104 lines
3.1 KiB
Markdown
104 lines
3.1 KiB
Markdown
- 125728
|
|
DLL 62394
|
|
technique_id=T1574.010,technique_name=Services File Permissions Weakness 50850
|
|
technique_id=T1571,technique_name=Non-Standard Port 19230
|
|
Usermode 18863
|
|
T1183,IFEO 16672
|
|
InvDB-Pub 10734
|
|
T1122 7695
|
|
EXE 7086
|
|
T1099 6151
|
|
T1089 5654
|
|
InvDB-CompileTimeClaim 5611
|
|
InvDB-Path 5602
|
|
InvDB-Ver 5476
|
|
T1101 4664
|
|
T1089,Tamper-Defender 3509
|
|
T1031,T1050 2824
|
|
Context,DeviceConnectedOrUpdated 2483
|
|
T1042 2028
|
|
T1088 1662
|
|
T1053 1300
|
|
InvDB-DriverVer 1244
|
|
technique_id=T1036,technique_name=Masquerading 1220
|
|
T1562,Tamper-Defender 1161
|
|
technique_id=T1553.004,technique_name=Install Root Certificate 1133
|
|
technique_id=T1055,technique_name=Process Injection 972
|
|
technique_id=T1546.015,technique_name=Component Object Model Hijacking 889
|
|
SSH 837
|
|
T1165 768
|
|
RDP 752
|
|
technique_id=T1053,technique_name=Scheduled Task 700
|
|
technique_id=T1059.007,technique_name=JavaScript 656
|
|
T1023 638
|
|
technique_id=T1021,technique_name=Remote Services 565
|
|
technique_id=T1562.001,technique_name=Disable or Modify Tools 556
|
|
InvDB 452
|
|
OutlookAttachment 429
|
|
T1060,RunKey 411
|
|
technique_id=T1047,technique_name=Windows Management Instrumentation 382
|
|
technique_id=T1059.001,technique_name=PowerShell 357
|
|
T1176 306
|
|
SMTP 282
|
|
technique_id=T1099,technique_name=Timestomp 248
|
|
Suspicious,ImageBeginWithBackslash 216
|
|
technique_id=T1055.001,technique_name=Dynamic-link Library Injection 212
|
|
Context,ProcessAccessedPrivateResource 200
|
|
Downloads 169
|
|
technique_id=T1574.002,technique_name=DLL Side-Loading 167
|
|
technique_id=T1083,technique_name=File and Directory Discovery 157
|
|
Tamper-Winlogon 132
|
|
|
|
|
|
|
|
|
|
RuleName count
|
|
DLL 231493
|
|
T1183,IFEO 108853
|
|
technique_id=T1574.010,technique_name=Services File Permissions Weakness 73628
|
|
technique_id=T1571,technique_name=Non-Standard Port 60142
|
|
Usermode 53034
|
|
InvDB-Pub 42338
|
|
T1122 40195
|
|
EXE 26750
|
|
T1089 25222
|
|
T1099 22219
|
|
InvDB-CompileTimeClaim 20691
|
|
InvDB-Path 20678
|
|
InvDB-Ver 20236
|
|
T1101 19945
|
|
T1089,Tamper-Defender 15550
|
|
Context,DeviceConnectedOrUpdated 11046
|
|
T1042 11038
|
|
T1031,T1050 10246
|
|
technique_id=T1003,technique_name=Credential Dumping 10143
|
|
technique_id=T1059.007,technique_name=JavaScript 7482
|
|
T1088 7142
|
|
technique_id=T1036,technique_name=Masquerading 6536
|
|
InvDB-DriverVer 5612
|
|
T1562,Tamper-Defender 5139
|
|
technique_id=T1055,technique_name=Process Injection 3722
|
|
technique_id=T1553.004,technique_name=Install Root Certificate 3468
|
|
T1165 3210
|
|
technique_id=T1053,technique_name=Scheduled Task 2691
|
|
RDP 2674
|
|
T1053 2568
|
|
T1023 2305
|
|
technique_id=T1546.015,technique_name=Component Object Model Hijacking 2171
|
|
technique_id=T1562.001,technique_name=Disable or Modify Tools 1719
|
|
technique_id=T1047,technique_name=Windows Management Instrumentation 1674
|
|
technique_id=T1099,technique_name=Timestomp 1584
|
|
technique_id=T1059.001,technique_name=PowerShell 1425
|
|
technique_id=T1021,technique_name=Remote Services 1416
|
|
SMTP 1413
|
|
T1060,RunKey 1393
|
|
InvDB 1378
|
|
T1176 1299
|
|
technique_id=T1574.002,technique_name=DLL Side-Loading 1206
|
|
SSH 1003
|
|
technique_id=T1055.001,technique_name=Dynamic-link Library Injection 997
|
|
OutlookAttachment 960
|
|
Context,ProcessAccessedPrivateResource 760
|
|
Suspicious,ImageBeginWithBackslash 747
|
|
technique_id=T1083,technique_name=File and Directory Discovery 602
|
|
technique_name=Outlook Server 95/98 Identity Keys 592 |