Analytics
| ATTACK Technique | Name/ID | Operating System | Source Repository | Last Modified |
|---|---|---|---|---|
| T1047 |
8028c2c3-e25a-46e3-827f-bbb5abf181d7 | Windows | Sigma | November 12, 2021 |
| T1047 |
WMI Persistence – Script Event Consumer ec1d5e28-8f3b-4188-a6f8-6e8df81dc28e | Windows | Sigma | November 12, 2021 |
| T1047 |
Suspicious WMI Execution Using Rundll32 3c89a1e8-0fba-449e-8f1b-8409d6267ec8 | Windows | Sigma | November 12, 2021 |
| T1047 |
5af54681-df95-4c26-854f-2565e13cfab0 | Windows | Sigma | November 12, 2021 |
| T1047 |
T1047 Wmiprvse Wbemcomn DLL Hijack f6c68d5f-e101-4b86-8c84-7d96851fd65c | Windows | Sigma | November 12, 2021 |
| T1047 |
b7155193-8a81-4d8f-805d-88de864ca50c | Windows | Sigma | November 12, 2021 |
| T1041 |
Detect SNICat SNI Exfiltration 82d06410-134c-11eb-adc1-0242ac120002 | Windows | Splunk | November 12, 2021 |
| T1041 |
DNSCat2 Powershell Implementation Detection Via Process Creation b11d75d6-d7c1-11ea-87d0-0242ac130003 | Windows | Sigma | November 12, 2021 |
| T1041 |
Exfiltration and Tunneling Tools Execution c75309a3-59f8-4a8d-9c2c-4c927ad50555 | Windows | Sigma | November 4, 2021 |
| T1036.005 |
a51bfe1a-94f0-48cc-b4e4-16a110145893 | Windows | Splunk | November 4, 2021 |
| T1036.005 |
Windows Processes Suspicious Parent Directory 96036718-71cc-4027-a538-d1587e0006a7 | Windows | Sigma | November 4, 2021 |
| T1036.005 |
Common Windows Process Masquerading CAR-2021-04-001 | Windows | CAR | November 4, 2021 |
| T1036.005 |
File Created with System Process Name d5866ddf-ce8f-4aea-b28e-d96485a20d3d | Windows | Sigma | October 25, 2021 |
| T1036.005 |
Flash Player Update from Suspicious Location 4922a5dd-6743-4fc2-8e81-144374280997 | Windows | Sigma | October 25, 2021 |
| T1036.005 |
7993792c-5ce2-4475-a3db-a3a5539827ef | Windows | Sigma | October 25, 2021 |
| T1036.005 |
3f7f5b0b-5b16-476c-a85f-ab477f6dd24b | Windows | Sigma | October 25, 2021 |
| T1036.005 |
01d2e2a1-5f09-44f7-9fc1-24faa7479b6d | Windows | Sigma | October 25, 2021 |
| T1036.005 |
e22a6eb2-f8a5-44b5-8b44-a2dbd47b1144 | Windows | Sigma | October 25, 2021 |
| T1027 |
33339be3-148b-4e16-af56-ad16ec6c7e7b | Windows | Sigma | October 21, 2021 |
| T1027 |
e62a9f0c-ca1e-46b2-85d5-a6da77f86d1a | Windows | Sigma | October 21, 2021 |
| T1027 |
Application Whitelisting Bypass via Dnx.exe 81ebd28b-9607-4478-bf06-974ed9d53ed7 | Windows | Sigma | October 21, 2021 |
| T1027 |
b69888d4-380c-45ce-9cf9-d9ce46e67821 | Windows | Sigma | October 21, 2021 |
| T1027 |
Suspicious XOR Encoded PowerShell Command Line bb780e0c-16cf-4383-8383-1e5471db6cf9 | Windows | Sigma | October 21, 2021 |
| T1027 |
Visual Basic Command Line Compiler Usage 7b10f171-7f04-47c7-9fa2-5be43c76e535 | Windows | Sigma | October 21, 2021 |
| T1027 |
1a0d4aba-7668-4365-9ce4-6d79ab088dfd | Windows | Sigma | October 21, 2021 |
