High Process Termination Frequency
Data Encrypted for Impact
Impact
Windows Service Deletion In Registry
Service Stop
Splunk Endpoint Denial of Service DoS Zip Bomb
Endpoint Denial of Service
Windows System Reboot CommandLine
System Shutdown/Reboot
Windows System LogOff Commandline
System Shutdown/Reboot
Windows System Shutdown CommandLine
System Shutdown/Reboot
Windows Valid Account With Never Expires Password
Service Stop
Windows Service Stop By Deletion
Service Stop
Delete ShadowCopy With PowerShell
Inhibit System Recovery
Linux Disable Services
Service Stop
Linux High Frequency Of File Deletion In Boot Folder
Data Destruction, File Deletion, Indicator Removal on Host
Windows Processes Killed By Industroyer2 Malware
Service Stop
Linux Stop Services
Service Stop
Linux Shred Overwrite Command
Data Destruction
Linux Deleting Critical Directory Using RM Command
Data Destruction
Linux Deletion Of Services
Data Destruction, File Deletion, Indicator Removal on Host
Linux High Frequency Of File Deletion In Etc Folder
Data Destruction, File Deletion, Indicator Removal on Host
Linux Deletion of SSL Certificate
Data Destruction, File Deletion, Indicator Removal on Host
Linux Account Manipulation Of SSH Config and Keys
Data Destruction, File Deletion, Indicator Removal on Host
Linux Deletion Of Init Daemon Script
Data Destruction, File Deletion, Indicator Removal on Host
Linux Deletion Of Cron Jobs
Data Destruction, File Deletion, Indicator Removal on Host
Splunk DoS via Malformed S2S Request
Network Denial of Service
Delete A Net User
Account Access Removal
Windows Raw Access To Disk Volume Partition
Disk Structure Wipe, Disk Wipe
Windows Raw Access To Disk Volume Partition
Disk Structure Wipe, Disk Wipe
Windows Disable Memory Crash Dump
Data Destruction
Windows File Without Extension In Critical Folder
Data Destruction
Windows Raw Access To Master Boot Record Drive
Disk Structure Wipe, Disk Wipe
Windows Raw Access To Master Boot Record Drive
Disk Structure Wipe, Disk Wipe
Linux DD File Overwrite
Data Destruction
Disabling SystemRestore In Registry
Inhibit System Recovery
Excessive File Deletion In WinDefender Folder
Data Destruction
High File Deletion Frequency
Data Destruction
BCDEdit Failure Recovery Modification
Inhibit System Recovery
WBAdmin Delete System Backups
Inhibit System Recovery
Resize Shadowstorage Volume
Service Stop
Disable Net User Account
Service Stop, Valid Accounts
Attempt To Disable Services
Service Stop
Attempt To Delete Services
Service Stop, Create or Modify System Process, Windows Service
Sdelete Application Execution
Data Destruction, File Deletion, Indicator Removal on Host
Windows DiskCryptor Usage
Data Encrypted for Impact
Sdelete Application Execution
Data Destruction, File Deletion, Indicator Removal on Host
Bcdedit Command Back To Normal Mode Boot
Inhibit System Recovery
Change To Safe Mode With Network Config
Inhibit System Recovery
Prevent Automatic Repair Mode using Bcdedit
Inhibit System Recovery
Known Services Killed by Ransomware
Inhibit System Recovery
Modification Of Wallpaper
Defacement
Excessive Usage Of Net App
Account Access Removal
Disabling Net User Account
Account Access Removal
Excessive Service Stop Attempt
Service Stop
Excessive Attempt To Disable Services
Service Stop
Deleting Of Net Users
Account Access Removal
Windows High File Deletion Frequency
Data Destruction
Ransomware Notes bulk creation
Data Encrypted for Impact
Resize ShadowStorage volume
Inhibit System Recovery
WBAdmin Delete System Backups
Inhibit System Recovery
AWS Detect Users creating keys with encrypt policy without MFA
Data Encrypted for Impact
AWS Detect Users with KMS keys performing encryption S3
Data Encrypted for Impact
BCDEdit Failure Recovery Modification
Inhibit System Recovery
Deleting Shadow Copies
Inhibit System Recovery
Common Ransomware Notes
Data Destruction
Common Ransomware Extensions
Data Destruction
Windows Security Account Manager Stopped
Service Stop
Ryuk Test Files Detected
Data Encrypted for Impact
Detect IPv6 Network Infrastructure Threats
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect Traffic Mirroring
Hardware Additions, Automated Exfiltration, Network Denial of Service, Traffic Duplication
Detect Port Security Violation
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect ARP Poisoning
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect Rogue DHCP Server
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle
Samsam Test File Write
Data Encrypted for Impact
Large Volume of DNS ANY Queries
Network Denial of Service, Reflection Amplification
Large Volume of DNS ANY Queries
Network Denial of Service, Reflection Amplification