|
ESXi Shell Access Enabled
|
VMWare ESXi Syslog
|
Remote Services
|
TTP
|
Black Basta Ransomware, ESXi Post Compromise
|
2025-05-12
|
|
ESXi SSH Enabled
|
VMWare ESXi Syslog
|
SSH
|
TTP
|
Black Basta Ransomware, ESXi Post Compromise, Hellcat Ransomware
|
2025-10-14
|
|
Okta Multiple Failed Requests to Access Applications
|
Okta
|
Web Session Cookie
Cloud Service Dashboard
|
Hunting
|
Okta Account Takeover
|
2025-05-02
|
|
Splunk App for Lookup File Editing RCE via User XSLT
|
|
Exploitation of Remote Services
|
Hunting
|
Splunk Vulnerabilities
|
2025-05-02
|
|
Splunk Code Injection via custom dashboard leading to RCE
|
|
Exploitation of Remote Services
|
Hunting
|
Splunk Vulnerabilities
|
2025-05-02
|
|
Splunk RCE PDFgen Render
|
Splunk
|
Exploitation of Remote Services
|
TTP
|
Splunk Vulnerabilities
|
2025-05-02
|
|
Splunk RCE Through Arbitrary File Write to Windows System Root
|
Splunk
|
Exploitation of Remote Services
|
Hunting
|
Splunk Vulnerabilities
|
2025-05-02
|
|
Splunk RCE via User XSLT
|
|
Exploitation of Remote Services
|
Hunting
|
Splunk Vulnerabilities
|
2025-05-02
|
|
AWS Bedrock Invoke Model Access Denied
|
AWS CloudTrail
|
Valid Accounts
Use Alternate Authentication Material
|
TTP
|
AWS Bedrock Security
|
2025-05-02
|
|
Microsoft Intune Device Health Scripts
|
Azure Monitor Activity
|
Software Deployment Tools
Cloud Services
Indirect Command Execution
Ingress Tool Transfer
|
Hunting
|
Azure Active Directory Account Takeover
|
2025-05-02
|
|
Microsoft Intune DeviceManagementConfigurationPolicies
|
Azure Monitor Activity
|
Software Deployment Tools
Domain or Tenant Policy Modification
Cloud Services
Disable or Modify Tools
Disable or Modify System Firewall
|
Hunting
|
Azure Active Directory Account Takeover
|
2025-05-02
|
|
Microsoft Intune Manual Device Management
|
Azure Monitor Activity
|
Cloud Services
Software Deployment Tools
System Shutdown/Reboot
|
Hunting
|
Azure Active Directory Account Takeover
|
2025-05-02
|
|
Microsoft Intune Mobile Apps
|
Azure Monitor Activity
|
Software Deployment Tools
Cloud Services
Indirect Command Execution
Ingress Tool Transfer
|
Hunting
|
Azure Active Directory Account Takeover
|
2025-06-10
|
|
Windows Default RDP File Creation
|
Sysmon EventID 11
|
Remote Desktop Protocol
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2025-10-27
|
|
Active Directory Lateral Movement Identified
|
|
Exploitation of Remote Services
|
Correlation
|
Active Directory Lateral Movement
|
2025-05-02
|
|
Allow Inbound Traffic By Firewall Rule Registry
|
Sysmon EventID 13
|
Remote Desktop Protocol
|
TTP
|
Azorult, Medusa Ransomware, NjRAT, PlugX, Prohibited Traffic Allowed or Protocol Mismatch, Windows Registry Abuse
|
2025-05-02
|
|
Allow Inbound Traffic In Firewall Rule
|
Powershell Script Block Logging 4104
|
Remote Desktop Protocol
|
TTP
|
NetSupport RMM Tool Abuse, Prohibited Traffic Allowed or Protocol Mismatch
|
2025-11-20
|
|
Detect Computer Changed with Anonymous Account
|
Windows Event Log Security 4624, Windows Event Log Security 4742
|
Exploitation of Remote Services
|
Hunting
|
Detect Zerologon Attack
|
2025-05-02
|
|
Detect PsExec With accepteula Flag
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
SMB/Windows Admin Shares
|
TTP
|
Active Directory Lateral Movement, BlackByte Ransomware, CISA AA22-320A, Cactus Ransomware, DHS Report TA18-074A, DarkGate Malware, DarkSide Ransomware, HAFNIUM Group, IcedID, Medusa Ransomware, Rhysida Ransomware, SamSam Ransomware, Sandworm Tools, Seashell Blizzard, VanHelsing Ransomware, Volt Typhoon
|
2025-05-02
|
|
Detection of tools built by NirSoft
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Software Deployment Tools
|
Anomaly
|
Emotet Malware DHS Report TA18-201A
|
2025-05-02
|
|
Enable RDP In Other Port Number
|
Sysmon EventID 13
|
Remote Services
|
TTP
|
Interlock Ransomware, Prohibited Traffic Allowed or Protocol Mismatch, Windows RDP Artifacts and Defense Evasion, Windows Registry Abuse
|
2025-08-07
|
|
Executable File Written in Administrative SMB Share
|
Windows Event Log Security 5145
|
SMB/Windows Admin Shares
|
TTP
|
Active Directory Lateral Movement, BlackSuit Ransomware, Compromised Windows Host, Data Destruction, Graceful Wipe Out Attack, Hermetic Wiper, IcedID, Industroyer2, Prestige Ransomware, Trickbot, VanHelsing Ransomware
|
2025-05-02
|
|
Impacket Lateral Movement Commandline Parameters
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
SMB/Windows Admin Shares
Distributed Component Object Model
Windows Management Instrumentation
Windows Service
|
TTP
|
Active Directory Lateral Movement, CISA AA22-277A, Compromised Windows Host, Data Destruction, Gozi Malware, Graceful Wipe Out Attack, Industroyer2, Prestige Ransomware, Volt Typhoon, WhisperGate
|
2025-05-02
|
|
Impacket Lateral Movement smbexec CommandLine Parameters
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
SMB/Windows Admin Shares
Distributed Component Object Model
Windows Management Instrumentation
Windows Service
|
TTP
|
Active Directory Lateral Movement, CISA AA22-277A, Compromised Windows Host, Data Destruction, Graceful Wipe Out Attack, Industroyer2, Prestige Ransomware, Volt Typhoon, WhisperGate
|
2025-05-02
|
|
Impacket Lateral Movement WMIExec Commandline Parameters
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
SMB/Windows Admin Shares
Distributed Component Object Model
Windows Management Instrumentation
Windows Service
|
TTP
|
Active Directory Lateral Movement, CISA AA22-277A, Compromised Windows Host, Data Destruction, Gozi Malware, Graceful Wipe Out Attack, Industroyer2, Prestige Ransomware, Volt Typhoon, WhisperGate
|
2025-05-02
|
|
Interactive Session on Remote Endpoint with PowerShell
|
Powershell Script Block Logging 4104
|
Windows Remote Management
|
TTP
|
Active Directory Lateral Movement
|
2025-06-24
|
|
Kerberos TGT Request Using RC4 Encryption
|
Windows Event Log Security 4768
|
Use Alternate Authentication Material
|
TTP
|
Active Directory Kerberos Attacks, Scattered Lapsus$ Hunters
|
2025-10-14
|
|
Linux SSH Remote Services Script Execute
|
Sysmon for Linux EventID 1
|
SSH
|
TTP
|
Hellcat Ransomware, Linux Living Off The Land
|
2025-10-14
|
|
Mimikatz PassTheTicket CommandLine Parameters
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Pass the Ticket
|
TTP
|
Active Directory Kerberos Attacks, CISA AA22-320A, CISA AA23-347A, Sandworm Tools, Scattered Lapsus$ Hunters
|
2025-10-14
|
|
Mmc LOLBAS Execution Process Spawn
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Distributed Component Object Model
MMC
|
TTP
|
Active Directory Lateral Movement, Living Off The Land, Water Gamayun
|
2025-05-02
|
|
Possible Lateral Movement PowerShell Spawn
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Distributed Component Object Model
Windows Remote Management
Windows Management Instrumentation
Scheduled Task
PowerShell
MMC
Windows Service
|
TTP
|
Active Directory Lateral Movement, CISA AA24-241A, Data Destruction, Hermetic Wiper, Malicious PowerShell, Microsoft WSUS CVE-2025-59287, Scheduled Tasks
|
2025-10-24
|
|
Powershell Remote Services Add TrustedHost
|
Powershell Script Block Logging 4104
|
Windows Remote Management
|
TTP
|
DarkGate Malware
|
2025-06-24
|
|
Remote Desktop Process Running On System
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Remote Desktop Protocol
|
Hunting
|
Active Directory Lateral Movement, Hidden Cobra Malware, Windows RDP Artifacts and Defense Evasion
|
2025-08-07
|
|
Remote Process Instantiation via DCOM and PowerShell
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Distributed Component Object Model
|
TTP
|
Active Directory Lateral Movement, Compromised Windows Host
|
2025-05-02
|
|
Remote Process Instantiation via DCOM and PowerShell Script Block
|
Powershell Script Block Logging 4104
|
Distributed Component Object Model
|
TTP
|
Active Directory Lateral Movement
|
2025-06-24
|
|
Remote Process Instantiation via WinRM and PowerShell
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Remote Management
|
TTP
|
Active Directory Lateral Movement
|
2025-05-02
|
|
Remote Process Instantiation via WinRM and PowerShell Script Block
|
Powershell Script Block Logging 4104
|
Windows Remote Management
|
TTP
|
Active Directory Lateral Movement
|
2025-06-24
|
|
Remote Process Instantiation via WinRM and Winrs
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Remote Management
|
TTP
|
Active Directory Lateral Movement
|
2025-05-02
|
|
Rubeus Command Line Parameters
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Pass the Ticket
Kerberoasting
AS-REP Roasting
|
TTP
|
Active Directory Kerberos Attacks, Active Directory Privilege Escalation, BlackSuit Ransomware, CISA AA23-347A, Scattered Lapsus$ Hunters
|
2025-10-14
|
|
Rubeus Kerberos Ticket Exports Through Winlogon Access
|
Sysmon EventID 10
|
Pass the Ticket
|
TTP
|
Active Directory Kerberos Attacks, BlackSuit Ransomware, CISA AA23-347A, Scattered Lapsus$ Hunters
|
2025-10-14
|
|
Unknown Process Using The Kerberos Protocol
|
Sysmon EventID 1, Sysmon EventID 3
|
Use Alternate Authentication Material
|
TTP
|
Active Directory Kerberos Attacks, BlackSuit Ransomware
|
2025-05-02
|
|
Windows AD Suspicious Attribute Modification
|
Windows Event Log Security 5136
|
Windows File and Directory Permissions Modification
Use Alternate Authentication Material
|
TTP
|
Sneaky Active Directory Persistence Tricks
|
2025-05-02
|
|
Windows Default RDP File Creation By Non MSTSC Process
|
Sysmon EventID 1, Sysmon EventID 11
|
Remote Desktop Protocol
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2025-10-27
|
|
Windows Default Rdp File Unhidden
|
Sysmon EventID 1
|
Remote Desktop Protocol
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2025-07-30
|
|
Windows Excel ActiveMicrosoftApp Child Process
|
Sysmon EventID 1
|
Distributed Component Object Model
|
Anomaly
|
PathWiper
|
2025-08-20
|
|
Windows MSTSC RDP Commandline
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Remote Desktop Protocol
|
Anomaly
|
Medusa Ransomware, Windows RDP Artifacts and Defense Evasion
|
2025-08-01
|
|
Windows Process Executed From Removable Media
|
Sysmon EventID 1, Sysmon EventID 13
|
Hardware Additions
Data from Removable Media
Replication Through Removable Media
|
Anomaly
|
APT37 Rustonotto and FadeStealer, Data Protection
|
2025-09-18
|
|
Windows Process Execution From RDP Share
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Remote Desktop Protocol
Ingress Tool Transfer
Command and Scripting Interpreter
|
Anomaly
|
Hidden Cobra Malware
|
2025-10-21
|
|
Windows Process With NetExec Command Line Parameters
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Pass the Ticket
Kerberoasting
AS-REP Roasting
|
TTP
|
Active Directory Kerberos Attacks, Active Directory Privilege Escalation
|
2025-05-02
|
|
Windows Protocol Tunneling with Plink
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Protocol Tunneling
SSH
|
TTP
|
CISA AA22-257A
|
2025-05-02
|
|
Windows PUA Named Pipe
|
Sysmon EventID 17, Sysmon EventID 18
|
Inter-Process Communication
SMB/Windows Admin Shares
Process Injection
|
Anomaly
|
Active Directory Lateral Movement, BlackByte Ransomware, CISA AA22-320A, Cactus Ransomware, DHS Report TA18-074A, DarkGate Malware, DarkSide Ransomware, HAFNIUM Group, IcedID, Medusa Ransomware, Rhysida Ransomware, SamSam Ransomware, Sandworm Tools, Seashell Blizzard, VanHelsing Ransomware, Volt Typhoon
|
2025-12-05
|
|
Windows RDP Bitmap Cache File Creation
|
Sysmon EventID 11
|
Remote Desktop Protocol
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2025-07-30
|
|
Windows RDP Client Launched with Admin Session
|
Sysmon EventID 1
|
Remote Desktop Protocol
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2025-08-01
|
|
Windows RDP Connection Successful
|
Windows Event Log RemoteConnectionManager 1149
|
RDP Hijacking
|
Hunting
|
Active Directory Lateral Movement, BlackByte Ransomware, Interlock Ransomware, NetSupport RMM Tool Abuse, Windows RDP Artifacts and Defense Evasion
|
2025-11-20
|
|
Windows RDP File Execution
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Spearphishing Attachment
Remote Desktop Protocol
|
TTP
|
Interlock Ransomware, Spearphishing Attachments, Windows RDP Artifacts and Defense Evasion
|
2025-08-07
|
|
Windows RDP Login Session Was Established
|
Windows Event Log Security 4624
|
Remote Desktop Protocol
|
Anomaly
|
Scattered Lapsus$ Hunters, Windows RDP Artifacts and Defense Evasion
|
2025-10-14
|
|
Windows RDP Server Registry Entry Created
|
Sysmon EventID 13
|
Remote Desktop Protocol
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2025-07-30
|
|
Windows Remote Host Computer Management Access
|
Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Remote Management
|
Anomaly
|
Medusa Ransomware
|
2025-05-02
|
|
Windows Remote Management Execute Shell
|
Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Remote Management
|
Anomaly
|
Crypto Stealer
|
2025-10-07
|
|
Windows Remote Service Rdpwinst Tool Execution
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Remote Desktop Protocol
|
TTP
|
Azorult, Compromised Windows Host, Scattered Lapsus$ Hunters, Windows RDP Artifacts and Defense Evasion
|
2025-10-14
|
|
Windows Remote Services Allow Rdp In Firewall
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Remote Desktop Protocol
|
Anomaly
|
Azorult, Windows RDP Artifacts and Defense Evasion
|
2025-08-01
|
|
Windows Remote Services Allow Remote Assistance
|
Sysmon EventID 13
|
Remote Desktop Protocol
|
Anomaly
|
Azorult
|
2025-05-02
|
|
Windows Remote Services Rdp Enable
|
Sysmon EventID 13
|
Remote Desktop Protocol
|
TTP
|
Azorult, BlackSuit Ransomware, Medusa Ransomware, Windows RDP Artifacts and Defense Evasion
|
2025-08-01
|
|
Windows Replication Through Removable Media
|
Sysmon EventID 11
|
Replication Through Removable Media
|
TTP
|
APT37 Rustonotto and FadeStealer, Chaos Ransomware, China-Nexus Threat Activity, Derusbi, NjRAT, PlugX, Salt Typhoon
|
2025-09-18
|
|
Windows RMM Named Pipe
|
Sysmon EventID 17, Sysmon EventID 18
|
Inter-Process Communication
SMB/Windows Admin Shares
Process Injection
|
Anomaly
|
CISA AA24-241A, Cactus Ransomware, Command And Control, GhostRedirector IIS Module and Rungan Backdoor, Gozi Malware, Insider Threat, Interlock Ransomware, Ransomware, Remote Monitoring and Management Software, Scattered Lapsus$ Hunters, Scattered Spider, Seashell Blizzard
|
2025-12-05
|
|
Windows Service Create with Tscon
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Service
RDP Hijacking
|
TTP
|
Active Directory Lateral Movement, Compromised Windows Host, Windows RDP Artifacts and Defense Evasion
|
2025-08-01
|
|
Windows Special Privileged Logon On Multiple Hosts
|
Windows Event Log Security 4672
|
Account Discovery
SMB/Windows Admin Shares
Network Share Discovery
|
TTP
|
Active Directory Lateral Movement, Active Directory Privilege Escalation, Compromised Windows Host
|
2025-05-02
|
|
Windows SpeechRuntime COM Hijacking DLL Load
|
Sysmon EventID 7
|
Distributed Component Object Model
|
TTP
|
Active Directory Lateral Movement, Compromised Windows Host, Scattered Lapsus$ Hunters
|
2025-10-14
|
|
Windows SpeechRuntime Suspicious Child Process
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Distributed Component Object Model
|
TTP
|
Active Directory Lateral Movement, Compromised Windows Host
|
2025-08-22
|
|
Windows Steal Authentication Certificates - ESC1 Authentication
|
Windows Event Log Security 4768, Windows Event Log Security 4887
|
Steal or Forge Authentication Certificates
Use Alternate Authentication Material
|
TTP
|
Compromised Windows Host, Windows Certificate Services
|
2025-05-02
|
|
Windows Suspicious C2 Named Pipe
|
Sysmon EventID 17, Sysmon EventID 18
|
Inter-Process Communication
SMB/Windows Admin Shares
Process Injection
|
TTP
|
APT37 Rustonotto and FadeStealer, BlackByte Ransomware, Brute Ratel C4, Cobalt Strike, DarkSide Ransomware, Gozi Malware, Graceful Wipe Out Attack, Hellcat Ransomware, LockBit Ransomware, Meterpreter, Remote Monitoring and Management Software, Trickbot, Tuoni
|
2025-12-05
|
|
Windows Suspicious Named Pipe
|
Sysmon EventID 17, Sysmon EventID 18
|
Inter-Process Communication
SMB/Windows Admin Shares
Process Injection
|
TTP
|
APT37 Rustonotto and FadeStealer, BlackByte Ransomware, Brute Ratel C4, Cobalt Strike, DarkSide Ransomware, Gozi Malware, Graceful Wipe Out Attack, Hellcat Ransomware, LockBit Ransomware, Meterpreter, Remote Monitoring and Management Software, Trickbot, Tuoni
|
2025-12-01
|
|
Windows USBSTOR Registry Key Modification
|
Sysmon EventID 12, Sysmon EventID 13
|
Hardware Additions
Data from Removable Media
Replication Through Removable Media
|
Anomaly
|
APT37 Rustonotto and FadeStealer, Data Protection
|
2025-09-18
|
|
Windows WPDBusEnum Registry Key Modification
|
Sysmon EventID 12, Sysmon EventID 13
|
Hardware Additions
Data from Removable Media
Replication Through Removable Media
|
Anomaly
|
APT37 Rustonotto and FadeStealer, Data Protection
|
2025-09-18
|
|
Wsmprovhost LOLBAS Execution Process Spawn
|
CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688
|
Windows Remote Management
|
TTP
|
Active Directory Lateral Movement, CISA AA24-241A, Hellcat Ransomware
|
2025-10-14
|
|
Cisco Network Interface Modifications
|
Cisco IOS Logs
|
Modify Authentication Process
Remote Services
External Remote Services
|
Anomaly
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2025-08-21
|
|
Cisco Secure Firewall - Communication Over Suspicious Ports
|
Cisco Secure Firewall Threat Defense Connection Event
|
Remote Services
Process Injection
PowerShell
Ingress Tool Transfer
Remote Access Tools
Non-Standard Port
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2025-05-02
|
|
Cisco Secure Firewall - Lumma Stealer Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
Exploit Public-Facing Application
Exploitation of Remote Services
Obfuscated Files or Information
User Execution
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Lumma Stealer
|
2025-04-28
|
|
Cisco Secure Firewall - Static Tundra Smart Install Abuse
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
Exploit Public-Facing Application
Exploitation of Remote Services
Endpoint Denial of Service
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2025-08-21
|
|
Cisco Secure Firewall - Veeam CVE-2023-27532 Exploitation Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
Exploit Public-Facing Application
Exploitation of Remote Services
PowerShell
LSASS Memory
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics
|
2025-04-14
|
|
Remote Desktop Network Traffic
|
Zeek Conn
|
Remote Desktop Protocol
|
Anomaly
|
Active Directory Lateral Movement, Hidden Cobra Malware, Ryuk Ransomware, SamSam Ransomware, Windows RDP Artifacts and Defense Evasion
|
2025-08-07
|
|
SMB Traffic Spike
|
|
SMB/Windows Admin Shares
|
Anomaly
|
DHS Report TA18-074A, Emotet Malware DHS Report TA18-201A, Hidden Cobra Malware, Ransomware
|
2025-05-02
|
|
SMB Traffic Spike - MLTK
|
|
SMB/Windows Admin Shares
|
Anomaly
|
DHS Report TA18-074A, Emotet Malware DHS Report TA18-201A, Hidden Cobra Malware, Ransomware
|
2025-05-02
|
|
VMWare Aria Operations Exploit Attempt
|
Palo Alto Network Threat
|
External Remote Services
Exploit Public-Facing Application
Exploitation of Remote Services
Exploitation for Privilege Escalation
|
TTP
|
VMware Aria Operations vRealize CVE-2023-20887
|
2025-05-02
|
