Anomalous usage of 7zip
Archive via Utility, Archive Collected Data
Collection
Anomalous usage of 7zip
Archive via Utility, Archive Collected Data
Detect Certipy File Modifications
Steal or Forge Authentication Certificates, Archive Collected Data
Windows Post Exploitation Risk Behavior
Query Registry, System Network Connections Discovery, Permission Groups Discovery, System Network Configuration Discovery, OS Credential Dumping, System Info...
ASL AWS Concurrent Sessions From Different Ips
Browser Session Hijacking
AWS Exfiltration via Batch Service
Automated Collection
AWS Exfiltration via Anomalous GetObject API Activity
Automated Collection
AWS Exfiltration via DataSync Task
Automated Collection
Windows Screen Capture Via Powershell
Screen Capture
AWS Concurrent Sessions From Different Ips
Browser Session Hijacking
Azure AD Concurrent Sessions From Different Ips
Browser Session Hijacking
Windows ClipBoard Data via Get-ClipBoard
Clipboard Data
Windows Input Capture Using Credential UI Dll
GUI Input Capture, Input Capture
Windows Input Capture Using Credential UI Dll
GUI Input Capture, Input Capture
Linux Clipboard Data Copy
Clipboard Data
Suspicious Image Creation In Appdata Folder
Screen Capture
Suspicious WAV file in Appdata Folder
Screen Capture
Mailsniper Invoke functions
Email Collection, Local Email Collection
Mailsniper Invoke functions
Email Collection, Local Email Collection
Anomalous usage of Archive Tools
Archive via Utility, Archive Collected Data
Anomalous usage of Archive Tools
Archive via Utility, Archive Collected Data
Remcos RAT File Creation in Remcos Folder
Screen Capture
Detect Renamed 7-Zip
Archive via Utility, Archive Collected Data
Detect Renamed 7-Zip
Archive via Utility, Archive Collected Data
Detect Renamed WinRAR
Archive via Utility, Archive Collected Data
Detect Renamed WinRAR
Archive via Utility, Archive Collected Data
7zip CommandLine To SMB Share Path
Archive via Utility, Archive Collected Data
7zip CommandLine To SMB Share Path
Archive via Utility, Archive Collected Data
Sqlite Module In Temp Folder
Data from Local System
IcedID Exfiltrated Archived File Creation
Archive via Utility, Archive Collected Data
IcedID Exfiltrated Archived File Creation
Archive via Utility, Archive Collected Data
Detect New Open S3 Buckets over AWS CLI
Data from Cloud Storage
Detect New Open S3 buckets
Data from Cloud Storage
Suspicious SQLite3 LSQuarantine Behavior
Data Staged
O365 Suspicious User Email Forwarding
Email Forwarding Rule, Email Collection
O365 Suspicious User Email Forwarding
Email Forwarding Rule, Email Collection
O365 Suspicious Admin Email Forwarding
Email Forwarding Rule, Email Collection
O365 Suspicious Admin Email Forwarding
Email Forwarding Rule, Email Collection
O365 PST export alert
Email Collection
O365 Suspicious Rights Delegation
Remote Email Collection, Email Collection
O365 Suspicious Rights Delegation
Remote Email Collection, Email Collection
Detect IPv6 Network Infrastructure Threats
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect IPv6 Network Infrastructure Threats
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect Port Security Violation
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect Port Security Violation
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect ARP Poisoning
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect ARP Poisoning
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Detect Rogue DHCP Server
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle
Detect GCP Storage access from a new IP
Data from Cloud Storage
Detect New Open GCP Storage Buckets
Data from Cloud Storage
Email files written outside of the Outlook directory
Email Collection, Local Email Collection
Email files written outside of the Outlook directory
Email Collection, Local Email Collection
Email servers sending high volume traffic to hosts
Email Collection, Remote Email Collection
Email servers sending high volume traffic to hosts
Email Collection, Remote Email Collection
Hosts receiving high volume of network traffic from email server
Remote Email Collection, Email Collection
Hosts receiving high volume of network traffic from email server
Remote Email Collection, Email Collection
Detect Spike in S3 Bucket deletion
Data from Cloud Storage
Detect S3 access from a new IP
Data from Cloud Storage