open-menu
closeme
Network Activity Detected via cat
calendar
Sep 18, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
GitHub Repository Deleted
calendar
Sep 14, 2023
·
Domain: Cloud
Use Case: Threat Detection
Tactic: Impact
Data Source: Github
·
Share on:
twitter
facebook
linkedin
copy
GitHub Protected Branch Settings Changed
calendar
Sep 14, 2023
·
Domain: Cloud
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Github
·
Share on:
twitter
facebook
linkedin
copy
Unusual Parent Process for cmd.exe
calendar
Sep 13, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Uncommon Registry Persistence Change
calendar
Sep 13, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistent Scripts in the Startup Directory
calendar
Sep 13, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell via UDP
calendar
Sep 7, 2023
·
OS: Linux
Use Case: Threat Detection
Tactic: Execution
·
Share on:
twitter
facebook
linkedin
copy
Potential Meterpreter Reverse Shell
calendar
Sep 7, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Microsoft Office AddIns
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Access of Stored Browser Credentials
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Access to Keychain Credentials Directories
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Account Discovery Command via SYSTEM Account
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Adding Hidden File Attribute via Attrib
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
AdFind Command Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Adobe Hijack Persistence
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Apple Script Execution followed by Network Connection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Command and Control
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Apple Scripting Execution with Administrator Privileges
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Disable Gatekeeper
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Disable IPTables or Firewall
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Disable Syslog Service
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Enable the Root Account
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Install Kali Linux via WSL
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Install Root Certificate
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Mount SMB Share via Command Line
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Remove File Quarantine Attribute
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Unload Elastic Endpoint Security Kernel Extension
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Authorization Plugin Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Base16 or Base32 Encoding/Decoding Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Bash Shell Profile Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Binary Executed from Shared Memory Directory
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Threat: BPFDoor
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
BPF filter applied using TC
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Threat: TripleCross
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via Event Viewer
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Bypass UAC via Sdclt
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Chkconfig Service Add
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Threat: Lightning Framework
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Clearing Windows Console History
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Clearing Windows Event Logs
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Code Signing Policy Modification Through Built-in tools
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Code Signing Policy Modification Through Registry
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Command Execution via SolarWinds Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Command Prompt Network Connection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Activity Started via RunDLL32
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Component Object Model Hijacking
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Conhost Spawned By Suspicious Parent Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Connection to Commonly Abused Free SSL Certificate Providers
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Connection to Commonly Abused Web Services
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Connection to External Network via Telnet
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Connection to Internal Network via Telnet
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Control Panel Process with Unusual Arguments
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation of a Hidden Local User Account
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation of Hidden Files and Directories via CommandLine
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation of Hidden Launch Agent or Daemon
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation of Hidden Login Item via Apple Script
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation of Hidden Shared Object File
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation or Modification of a new GPO Scheduled Task or Service
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation or Modification of Domain Backup DPAPI private key
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation or Modification of Root Certificate
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Credential Acquisition via Registry Hive Dumping
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Cron Job Created or Changed by Previously Unknown Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Delete Volume USN Journal with Fsutil
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deleting Backup Catalogs with Wbadmin
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential DNS Tunneling via Iodine
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential Process Injection via LD_PRELOAD Environment Variable
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Direct Outbound SMB Connection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Event and Security Logs Using Built-in Tools
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Disable Windows Firewall Rules via Netsh
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Disabling User Account Control via Registry Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Disabling Windows Defender Security Settings via PowerShell
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
DNS-over-HTTPS Enabled via Registry
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Dumping Account Hashes via Built-In Commands
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Dumping of Keychain Content via Security Command
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Dynamic Linker Copy
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Threat: Orbit
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
EggShell Backdoor Execution
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Elastic Agent Service Terminated
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Emond Rules Creation or Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enable Host Network Discovery via Netsh
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Encoded Executable Stored in the Registry
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Encrypting Files with WinRar or 7z
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enumerating Domain Trusts via DSQUERY.EXE
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enumerating Domain Trusts via NLTEST.EXE
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enumeration Command Spawned via WMIPrvSE
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enumeration of Administrator Accounts
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enumeration of Kernel Modules
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Enumeration of Users or Groups via Built-in Commands
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
ESXI Discovery via Find
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
ESXI Discovery via Grep
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
ESXI Timestomping using Touch Command
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Executable File Creation with Multiple Extensions
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution from Unusual Directory - Command Line
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution of COM object via Xwizard
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution of File Written or Modified by Microsoft Office
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution of File Written or Modified by PDF Reader
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution of Persistent Suspicious Program
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution via Electron Child Process Node.js Module
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution via local SxS Shared Module
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution via MSSQL xp_cmdshell Stored Procedure
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution via TSClient Mountpoint
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution via Windows Subsystem for Linux
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Execution with Explicit Credentials via Scripting
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Exporting Exchange Mailbox via PowerShell
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Collection
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
External IP Lookup from Non-Browser Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
File Deletion via Shred
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
File made Immutable by Chattr
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
File Permission Modification in Writable Directory
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
File Transfer or Listener Established via Netcat
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Finder Sync Plugin Registered and Enabled
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Commonly Abused Remote Access Tool Execution
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Driver Loaded
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Removable Device
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Tactic: Exfiltration
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Full User-Mode Dumps Enabled System-Wide
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Group Policy Discovery via Microsoft GPResult Utility
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
High Number of Process and/or Service Terminations
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
High Number of Process Terminations
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Host Files System Changes via Windows Subsystem for Linux
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Hosts File Modified
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Hping Process Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
IIS HTTP Logging Disabled
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Image File Execution Options Injection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
ImageLoad via Windows Update Auto Update Client
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Incoming DCOM Lateral Movement via MSHTA
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Incoming DCOM Lateral Movement with MMC
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Incoming DCOM Lateral Movement with ShellBrowserWindow or ShellWindows
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Incoming Execution via PowerShell Remoting
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Incoming Execution via WinRM Remote Shell
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Ingress Transfer via Windows BITS
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Command and Control
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Installation of Custom Shim Databases
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Installation of Security Support Provider
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
InstallUtil Process Making Network Connections
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Interactive Terminal Spawned via Perl
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Interactive Terminal Spawned via Python
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Cached Credentials Dumping
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Traffic from Unusual Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kernel Load or Unload via Kexec Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kernel module load via insmod
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Threat: Rootkit
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kernel Module Removal
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Keychain Password Retrieval via Command Line
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Lateral Movement via Startup Folder
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Launch Agent Creation or Modification and Immediate Loading
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
LaunchDaemon Creation or Modification and Immediate Loading
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via Linux Binary(s)
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Linux User Added to Privileged Group
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Local Account TokenFilter Policy Disabled
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Local Scheduled Task Creation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
LSASS Memory Dump Creation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Access via Windows API
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
MacOS Installer Package Spawns Network Event
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Tactic: Command and Control
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Masquerading Space After Filename
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Build Engine Started an Unusual Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Build Engine Started by a Script Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Build Engine Started by a System Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Build Engine Started by an Office Application
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Build Engine Using an Alternate Name
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Exchange Server UM Spawning Suspicious Processes
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Exchange Server UM Writing Suspicious Files
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Exchange Worker Spawning Suspicious Processes
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Connection Strings Decryption
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Service Account Password Dumped
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft Windows Defender Tampering
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Memssp Log File Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of AmsiEnable Registry Key
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Boot Configuration
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Dynamic Linker Preload Shared Object
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Environment Variable via Launchctl
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of OpenSSH Binaries
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Persistence
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Safari Settings via Defaults Command
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Standard Authentication Module or Configuration
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of WDigest Security Provider
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Mounting Hidden or WebDav Remote Shares
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
MsBuild Making Network Connections
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
MsBuild Network Connection Sequence
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Mshta Making Network Connections
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
MsXsl Making Network Connections
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Namespace Manipulation Using Unshare
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Connection via Certutil
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Connection via Compiled HTML File
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Connection via MsXsl
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Connection via Registration Utility
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Connection via Signed Binary
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Logon Provider Registry Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
New ActiveSyncAllowedDeviceID Added via PowerShell
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
New Systemd Service Created by Previously Unknown Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
New Systemd Timer Created
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Nping Process Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
NTDS or SAM Database File Copied
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
NullSessionPipe Registry Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Outbound Scheduled Task Activity via PowerShell
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Parent Process PID Spoofing
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Peripheral Device Discovery
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Discovery
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via BITS Job Notify Cmdline
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via DirectoryService Plugin Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Docker Shortcut Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Folder Action Script
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Hidden Run Key Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via KDE AutoStart Script or Desktop File Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Login or Logout Hook
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Microsoft Outlook VBA
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via PowerShell profile
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Scheduled Job Creation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via TelemetryController Scheduled Task Hijack
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Update Orchestrator Service Hijack
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Use Case: Vulnerability
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via WMI Event Subscription
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Persistence via WMI Standard Registry Provider
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Port Forwarding Rule Addition
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Admin Group Account Addition
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Application Shimming via Sdbinst
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Code Execution via Postgresql
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Command and Control via Internet Explorer
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Cookies Theft via Browser Debugging
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via Trusted Developer Utility
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via Windows Utilities
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Defense Evasion via PRoot
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Disabling of SELinux
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL Side-Loading via Microsoft Antimalware Service Executable
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential DLL SideLoading via Trusted Microsoft Programs
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential DNS Tunneling via NsLookup
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Evasion via Filter Manager
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Exfiltration via Certreq
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Command and Control
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Local User Account Creation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Hidden Process via Mount Hidepid
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential JAVA/JNDI Exploitation Attempt
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Kerberos Attack via Bifrost
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Lateral Tool Transfer via SMB Share
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Backdoor User Account Creation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Credential Dumping via Proc Filesystem
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Credential Dumping via Unshadow
calendar
Sep 5, 2023
·
Data Source: Elastic Endgame
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Local Account Brute Force Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Ransomware Note Creation Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Local NTLM Relay via HTTP
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential LSA Authentication Package Abuse
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential macOS SSH Brute Force Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Microsoft Office Sandbox Evasion
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Modification of Accessibility Binaries
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Non-Standard Port SSH connection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
OS: macOS
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential OpenSSH Backdoor Logging Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Through init.d Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Through MOTD File Creation Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence Through Run Control Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence via Atom Init Script Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence via Login Hook
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence via Periodic Tasks
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence via Time Provider Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Port Monitor or Print Processor Registration Abuse
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privacy Control Bypass via Localhost Secure Copy
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privacy Control Bypass via TCCDB Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation through Writable Docker Socket
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Domain: Container
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Container Misconfiguration
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Domain: Container
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via InstallerFileTakeOver
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via OverlayFS
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via PKEXEC
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Sudoers File Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via UID INT_MAX Bug Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Herpaderping Attempt
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Protocol Tunneling via EarthWorm
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Code Execution via Web Server
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Initial Access
Data Source: Elastic Endgame
Use Case: Vulnerability
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Credential Access via Registry
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Desktop Shadowing Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Desktop Tunneling Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell Activity via Terminal
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell via Java
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell via Suspicious Binary
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell via Suspicious Child Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell via Suspicious Parent Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Secure File Deletion via SDelete Utility
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Shadow File Read via Command Line Utilities
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential SharpRDP Behavior
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Shell via Wildcard Injection Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Sudo Hijacking Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Sudo Token Manipulation via Process Injection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious DebugFS Root Device Access
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Unauthorized Access via Wildcard Injection Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Windows Error Manager Masquerading
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Script Block Logging Disabled
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Named Pipe Impersonation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Root Crontab File Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privilege Escalation via Windir Environment Variable
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Privileges Elevation via Parent Process PID Spoofing
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Activity via Compiled HTML File
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Created with an Elevated Token
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Execution from an Unusual Directory
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Started from Process ID (PID) File
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Threat: BPFDoor
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Process Termination followed by Deletion
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Program Files Directory Masquerading
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Prompt for Credentials with OSASCRIPT
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
PsExec Network Connection
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Python Script Execution via Command Line
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
RDP Enabled via Registry
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via AppCert DLL
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Registry Persistence via AppInit DLL
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Remote Desktop Enabled in Windows Firewall by Netsh
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Remote Execution via File Shares
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Remote File Copy to a Hidden Share
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Remote File Copy via TeamViewer
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Command and Control
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Remote File Download via Desktopimgdownldr Utility
calendar
Sep 5, 2023
·
Domain: Endpoint
OS