Releases
v3.16.0
·
0 commits
to d40aa601ee69d206c1cc9e128303377bdc0dc1c9
since this release
New Analytic Stories
Silver Sparrow
HAFNIUM Group
New Detections
Cobalt Strike Named Pipes
Suspicious DLLHost no Command Line Arguments
Suspicious GPUpdate no Command Line Arguments
Suspicious SearchProtocolHost no Command Line Arguments
Suspicious PlistBuddy Usage
Suspicious SQLite3 LSAQuarantine Behavior
Suspicious Curl Network Connection
Ryuk Wake on LAN Command
Suspicious Scheduled Task from Public Directory
Fodhelper UAC Bypass
Eventvwr UAC Bypass
Any PowerShell DownloadString
Any PowerShell DownloadFile
Unified Messaging Service Spawning a Process
Suspicious Unified Messaging Service File Writes
Nishang PowershellTCPOneLine
W3WP Spawning Shells
Updated Analytic Stories
Cobalt Strike
Suspicious MSHTA Activity
Updated Detections
NTdsutil Export NTDS
Suspicious MSBuild Path
Suspicious MSBuild Rename
Suspicious Microsoft Workflow Compiler Rename
Detect Regsvr32 Application Control Bypass
Windows DisableAntiSpyware Registry
You can’t perform that action at this time.