- Process Creation
MMC20 Lateral Movement Process Creation
MMC Spawning Windows Shell Process Creation
Potential Arbitrary Command Execution Using Msdt.EXE Process Creation
Suspicious MSDT Parent Process Process Creation
Remotely Hosted HTA File Executed Via Mshta.EXE Process Creation
Suspicious JavaScript Execution Via Mshta.EXE Process Creation
Potential LethalHTA Technique Execution Process Creation
MSHTA Suspicious Execution 01 Process Creation
Potential MsiExec Masquerading Process Creation
Potential Process Injection Via Msra.EXE Process Creation
Potential MSTSC Shadowing Activity Process Creation
Suspicious Child Process Of SQL Server Process Creation
Potential Persistence Via Netsh Helper DLL Process Creation
RDP Port Forwarding Rule Added Via Netsh.EXE Process Creation
UEFI Persistence Via Wpbbin – ProcessCreation Process Creation
Wusa Extracting Cab Files From Suspicious Paths Process Creation
Potential Unquoted Service Path Reconnaissance Via Wmic.EXE Process Creation
Potential Windows Defender Tampering Via Wmic.EXE Process Creation
New ActiveScriptEventConsumer Created Via Wmic.EXE Process Creation
Suspicious UltraVNC Execution Process Creation
Bypass UAC via WSReset.exe Process Creation
Suspicious Command With Teams Objects Paths Process Creation
Taskkill Symantec Endpoint Protection Process Creation
ETW Logging Tamper In .NET Processes Process Creation
Port Forwarding Attempt Via SSH Process Creation
Potential Rundll32 Execution With DLL Stored In ADS Process Creation - SentinelOne EDR@SentinelOne
SentinelOne EDR – User Role Added SentinelOne EDR@SentinelOne
SentinelOne EDR – Virus SentinelOne EDR@SentinelOne - Service Control Manager
CSExec Service Installation Service Control Manager
RemCom Service Installation Service Control Manager
PsExec Service Installation Service Control Manager - Windows Defender Antivirus@Microsoft
Windows Defender Threat Detection Disabled Windows - Defender Antivirus@Microsoft
Win Defender Restored Quarantine File Windows Defender Antivirus@Microsoft
Windows Defender Threat Detected Windows Defender Antivirus@Microsoft
Windows Defender Exploit Guard Tamper Windows Defender Antivirus@Microsoft - SolidCore@McAfee
SolidCore – Application in List was Installed SolidCore@McAfee
SolidCore – Application Control Boot SolidCore@McAfee - Network Share Object
Windows Network Access Suspicious desktop.ini Action Network Share Object
Suspicious Access to Sensitive File Extensions Network Share Object - PowerShell Script
Suspicious Service DACL Modification Via Set-Service Cmdlet – PS PowerShell Script
Suspicious Get Information for SMB Share PowerShell Script
Suspicious PowerShell WindowStyle Option PowerShell Script - File Event
Potential CVE-2023-36874 Exploitation – Uncommon Report.Wer Location File Event
Potential CVE-2023-36874 Exploitation – Fake Wermgr.Exe Creation File Event - Image Load
Potential Mpclient.DLL Sideloading Image Load
Unsigned Mfdetours.DLL Sideloading Image Load - Security
Tap Driver Installation – Security Security
Activity By User With Space On the End Security
Hacktool Ruler Security
New Deployed Rules
November 5, 2023
No Comments
Process CreationSuspicious Execution Location Of Wermgr.EXEPotential CVE-2023-36874 Exploitation – Fake Wermgr ExecutionNetwork Reconnaissance ActivityNode Process ExecutionsNslookup PowerShell Download Cradle – Process CreationSuspicious
