer Subprocess
calendar
Dec 1, 2024
·
attack.privilege-escalation
attack.t1553
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious WinRAR Child Process
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1203
cve.2023-38331
·
Share on:
twitter
facebook
linkedin
copy
Peach Sandstorm APT Process Activity Indicators
calendar
Dec 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pikabot Fake DLL Extension Execution Via Rundll32.EXE
calendar
Dec 1, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Peach Sandstorm APT C2 Communication Activity
calendar
Dec 1, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot C2 Activity
calendar
Dec 1, 2024
·
attack.command-and-control
attack.t1573
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Discovery Activity
calendar
Dec 1, 2024
·
attack.discovery
attack.t1016
attack.t1049
attack.t1087
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Hollowing Activity
calendar
Dec 1, 2024
·
attack.defense-evasion
attack.t1055.012
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM IOCs
calendar
Nov 25, 2024
·
attack.credential-access
attack.command-and-control
attack.t1212
attack.t1071
attack.g0093
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malicious DLL Load By Compromised 3CXDesktopApp
calendar
Nov 25, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Execution
calendar
Nov 25, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Pikabot Infection - Suspicious Command Combinations Via Cmd.EXE
calendar
Nov 1, 2024
·
attack.execution
attack.t1059.003
attack.t1105
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Linux)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Suspicious Confluence Child Process (Windows)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.execution
attack.t1059
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Proxy)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-22518 Exploitation Attempt - Vulnerable Endpoint Connection (Webserver)
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-22518
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Proxy
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-46747 Exploitation Activity - Webserver
calendar
Oct 1, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
cve.2023-46747
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-4966 Potential Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Webserver
calendar
Oct 1, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-4966
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2023-46214 Using Public POC Code
calendar
Oct 1, 2024
·
cve.2023-46214
detection.emerging-threats
attack.lateral-movement
attack.t1210
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Cobalt Strike Download
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest File Indicators
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest Malware Loader Execution
calendar
Oct 1, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Evidence Eraser
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lace Tempest PowerShell Launcher
calendar
Oct 1, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-46214 Exploitation Attempt
calendar
Oct 1, 2024
·
attack.lateral-movement
attack.t1210
cve.2023-46214
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 Process Creation Patterns
calendar
Sep 13, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation Filename Pattern
calendar
Sep 13, 2024
·
attack.execution
attack.privilege-escalation
attack.resource-development
attack.t1587
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
InstallerFileTakeOver LPE CVE-2021-41379 File Create Event
calendar
Sep 13, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LPE InstallerFileTakeOver PoC CVE-2021-41379
calendar
Sep 13, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Possible CVE-2021-1675 Print Spooler Exploitation
calendar
Sep 13, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
ChromeLoader Malware Execution
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.001
attack.t1176
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE Execution Parameters
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - Autoit3.EXE File Creation By Uncommon Process
calendar
Sep 2, 2024
·
attack.command-and-control
attack.execution
attack.t1105
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkGate - User Created Via Net.EXE
calendar
Sep 2, 2024
·
attack.persistence
attack.t1136.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DLL Sideloading Indicators
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT DNS Communication Indicators
calendar
Sep 2, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Process Activity Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation
calendar
Sep 2, 2024
·
attack.execution
attack.privilege-escalation
attack.persistence
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Diamond Sleet APT Scheduled Task Creation - Registry
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1562
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Attempt Of CVE-2020-1472 - Execution of ZeroLogon PoC
calendar
Sep 2, 2024
·
attack.execution
attack.lateral-movement
attack.t1210
cve.2020-1472
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicators Of CVE-2023-20198
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Injected Browser Process Spawning Rundll32 - GuLoader Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus APT DLL Sideloading Activity
calendar
Sep 2, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
attack.g0032
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Okta 2023 Breach Indicator Of Compromise
calendar
Sep 2, 2024
·
attack.credential-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Onyx Sleet APT File Creation Indicators
calendar
Sep 2, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-44228 Exploitation Attempt - VMware Horizon
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2021-44228
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-22954 Exploitation Attempt - VMware Workspace ONE Access Remote Code Execution
calendar
Sep 2, 2024
·
attack.execution
attack.initial-access
attack.t1059.006
attack.t1190
cve.2022-22954
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27363 Exploitation - HTA File Creation By FoxitPDFReader
calendar
Sep 2, 2024
·
attack.persistence
attack.t1505.001
cve.2023-27363
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation
calendar
Sep 2, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Proxy
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2023-43621
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Information Disclosure CVE-2023-43261 Exploitation - Web
calendar
Sep 2, 2024
·
attack.initial-access
attack.t1190
cve.2023-43621
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - Dynamic Compilation Via Csc.EXE
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Initial Execution From External Drive
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Raspberry Robin Subsequent Execution of Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Serpent Backdoor Payload Execution Via Scheduled Task
calendar
Sep 2, 2024
·
attack.execution
attack.persistence
attack.t1053.005
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Sysmon as Execution Parent
calendar
Sep 2, 2024
·
attack.privilege-escalation
attack.t1068
cve.2022-41120
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Ursnif Redirection Of Discovery Commands
calendar
Sep 2, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Emotet Loader Execution Via .LNK File
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.006
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
FakeUpdates/SocGholish Activity
calendar
Aug 29, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-29072 Exploitation Attempt
calendar
Aug 29, 2024
·
attack.execution
cve.2022-29072
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MOVEit Transfer CVE-2023-34362 Exploitation - File Activity
calendar
Aug 29, 2024
·
attack.initial-access
attack.t1190
cve.2023-34362
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
ADSelfService Exploitation
calendar
Aug 12, 2024
·
cve.2021-40539
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Adwind RAT / JRAT
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
attack.t1059.007
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Apache Spark Shell Command Injection - Weblogs
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-33891
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT PRIVATELOG Image Load Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT27 - Emissary Panda Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1574.002
attack.g0027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign CommandLine Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT29 2018 Phishing Campaign File Indicators
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
APT31 Judgement Panda Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.credential-access
attack.g0128
attack.t1003.001
attack.t1560.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Arcadyan Router Exploitations
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-20090
cve.2021-20091
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Atlassian Bitbucket Command Injection Via Archive API
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-36804
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Blue Mockingbird
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
BlueSky Ransomware Artefacts
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Cisco ASA FTD Exploit CVE-2020-3452
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2020-3452
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Citrix ADS Exploitation CVE-2020-8193 CVE-2020-8195
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-8193
cve.2020-8195
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Citrix Netscaler Attack CVE-2019-19781
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2019-19781
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL Persistence Service Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Anonymous User Process Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Cleanup Command Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
COLDSTEEL RAT Service Persistence Execution
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Confluence Exploitation CVE-2019-3398
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2019-3398
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Conti NTDS Exfiltration Command
calendar
Aug 12, 2024
·
attack.collection
attack.t1560
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Conti Volume Shadow Listing
calendar
Aug 12, 2024
·
attack.t1587.001
attack.resource-development
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CosmicDuke Service Installation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1543.003
attack.t1569.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2010-5278 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2010-5278
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-0688 Exchange Exploitation via Web Log
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-0688
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-0688 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-0688
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-0688 Exploitation via Eventlog
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-0688
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-10148 SolarWinds Orion API Auth Bypass
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-10148
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2020-5902 F5 BIG-IP Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2020-5902
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
cve.2021-1675
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-1675 Print Spooler Exploitation IPC Access
calendar
Aug 12, 2024
·
attack.execution
attack.t1569
cve.2021-1675
cve.2021-34527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-21972 VSphere Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-21972
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-21978 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-21978
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-26858 Exchange Exploitation
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
cve.2021-26858
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1566
attack.t1203
cve.2021-33771
cve.2021-31979
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits by Sourgum
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1566
attack.t1203
cve.2021-33771
cve.2021-31979
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-33766 Exchange ProxyToken Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-33766
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.persistence
attack.t1505.003
cve.2021-40539
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-41773 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-41773
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-44077 POC Default Dropped File
calendar
Aug 12, 2024
·
attack.execution
cve.2021-44077
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-24527 Microsoft Connected Cache LPE
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1059.001
cve.2022-24527
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-31656 VMware Workspace ONE Access Auth Bypass
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-31656
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2022-31659 VMware Workspace ONE Access RCE
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-31659
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-1389 Potential Exploitation Attempt - Unauthenticated Command Injection In TP-Link Archer AX21
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
cve.2023-1389
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-23397 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.initial-access
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-38331 Exploitation Attempt - Suspicious Double Extension File
calendar
Aug 12, 2024
·
attack.execution
cve.2023-38331
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - .REV File Creation
calendar
Aug 12, 2024
·
attack.execution
cve.2023-40477
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-40477 Potential Exploitation - WinRAR Application Crash
calendar
Aug 12, 2024
·
attack.execution
cve.2023-40477
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DarkSide Ransomware Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053.005
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Defrag Deactivation - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.s0111
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Devil Bait Potential C2 Communication Traffic
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DEWMODE Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DNS RCE CVE-2020-1350
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1569.002
cve.2020-1350
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
DPRK Threat Actor - C2 Communication DNS Indicators
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Droppers Exploiting CVE-2017-11882
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-11882
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Elise Backdoor Activity
calendar
Aug 12, 2024
·
attack.g0030
attack.g0050
attack.s0081
attack.execution
attack.t1059.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Equation Group C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
attack.t1041
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Equation Group DLL_U Export Function Load
calendar
Aug 12, 2024
·
attack.g0020
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
EvilNum APT Golden Chickens Deployment Via OCX Files
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exchange Exploitation CVE-2021-28480
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-28480
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exchange Exploitation Used by HAFNIUM
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.g0125
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2015-1641
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
cve.2015-1641
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-0261
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-0261
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploit for CVE-2017-8759
calendar
Aug 12, 2024
·
attack.execution
attack.t1203
attack.t1204.002
attack.initial-access
attack.t1566.001
cve.2017-8759
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation Indicator Of CVE-2022-42475
calendar
Aug 12, 2024
·
attack.initial-access
cve.2022-42475
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploitation of CVE-2021-26814 in Wazuh
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-21978
cve.2021-26814
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploited CVE-2020-10189 Zoho ManageEngine
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1059.001
attack.t1059.003
attack.s0190
cve.2020-10189
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Exploiting SetupComplete.cmd CVE-2019-1378
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
attack.execution
attack.t1059.003
attack.t1574
cve.2019-1378
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fireball Archer Install
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
FoggyWeb Backdoor DLL Loading
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Formbook Process Creation
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fortinet CVE-2018-13379 Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2018-13379
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Fortinet CVE-2021-22123 Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-22123
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM Artefacts - Builtin
calendar
Aug 12, 2024
·
attack.credential-access
attack.command-and-control
attack.t1071
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor IOC
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Potential C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Goofy Guineapig Backdoor Service Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Grafana Path Traversal Exploitation CVE-2021-43798
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-43798
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Greenbug Espionage Group Indicators
calendar
Aug 12, 2024
·
attack.g0049
attack.execution
attack.t1059.001
attack.command-and-control
attack.t1105
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Griffon Malware Attack Pattern
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
HAFNIUM Exchange Exploitation Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
attack.t1053
attack.g0125
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Hermetic Wiper TG Process Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.lateral-movement
attack.t1021.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
IcedID Malware Suspicious Single Digit DLL Execution Via Rundll32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus Group Activity
calendar
Aug 12, 2024
·
attack.g0032
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Lazarus System Binary Masquerading
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Leviathan Registry Key Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
LockerGoga Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Log4j RCE CVE-2021-44228 Generic
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Log4j RCE CVE-2021-44228 in Fields
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-44228
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Malware Shellcode in Verclsid Target Process
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MERCURY APT Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - AsperaFaspex Suspicious Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - Log4J Wstomcat Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mint Sandstorm - ManageEngine Suspicious Process Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Moriya Rootkit File Created
calendar
Aug 12, 2024
·
attack.persistence
attack.privilege-escalation
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MOVEit CVE-2023-34362 Exploitation Attempt - Potential Web Shell Request
calendar
Aug 12, 2024
·
cve.2023-34362
detection.emerging-threats
attack.persistence
attack.t1505.003
·
Share on:
twitter
facebook
linkedin
copy
MSMQ Corrupted Packet Encountered
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Extended Stored Procedure Backdoor Maggie
calendar
Aug 12, 2024
·
attack.persistence
attack.t1546
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Mustang Panda Dropper
calendar
Aug 12, 2024
·
attack.t1587.001
attack.resource-development
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
NotPetya Ransomware Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
attack.t1070.001
attack.credential-access
attack.t1003.001
car.2016-04-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OceanLotus Registry Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - Security
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OilRig APT Schedule Task Persistence - System
calendar
Aug 12, 2024
·
attack.persistence
attack.g0049
attack.t1053.005
attack.s0111
attack.t1543.003
attack.defense-evasion
attack.t1112
attack.command-and-control
attack.t1071.004
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Operation Wocao Activity - Security
calendar
Aug 12, 2024
·
attack.discovery
attack.t1012
attack.defense-evasion
attack.t1036.004
attack.t1027
attack.execution
attack.t1053.005
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
attack.persistence
attack.t1505.003
cve.2018-2894
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit CVE-2020-14882
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2020-14882
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Oracle WebLogic Exploit CVE-2021-2109
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2021-2109
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Outlook Task/Note Reminder Received
calendar
Aug 12, 2024
·
attack.persistence
attack.t1137
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
OWASSRF Exploitation Attempt Using Public POC - Webserver
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PaperCut MF/NG Exploitation Related Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
PaperCut MF/NG Potential Exploitation
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor DLL Loading Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pingback Backdoor File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Possible Exploitation of Exchange RCE CVE-2021-42321
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential ACTINIUM Persistence Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1053
attack.t1053.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 POWERHOLD Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Reconnaissance/POWERTRASH Related Activity
calendar
Aug 12, 2024
·
attack.execution
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT FIN7 Related PowerShell Script Created
calendar
Aug 12, 2024
·
attack.execution
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT Mustang Panda Activity Against Australian Gov
calendar
Aug 12, 2024
·
attack.execution
attack.g0129
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT-C-12 BlueMushroom DLL Load Activity Via Regsvr32
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential APT10 Cloud Hopper Activity
calendar
Aug 12, 2024
·
attack.execution
attack.g0045
attack.t1059.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.execution
attack.t1190
attack.t1059
cve.2021-26084
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Baby Shark Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
attack.discovery
attack.t1012
attack.t1059.003
attack.t1059.001
attack.t1218.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential BearLPE Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1053.005
car.2013-08-001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential BlackByte Ransomware Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
attack.defense-evasion
attack.impact
attack.t1485
attack.t1498
attack.t1059.001
attack.t1140
·
Share on:
twitter
facebook
linkedin
copy
Potential Bumblebee Remote Thread Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1218.011
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Centos Web Panel Exploitation Attempt - CVE-2022-44877
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-44877
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Creation
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL Persistence Service DLL Load
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT File Indicators
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential COLDSTEEL RAT Windows User Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - DNS
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - Netcon
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Beaconing Activity - Proxy
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp ICO C2 File Download
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Compromised 3CXDesktopApp Update Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Conti Ransomware Activity
calendar
Aug 12, 2024
·
attack.impact
attack.s0575
attack.t1486
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Conti Ransomware Database Dumping Activity Via SQLCmd
calendar
Aug 12, 2024
·
attack.collection
attack.t1005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-26857 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.t1203
attack.execution
cve.2021-26857
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-27905 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-27905
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-40444 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-42278 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1558.003
cve.2021-42278
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-21587 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-21587
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-26809 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.execution
attack.t1569.002
cve.2022-26809
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2022-46169 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2022-46169
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-21554 QueueJumper Exploitation
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.execution
cve.2023-21554
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-2283 Exploitation
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2023-2283
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-23397 Exploitation Attempt - SMB
calendar
Aug 12, 2024
·
attack.exfiltration
cve.2023-23397
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-23752 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2023-23752
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-25157 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
cve.2023-25157
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-25717 Exploitation Attempt
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2023-25717
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-27997 Exploitation Indicators
calendar
Aug 12, 2024
·
cve.2023-27997
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution
calendar
Aug 12, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location
calendar
Aug 12, 2024
·
attack.execution
cve.2023-36874
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - File Downloads
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - Share Access
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation - URL Marker
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Dropped File
calendar
Aug 12, 2024
·
attack.persistence
attack.defense-evasion
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2023-36884 Exploitation Pattern
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - File Creation
calendar
Aug 12, 2024
·
attack.execution
cve.2024-3400
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2303-36884 URL Request Pattern Traffic
calendar
Aug 12, 2024
·
attack.command-and-control
cve.2023-36884
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Malware Reconnaissance
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Devil Bait Related Indicator
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Dridex Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.privilege-escalation
attack.t1055
attack.discovery
attack.t1135
attack.t1033
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Dtrack RAT Activity
calendar
Aug 12, 2024
·
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.defense-evasion
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Emotet Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential EmpireMonkey Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.010
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Encrypted Registry Blob Related To SNAKE Malware
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt From Office Application
calendar
Aug 12, 2024
·
attack.execution
attack.defense-evasion
cve.2021-40444
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-37085 - Suspicious Creation Of ESX Admins Group
calendar
Aug 12, 2024
·
attack.execution
cve.2024-37085
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Exploitation of CVE-2024-37085 - Suspicious ESX Admins Group Activity
calendar
Aug 12, 2024
·
attack.execution
cve.2024-37085
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Goofy Guineapig Backdoor Activity
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Goofy Guineapig GoolgeUpdate Process Anomaly
calendar
Aug 12, 2024
·
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Lure Document Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Shutdown Schedule Task Creation
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential KamiKakaBot Activity - Winlogon Shell Persistence
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ke3chang/TidePool Malware Activity
calendar
Aug 12, 2024
·
attack.g0004
attack.defense-evasion
attack.t1562.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Maze Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204.002
attack.t1047
attack.impact
attack.t1490
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential MuddyWater APT Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0069
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - DNS
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Operation Triangulation C2 Beaconing Activity - Proxy
calendar
Aug 12, 2024
·
attack.command-and-control
attack.g0020
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential OWASSRF Exploitation Attempt - Webserver
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential PlugX Activity
calendar
Aug 12, 2024
·
attack.s0013
attack.defense-evasion
attack.t1574.002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential POWERTRASH Script Execution
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.g0046
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Qakbot Rundll32 Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential QBot Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Aclui Dll SideLoading
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.privilege-escalation
attack.t1574.001
attack.t1574.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin CPL Execution Activity
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.defense-evasion
attack.execution
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Dot Ending File
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Raspberry Robin Registry Set Internet Settings ZoneMap
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.t1112
attack.defense-evasion
·
Share on:
twitter
facebook
linkedin
copy
Potential Russian APT Credential Theft Activity
calendar
Aug 12, 2024
·
attack.credential-access
attack.t1552.001
attack.t1003.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ryuk Ransomware Activity
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Installation Binary Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Installation CLI Arguments Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SNAKE Malware Persistence Service Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Snatch Ransomware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1204
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SocGholish Second Stage C2 DNS Query
calendar
Aug 12, 2024
·
attack.command-and-control
attack.t1219
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Child Process Of 3CXDesktopApp
calendar
Aug 12, 2024
·
attack.command-and-control
attack.execution
attack.t1218
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SystemNightmare Exploitation Attempt
calendar
Aug 12, 2024
·
attack.privilege-escalation
attack.t1068
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Ursnif Malware Activity - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.t1112
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
ProxyLogon Reset Virtual Directories Based On IIS Log
calendar
Aug 12, 2024
·
cve.2021-26858
detection.emerging-threats
attack.initial-access
attack.t1190
·
Share on:
twitter
facebook
linkedin
copy
Ps.exe Renamed SysInternals Tool
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.g0035
attack.t1036.003
car.2013-05-009
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pulse Connect Secure RCE Attack CVE-2021-22893
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-22893
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Pulse Secure Attack CVE-2019-11510
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2019-11510
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Regsvr32 Calc Pattern
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Exports Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Rundll32 Fake DLL Extension Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Qakbot Uninstaller Execution
calendar
Aug 12, 2024
·
detection.emerging-threats
attack.execution
·
Share on:
twitter
facebook
linkedin
copy
Rejetto HTTP File Server RCE
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
attack.t1505.003
cve.2014-6287
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
REvil Kaseya Incident Malware Patterns
calendar
Aug 12, 2024
·
attack.execution
attack.t1059
attack.g0115
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Rhadamanthys Stealer Module Launch Via Rundll32.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1218.011
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Rorschach Ransomware Execution Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.003
attack.t1059.001
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Serv-U Exploitation CVE-2021-35211 by DEV-0322
calendar
Aug 12, 2024
·
attack.persistence
attack.t1136.001
cve.2021-35211
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sitecore Pre-Auth RCE CVE-2021-42237
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-42237
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware CommandLine Indicator
calendar
Aug 12, 2024
·
attack.persistence
attack.t1574.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware File Indicator Creation
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1036.005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Potential C2 Communication
calendar
Aug 12, 2024
·
attack.command-and-control
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Small Sieve Malware Registry Persistence
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Covert Store Registry Key
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Installer Name Indicators
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Kernel Driver File Indicator
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware Service Persistence
calendar
Aug 12, 2024
·
attack.persistence
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SNAKE Malware WerFault Persistence File Creation
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Sofacy Trojan Loader Activity
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.g0007
attack.t1059.003
attack.t1218.011
car.2013-10-002
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Solarwinds SUPERNOVA Webshell Access
calendar
Aug 12, 2024
·
attack.persistence
attack.t1505.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SonicWall SSL/VPN Jarrewrite Exploitation
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
SOURGUM Actor Behaviours
calendar
Aug 12, 2024
·
attack.t1546
attack.t1546.015
attack.persistence
attack.privilege-escalation
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
StoneDrill Service Install
calendar
Aug 12, 2024
·
attack.persistence
attack.g0064
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Successful Exchange ProxyShell Attack
calendar
Aug 12, 2024
·
attack.initial-access
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Computer Account Name Change CVE-2021-42287
calendar
Aug 12, 2024
·
cve.2021-42287
detection.emerging-threats
attack.defense-evasion
attack.persistence
attack.t1036
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PrinterPorts Creation (CVE-2020-1048)
calendar
Aug 12, 2024
·
attack.persistence
attack.execution
attack.t1059.001
cve.2020-1048
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious VBScript UN2452 Pattern
calendar
Aug 12, 2024
·
attack.persistence
attack.t1547.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Word Cab File Write CVE-2021-40444
calendar
Aug 12, 2024
·
attack.resource-development
attack.t1587
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
TAIDOOR RAT DLL Load
calendar
Aug 12, 2024
·
attack.execution
attack.t1055.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
TerraMaster TOS CVE-2020-28188
calendar
Aug 12, 2024
·
attack.t1190
attack.initial-access
cve.2020-28188
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Trickbot Malware Activity
calendar
Aug 12, 2024
·
attack.execution
attack.t1559
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
TropicTrooper Campaign November 2018
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Commands May 2020
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059.001
attack.t1053.005
attack.t1027
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059
attack.lateral-movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Named Pipes
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1106
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla PNG Dropper Service
calendar
Aug 12, 2024
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Turla Service Install
calendar
Aug 12, 2024
·
attack.persistence
attack.g0010
attack.t1543.003
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC2452 PowerShell Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.t1059.001
attack.t1047
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Barracuda ESG Exploitation Indicators
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Compressed Files From Temp.sh Using Wget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Download Tar File From Untrusted Direct IP Via Wget
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Email Exfiltration File Pattern
calendar
Aug 12, 2024
·
attack.execution
attack.persistence
attack.defense-evasion
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - Potential SEASPY Execution
calendar
Aug 12, 2024
·
attack.execution
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
UNC4841 - SSL Certificate Exfiltration Via Openssl
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.t1140
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
VMware vCenter Server File Upload CVE-2021-22005
calendar
Aug 12, 2024
·
attack.initial-access
attack.t1190
cve.2021-22005
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
WannaCry Ransomware Activity
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1210
attack.discovery
attack.t1083
attack.defense-evasion
attack.t1222.001