3.64.163.50 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 3.64.163.50 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Germany
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Czechia, Denmark, Estonia, France, Georgia, Germany, Guatemala, Japan, Latvia, Lithuania, Mexico, Netherlands, Norway, Panama, Philippines, Poland, Romania, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Tor Node: No
• Associated Malware Samples: 5537

Tags

• 09azaz
• 1663014711
• 199899
• 2005 aug
• 240pm
• 411260982
• 443 ma2592000
• 540am
• 5511940750757
• 720.282.2025
• a7i string
• aaaa
• aaaa nxdomain
• abraniuk
• absence
• abstract
• abuse contact
• abxcde
• accept
• accepted
• acceptencoding
• accepts
• access
• access ta0001
• access ta0006
• access token
• account
• acint
• acku new
• acommonfolder
• acommonfolderid
• acsaps group
• acs cron
• acshost
• acs property
• acs site
• actiondate
• actionreason
• active related
• actividades
• activits
• activity mirai
• adaptertypeid0
• add all
• addaspect
• added
• added active
• add error
• adding entity
• adding person
• addp
• addp move
• address
• address as
• address domain
• address google
• address server
• address virtual
• a div
• adjfprem ord
• admin
• admin city
• admin country
• admindate
• admission
• admissions
• adm workflow
• adobe portable
• a domains
• advancement
• adversaries
• advising notes
• adware
• adware.adload/adinstaller
• adwind
• aes128gcm
• afa admission
• afa bundle
• afabundling
• afaconfig
• afa main
• afa paper
• afas
• afas name
• afghanistan
• afns
• age7200 path
• age86400 set
• agent
• agent tesla
• agreementtype
• agricultural
• ah6itbtgl
• ahscon
• ahsrespect
• aig
• aims
• ai team
• akamai
• akamaias
• akamaiasn1
• alberta
• alberta freedom
• alberta health
• al contenuto
• alerts
• ales file
• alexa
• alexa top
• alf features
• alfresco
• alfresco afa
• alfresco client
• alfresco locale
• alfresco prop
• alfrescos
• alfresco search
• alfresco share
• algorithm
• algorithm generated domains
• a li
• alienvault
• alienvault name
• allmul vbaget4
• alloc
• all octoseek
• allow
• all scoreblue
• all search
• all submissions
• already
• alta
• amazon
• amazon 02
• amazon02
• amazonaes
• amazon rsa
• america
• america asn
• am mdt
• am mst
• a my
• anaesthes
• anaesthesiology
• analysis
• analysis date
• analysis ob0001
• analysis ob0002
• analytics na
• analyze
• analyzer paste
• analyzer threat
• anchor
• and aspect
• and not
• android
• android windows
• and type
• anmeldung zu
• anomalous file
• ansi
• a nxdomain
• apache
• apasresponseid
• apeaksoft ios
• api call
• api getip
• api key
• apis
• apple
• apple control
• apple inc
• apple ios
• apple notepad
• apple private
• applicant
• application
• application for
• application id
• applicationjson
• application/octet-stream
• applications
• applies
• appl nbr
• applyfilter
• appointment
• approveddate
• approvereject
• approvers
• apptreappt
• april
• aps api
• aps appointment
• aps group
• aps guideline
• aps list
• apsmaster
• aps process
• apsprocess
• apsprod
• aps ro
• apsservice
• apsserviceprod
• aps status
• aps student
• aps task
• apstaskproperty
• aps user
• apt
• archival
• args
• arkeistealer
• armed forces
• army
• arra y
• array
• array length
• arraytocsv
• arraytoxml
• arrcounter
• artemis
• artro
• as10796 charter
• as1136 kpn
• as12876 online
• as131316 slnet
• as131392
• as13335
• as133618
• as13414 twitter
• as13768 aptum
• as14061
• as14315
• as15169
• as15169 google
• as16276
• as16509
• as16625 akamai
• as202053
• as20546 soprado
• as20940
• as21301
• as22612
• as2635
• as2828 verizon
• as2914 ntt
• as29791
• as29873
• as3215 orange
• as32244
• as32244 liquid
• as3257 gtt
• as3356 level
• as3359
• as38731 vietel
• as396982 google
• as397240
• as41357
• as4230 claro
• as43350 nforce
• as44273 host
• as45102 alibaba
• as45638
• as46606
• as47846
• as50295 triple
• as54113
• as55286
• as55293 a2
• as58110 ip
• as61969 team
• as62597
• as6336 turn
• as63949 linode
• as721 dod
• as7552
• as7552 viettel
• as8075
• as8426 claranet
• as852
• as autonomous
• aschoopa
• ascii text
• ascio
• ashburn va
• asn13335
• asn15169
• asn16509
• asn213250
• asn396982
• asn as16509
• asn as16625
• asnone
• asnone bulgaria
• asnone denmark
• asnone united
• aspack
• aspect
• assembly common
• assembly name
• assignee
• assignment
• assigntogroup
• assignuser
• assistant
• associate dean
• assocname
• astromust
• astrostation
• asyncrat
• a td
• atentamente
• a th
• atlas
• attempts
• attivit
• aucun
• aucune
• aufgaben stehen
• aufgabe zu
• august
• aurora
• authentication
• author
• authority
• autodiscovery
• auto-generated security
• automation
• autorunmacro.d
• auxiliary
• available
• available from
• avast avg
• av detections
• avg win32
• avm folder
• avm store
• avm stores
• award sponsor
• awful
• aws
• aws promotion
• az09
• azureadmyorg
• azure tls
• b0001 memory
• b0001 process
• b0002 guard
• b0003 delayed
• bachelor
• backdoor
• backend
• backscanreview
• backup
• backupname
• bad query
• bad request
• bambernek
• bank
• banload
• barcode
• base
• bashlite
• basic
• bassa media
• basse moyenne
• batch
• batchid
• batch ids
• batchprocess
• batchsize
• bazaarloader
• b body
• bbonline uk
• bearbeiter
• bearer
• bear tracks
• beefpizzac
• behav
• beschreibung
• beschrijving
• beskrivelse
• best targets
• betabot
• betting
• bibliography
• bid exception
• bid update
• bigrock
• b image
• binary file
• bind
• binrm
• bios
• blackfoot
• blacklist
• blacklist http
• blacklist https
• blocklist
• blog query
• board review
• bobsoft
• body
• body doctype
• body h1
• body html
• body length
• bonjour
• bonusbitcoin
• bookmarks
• boolean
• boot
• borland delphi
• boundsstr
• bq apr
• bq aug
• bq jul
• bq jun
• bq mar
• brashears
• brazzers
• breakpoint
• brent kimball
• brian sabey
• bricksfunction
• bricksintersect
• broker
• browsing
• bruschettab
• b script
• bt6lcuigydc9yc
• bundled
• bundlingprop
• business
• bypass
• c2
• ca1 odigicert
• cached data
• ca id
• ca issuers
• calendar year
• ca limited
• call
• callback phishing
• calls-wmi
• calzonec
• cambia password
• campaign
• campusid
• canada
• canada unknown
• capa
• cap application
• cap document
• cape
• cap ea
• cap epsb
• cape sandbox
• cap final
• cap generate
• capid
• cap mail
• cap report
• caps aps
• capture
• care
• career
• caro
• carry
• cartella
• case files
• catalog tree
• category
• ca valid
• ccid
• ccids
• cdck
• cdkey
• ceeb
• cell
• centerchecks
• centos
• certificate
• certificates
• Certificates
• cfqirgdhj5
• cfqirgdhj5 http
• cfqirgdhj5 url
• chain
• change
• change log
• change password
• changer
• change xml
• channel
• channelsurfcli
• cheat
• check
• checkapiuser
• checkdict
• checker
• check file for virus
• checkin
• check link for virus
• checkpath
• check registry
• checks
• checks amount
• checks-bios
• checks-disk-space
• checks-memory-available
• checks-network-adapters
• checks-usb-bus
• checks-user-input
• cheers
• child exploitation
• childlist
• childname2
• childname3
• childname4
• children
• china
• china as37963
• choose
• chrome
• chs admin
• chs agreement
• chs docs
• chsdocs
• chsdocument
• chs form
• chs placement
• chs school
• chssiteid
• chs student
• chs upload
• ch ua
• cins active
• cisco umbrella
• ck id
• cl0p ransomware
• class
• classname
• cleaner
• clicca
• clicca su
• click
• clickjacking
• clio
• clioacs update
• clipper dos
• cliquez
• cliquez sur
• close
• cloud
• cloudflar
• cloudflare
• cloudflarenet
• cloud marketing
• clr version
• cn admin
• cnamazon rsa
• cname
• cnc
• cnc feodo
• cncomodo ecc
• cnc server
• cndigicert sha2
• cngo daddy
• cngts ca
• cnisrg root
• cnlet
• coalition
• coalition et
• cobalt strike
• code
• code signing
• coinminer
• collaborator
• collection
• college
• college level
• colorado
• colour bar
• column
• com laude
• command
• command and control
• command decode
• command line
• commentkeyarr
• comments
• common folder
• commonfolder
• common law
• communicating
• community
• community score
• comodo
• comp
• company home
• competitive
• competitive bid
• compiler
• complete basic
• completed
• completion
• completion of
• compromised websites
• comspec
• conclin
• condissi
• conditionval
• conduit
• config
• config file
• configfilename
• confirm http
• confirm https
• conflict
• confuser
• confuserex
• connect azurepc
• connect facebook
• connection
• connector
• conphoto
• consent for
• consigno
• consumer
• consumer march
• contact
• contacted
• contacted hosts
• contacted urls
• contact email
• contact phone
• contained
• contains-elf
• contains-embedded-js
• contains-pe
• content
• contenteml
• content id
• contentid
• content type
• content url
• contenturl
• context
• contrasea
• control ta0011
• converter
• converttocsv
• convocation
• cookie
• cookie policy
• cookietheft
• copy
• copy file
• copyright
• cordialement
• cordiali saluti
• core
• corporation
• corrupt
• cosupccid
• co supervisor
• count
• counter
• country
• courseauditform
• coveo
• coverage
• covid19
• cprbls
• crack
• creado
• creador
• create
• create c
• createchildren
• create content
• created
• create date
• createdate
• created date
• createdirectory
• create file
• create header
• creation date
• creato
• creator
• cree
• criado
• criador
• criminal gang
• criteria id
• critical
• critical risk
• crl cache
• crlcachedir
• cronup threat
• crowdsourced
• crowdstrike
• cryp
• cryptbot
• crypter
• cryptexportkey
• crypto
• cryptor
• csc corporate
• csqvrkwsqka
• csvcontent
• csv data
• csv file
• csv order
• csvtoarray
• cuba
• cuckoo
• currentline
• currentuser
• currjson
• cus cndigicert
• cus cnmicrosoft
• cus cnr3
• cus odigicert
• cus olet
• cus starizona
• cus subject
• cust exe
• customer client
• cve-2010-3333
• cve-2014-3931
• cve-2016-2569
• cve-2017-0199
• cve-2017-11882
• cve list
• cvs report
• cyber
• cyber attack
• cybercrime
• cyber criminal group
• cyber defense
• cyber security
• cyberstalking
• cyber threat
• cycbot
• daily
• daily qa
• dailyschedule
• danabot
• dan.com
• dangeroussig
• dark consultants
• darkgate
• darklivity
• data
• data center
• data collection
• datacrashpad
• data dictionary
• data length
• data need
• data redacted
• data rtversion
• dataset
• date
• date checked
• date hash
• date mon
• date name
• dateofbirthstr
• datestr
• datetime
• dead
• dead drop resolver
• deanaheed
• debug
• debugstr
• december
• declaration
• deep malware
• default
• default page
• defender c
• defense
• defense evasion
• defense lloyd
• defense meta
• defense og
• defunc
• de indicators
• delegate group
• delegategroup
• delete
• delete c
• delete email
• delimiters
• delphi
• delphi generic
• dene
• dental benefits
• dentistry fomd
• department
• department doc
• department name
• depot tech
• deptjson
• dept param
• descommonnode
• desconfnode
• descrio
• descripcin
• description
• descriptorpath
• design
• designer
• design meta
• design og
• design trackers
• desktop
• desrochers
• destination
• details
• detect-debug-environment
• detection b0009
• detection list
• detections
• detections file
• detections none
• detections type
• dev
• development
• dev testing
• dga
• didx
• digicert https
• digitaloceanasn
• dimensioni
• direct
• directorhrsbs
• directory
• dirtsearch
• disclosure of
• discovery
• display
• displays
• disponibile
• div div
• div section
• dlls
• dlls defense
• dll sideloading
• dlls privilege
• dns
• dns replication
• dns resolutions
• dnssec
• doc00c200004txg
• doccd
• dock
• doc name
• docnamearr
• docs
• doctoratephd
• doctype
• doctypelabel
• doctypemap
• doctypes
• document
• documentation
• documentcount
• document file
• document format
• document link
• documentlink
• document linkn
• documentlist
• documentlistarr
• document moved
• document name
• documentname
• document type
• documenttype
• does
• domain
• domain add
• domain address
• domain check
• domain name
• domainpath name
• domain related
• domains
• domains domain
• domains ii
• domains show
• domain status
• done
• dos batch
• dos batch file
• dos borland
• dos com
• dossier du
• double click
• douglas co
• douglas co sheriff
• downldr
• download
• downloader
• downloads
• download url
• downloadurl
• drawdown
• dridex
• drivertalent
• dropbox
• dropped
• dropped c
• dropper
• drop your
• dstroot
• du contenu
• due date
• duedate
• due daten
• dumping t1003
• duplicate file
• dynadot
• dynadot inc
• dynadot llc
• dynamic
• dynamicloader
• dynamics
• dyndns checkip
• e0b function
• e1082 impact
• e1203 data
• e1203 windows
• e1234
• e1564 discovery
• e4609l
• ebeaton script
• ebury
• ecdheecdsa
• echobot
• echobot malware
• ec oid
• edelepexe
• edmonton ab
• edmonton area
• edmonton public
• edrms
• edrmsteam
• ef3ghigj
• effective date
• einladung von
• elf64 data
• elf executable
• elf info
• elk island
• elmid
• else
• email
• email address
• emailobj
• emails
• emails meta
• emailsubject
• emailtemplate
• embargo
• embargodate
• embedded
• emotet
• emotet ip
• emplid
• emplobject
• employee
• employee ccid
• employeeccid
• employeeclass
• employee id
• employeeid
• empty argument
• emulation
• encirca
• encrypt
• encrypt cnr10
• encrypt cnr11
• endpoints all
• enggfilescanner
• engineering
• english
• enigmaprotector
• enter
• enterprise
• entity
• entries
• entries http
• entropy chi2
• entry
• entry point
• enumerates
• environmental
• epehsoft
• ephdocumenttype
• ephesoft
• epsb
• eqsray
• erase
• e rev
• error
• error occured
• ersteller
• erstellt
• et
• etag
• etmodules
• etpro malware
• etpro trojan
• et tor
• et trojan
• eval
• evasion ob0006
• evasion ta0005
• event
• everything
• everywhere dv
• evil
• evil c
• ev server
• e weowe64e
• exclusionpath
• exe32
• exec
• executable
• executable file
• execute
• execution
• exe size
• exit
• exit node
• expand
• expected effort
• expects
• expiration
• expiration date
• expired
• expires
• expires thu
• expiry date
• exploit
• exploitation
• explorer
• express
• extension
• external ip
• external-resources
• external_resources
• external source
• extraction
• f0007 discovery
• facebook
• facebook url
• facetkey
• factory
• facts otx
• faculty
• facultykey
• failedcsvfolder
• failure
• fakedout threat
• false
• false alarm
• false detection
• false positive
• fare
• fast
• fastly
• fbi va
• fear factor
• february
• feeds ioc
• fellow
• feodo
• fgsr
• fgsr doc
• fgsr forms
• fgsrpr
• fgsr student
• fgsr supervisor
• field
• file
• filecontentstr
• filehash
• filehashsha1
• filehashsha256
• filemappingpdf
• file name
• filename
• filenode
• filepath
• files
• file samples
• files c
• file scanner
• file score
• files deleted
• files domain
• file share
• files ip
• files location
• files matching
• files referring
• files related
• file system
• file test
• filetour
• file transfer
• file type
• filetype
• fill
• filter
• final
• finalcapiddict
• finaldate
• final url
• find
• findkey
• find people
• findwindowa
• find your
• finished
• finland unknown
• first
• first check
• first ioc
• first name
• firstname
• first nations
• fiscal
• flag
• flags
• flag united
• flow t1574
• flywheel
• foip
• folder
• foldercondition
• foldercreate
• folder level
• foldername
• followers
• following
• fomd
• font format
• food
• footer
• foreign visitor
• form
• form applicant
• format
• formatjson
• formbook
• formbook cnc
• forms
• formsengg
• formspcm
• formsrso
• form submitted
• for privacy
• fortinet
• found
• foundation
• found document
• frame
• framing
• france
• france unknown
• franchise url
• frankfurt
• fraud
• freedom
• friday
• fri mar
• from
• fromscanner
• front
• fuery
• fulldisc
• full name
• fullpath
• full url
• func
• function
• fund report
• fusioncore
• fvca
• fvca assessment
• fvca status
• g1 odigicert
• g2 validity
• gambino
• game
• gamers
• games c
• gandi sas
• gecko
• geen
• gehen sie
• gemaakt
• gendert
• general
• general full
• generator
• generic
• generic malware
• generic windos
• genkryptik
• geoip
• germany
• germany unknown
• getallurlparams
• getapsdbid
• getapsperson
• getcsvfile
• getcustomscript
• getdc copyimage
• getdefination
• getemailbody
• getexecutetime
• getfilesize
• getgroupid
• get hello
• get http
• get ip address
• getlogfile
• get path
• getprocaddress
• getrandomnumber
• get site
• get updates
• gewijzigd
• ghost
• gifts
• github
• global
• global env
• global g2
• globals
• gmbh
• gmbh version
• gmt cache
• gmt connection
• gmt content
• gmt date
• gmt etag
• gmt max
• gmt path
• gmt server
• google
• google addon
• google form
• google https
• google safe
• google tag
• google url
• goog mal
• gootloader
• gopher
• government
• gpt analyzer
• grabnodeprop
• graddate
• graduate
• graduate file
• graduate folder
• graduation
• graph
• graph api
• graph community
• graph summary
• greater
• gren alfresco
• grootte
• group
• groupapiaccess
• groupcapadmin
• group created
• group december
• groupeveryone
• grouplist
• groupn
• group request
• groupsite
• grps2
• grum
• gta gra
• gtagra
• guard
• gui
• gui32
• guloader
• hacker
• hackers
• hackers utilize
• hacktool
• haga
• hajime
• hallo
• hallrender
• harassment
• hasaccess
• hash
• hashes
• hashes c2ae
• hash seen
• haut
• header class
• header intel
• headers
• headers date
• headers server
• header version
• head title
• health
• health sciences
• heartbleed
• hello
• here
• heur
• heuristic
• hidden
• hidden privacy
• hide artifacts
• hide samples
• high
• high assurance
• high level
• highly targeted
• high process
• high security
• hijacker
• hio50 c1
• hiring
• hiring info
• historical ssl
• history
• history first
• history killer
• hit
• hitmen
• hkcrclsid
• hkcuclsid
• hoch
• hola
• holiday pay
• home
• home help
• hong kong
• honor
• hoog
• hoogachtend
• host
• hosting
• hostname
• hostname add
• hostnames
• hosts
• hotkey
• hp hpsbmu02998
• hp hpsbmu03018
• hp hpsbmu03019
• hp hpsbmu03030
• hr rtd
• hrsbs
• hrsbs config
• hrsbssyncccids
• hrs document
• hrsfilescanner
• hspnet
• hstr
• html
• html head
• html info
• html public
• http
• http attacker
• http://hghltd.yandex.net/yandbtm?fmode=inject&url=http://siteinl
• http method
• httponly
• http post
• http requests
• http response
• https://otx.alienvault.com/pulse/65acace20c18a7d6c5da2e27
• huge domains
• human resource
• hybrid
• hybrid analysis
• hyperlink
• iana id
• icmp traffic
• ico rtgroupicon
• iddocumenttype
• identifier
• identity search
• idnumber
• id otherwise
• id property
• ids detections
• id var
• if csv
• if file
• if node
• iframe
• iframes
• ihnen
• ihnen nahe
• illegal activity
• il mio
• il seguente
• immformdocs
• impact
• impact ta0034
• impact ta0040
• import
• important
• impressum
• im system
• inbound
• inbound rule
• inbox
• inbox folder
• inc cndigicert
• incomplete
• inc subject
• index
• index0
• indicate
• indicator of compromise
• indicator role
• indonesia
• industry_and_commerce
• infected
• infinity
• info
• info compiler
• info header
• information
• info sections
• infrastructure
• ingen
• inhaltselement
• iniciar download setup
• initiated all
• initiators
• initiators all
• initsavestatus
• inject
• injection
• Injection
• injection t1055
• injector
• inject-x64.exe
• innhold mappe
• inno setup
• input
• input date
• input folder
• inquest labs
• insight tag
• inst
• install
• installcore
• installs
• institution
• institution not
• intake
• intel
• intel mac
• internal
• internet storm
• invalid
• invalid pointer
• invalid student
• invalid url
• invalid variant
• investigation
• investigation c
• invito
• iobit
• ioc
• iocs
• ioc search
• ionos se
• ip address
• ip addresses
• ip detections
• ipdomain
• ip https
• ip hunting
• ip location
• ip related
• ip reputaion
• ip security
• ip summary
• ip traffic
• ipv4
• ireland unknown
• iroquois
• iso88591
• iso format
• issuer
• issues tab
• issuing ca
• ist coi
• ist site
• item
• items
• itpsolutions
• jan04 now
• jansky
• january
• jason
• java
• javascript
• javascripts
• jaws webserver
• jeffrey reimer
• jeffrey scott reimer dpt
• jile
• job error
• jobj
• john
• joint chief
• joint chiefs
• journal julyaug
• jsauto25 jun
• json
• jsonarchive
• json config
• json containing
• jsoncontent
• json descriptor
• json document
• json file
• jsonfile
• jsonfunction
• jsonobj
• jsonobj3
• json object
• jsonoutput
• json post
• json response
• jsonstr
• jsonuser
• jstr
• js user
• july
• june
• just
• justin bieber
• jwxkrhdlrivprs
• jxaavf4jnzza0
• kansas city
• karen
• kaspersky online scan
• kaspersky online scanner
• kaspersky threat intelligence portal
• kb body
• kb content
• kb file
• kb graph
• kb image
• kb link
• kb links
• kb script
• keepalive
• keine
• keiner
• key algorithm
• keychainssrc
• key identifier
• key info
• keylabel
• keysystems gmbh
• key usage
• keyword search
• khtml
• klicken
• klicken sie
• klik
• klik op
• k netsvcs
• knowledge
• known infection source
• known tor
• koafx
• kofax
• kofax index
• ko liens
• konto
• konto fr
• kraken
• kuaizip
• kukacka jan
• k wersvcgroup
• k wsappx
• laag gemiddeld
• label
• language
• larger
• la siguiente
• last
• lastmonth
• lastname
• la tche
• lazarus
• ldap
• ldapperson
• ldap query
• learn
• learn more
• leave
• legal
• length
• lenker for
• less see
• lets
• letter
• leve
• level
• level3
• library
• license
• life
• limit
• limited
• line
• link
• linker
• linkid69157 url
• link klicken
• link library
• links content
• link um
• linux
• liquidweb
• list
• list fgsr
• li ul
• live
• llc address
• llc status
• load
• loads
• local
• localappdata
• localisotime
• location canada
• location hunting
• location lao
• location united
• location viet
• loccel1
• lockbit
• locky
• log debug
• logfoldername
• logger
• logging
• log id
• logistics
• logon autostart
• log operator
• logs
• long-sleeps
• lookup
• lookupentity
• lookupjson
• lookups
• los datos
• loudon county
• lowfi
• lowfitrojan
• lsalford
• lsan francisco
• ltd dba
• lucene path
• lucene paths
• lucene query
• luna moth
• m01 oamazon
• m02 oamazon
• macaddress
• macintosh
• macro-powershell
• magic elf
• magic msdos
• magnus
• mail spammer
• main
• main department
• main function
• makefile
• maker
• makes
• malicious
• malicious host
• malicious ip
• malicious site
• malicious url
• maltiverse
• maltiverse safe
• malvertizing
• malware
• malwarebazaar
• malware generic
• malware http
• malware infection
• malware service
• malware site
• malware sites
• malware unread
• man
• managerccid
• manjusaka
• manual data
• mapdoctypeurl
• mappedobj
• maps initiated
• march
• markus
• mas
• masquerading
• master
• match
• match2
• matches1
• match list
• match result
• materialcode
• materialextid
• materialkey
• maxcount
• maxfile
• maxitems
• maxlimit
• maze
• mbameng
• mbamsc
• mb first
• m brian sabey
• mccormick
• md5 chi2
• md import
• mdphd
• media
• media alta
• media center
• mediaget
• media sharing
• medicine
• medium
• medium high
• meister
• memcommit
• memo
• memory pattern
• memreserve
• men
• meng
• menu
• menu c
• menuprograms c
• merge
• message
• meta
• metaarr
• metadata
• metadata header
• metadatamap
• meta tags
• method
• metro
• mexico
• microsoft
• microsoft azure
• microsoft crm
• microsoft power
• microsoft root
• microsoft stuff
• microsoft teams
• middle
• middle name
• middlename
• migrate
• mijn profiel
• mike
• miles it
• military
• million
• mimikatz
• mini
• minister
• min to
• mi perfil
• mirai
• mirai 04022024
• mirai malware
• mirai variant
• misc attack
• misc https
• miss x
• mitarbeiter
• mitarbeitern
• mitre att
• mmm yyyy
• mncau
• mobsterstageda
• model
• modelnodepath
• modernizr
• modifi
• modificado
• modificador
• modificateur
• modificato
• modified
• modifikator
• modifisert
• modify access
• modify registry
• modify system
• module load
• modules
• monday
• monitoring
• mon jul
• mon profil
• monster
• monthcount
• monthly report
• months ago
• morechildren
• mor pdf
• move
• move aspect
• moved
• move file
• moves
• moving
• mozi
• mozilla
• mr windows
• ms defender
• msdefender feb
• ms excel
• msgstr
• msie
• msil
• msms33388520
• ms visual
• ms windows
• mtb feb
• mtb yara
• mtd1
• mtis
• multi
• multiple
• multi universal
• murderers
• music
• mustang panda
• mutexes
• mvpower dvr
• my boy dan
• my profile
• nakota sioux
• name
• namearr
• namecheap
• namecheap inc
• namecheapnet
• name dob
• name hyperlink
• name md5
• name microsoft
• names
• name servers
• namesilo
• name size
• namespace
• name virtual
• nameweb
• nameweb bvba
• nanocore rat
• na note
• napolar
• nastya
• navigatebrowse
• navy
• nciipc
• ndern
• need
• needle
• nenhum
• nenhuma
• nessuna
• nessuno
• netsupport rat
• net technology
• network
• network_icmp
• network service
• neutral
• newdata
• new doc
• newdocname
• newdoctype
• new document
• newgroup
• new ioc
• newname
• newpath
• next
• next associated
• next franchise
• Nextray
• ngfw traffic
• nib files
• niedrig mittel
• ninguna
• ninguno
• ninite
• ninite feb
• n∅ ip
• njrat
• njson
• nl page
• nobits
• no data
• node
• node1
• node2
• node id
• nodeid
• nodeidx
• nodename
• nodes
• node traffic
• no expiration
• nomatch
• nombre
• nome
• nome utente
• no na
• none google
• none indicator
• none related
• no no
• norad tracking
• nordvpnsetup
• norestart
• normal
• no security
• not aspect
• note
• notes avast
• notes supported
• not found
• no title
• not path
• not type
• nous
• ns nxdomain
• null
• nullmixer
• number
• numbers
• nushell
• nxdomain
• nxscspu
• ob0005 defense
• ob0007 analysis
• ob0007 system
• ob0012 hide
• object
• objectives
• obz4usfn0
• obz4usfn0 http
• obz4usfn0 url
• oc0008
• ocomodo ca
• ocsp
• october
• odigicert inc
• offer letter
• office
• office depot
• office open
• officiality
• offset
• offset size
• ogoogle trust
• okrnserver
• ok server
• olet
• ollydbg
• online
• online file scanner
• online file virus scan
• online file virus scanner
• online virus scan file
• onload
• open
• opencandy
• open ports
• openssl
• openssl tls
• open threat
• opprettet
• oral hlth
• or condition
• organization
• org domains
• orgid
• orion
• orion logo
• orion wi
• orsam
• os2 executable
• os abi
• os credential
• osint verdict
• os x
• otx
• otx octoseek
• otx scoreblue
• otx telemetry
• outbound
• outbreak
• overlay
• override
• overview
• overview ip
• ovh sas
• packet
• page
• page dow
• page search
• pagesite
• page url
• pageuser
• panda
• pang
• paperfileconfig
• paperfileutils
• para hacerlo
• param
• parameters
• paramname
• params
• parent
• parentgrp
• parent name
• paris
• parking crew
• parse
• partru
• part time
• passcount
• passive dns
• password
• passwort
• passwort bei
• paste
• patch
• path
• path max
• pattern domains
• pattern match
• pattern urls
• pay action
• payroll
• pcap
• pcap processing
• pcidump rasman
• pcm competitive
• pdfa format
• pdf document
• pdf var
• p div
• pe32
• pe32 compiler
• pe32 executable
• pe32 packer
• pe32 protector
• peexe c
• penalties
• peoplesoft
• pe resource
• performs dns
• permission
• per rifiutare
• persistence
• person
• person id
• personid
• phish
• phishing
• phishing site
• phishtank
• phone no
• photos
• php logo
• picvsc
• pinames today
• pizza
• placement
• placementdocs
• plan
• plasma
• platform
• please
• please check
• please click
• please contact
• please enter
• please note
• please wait
• pledged gift
• plesk
• plesk a
• plesklin
• plugx
• pm lowfitrojan
• pm mdt
• pm mst
• poison
• police
• pony
• poor reputation
• populated
• porno
• porn related
• porn tagging
• port
• poser
• possibile
• possible
• post
• postal code
• post doc
• postdoctoral
• post http
• post request
• pour ce
• powershell
• poweshell
• pragma
• precondition
• prefetch8 ansi
• prefix
• premium
• preqa
• prerequisites
• presenoker
• present apr
• present dec
• present feb
• present jun
• present may
• present nov
• present sep
• prevmonth
• prioridad
• priorit
• prioriteit
• prioritt
• priority
• privacy act
• privacy admin
• private name
• problem
• problems
• process
• process32nextw
• process api
• process details
• processes tree
• process id
• processid
• process info
• processjson
• process landing
• processsetidset
• process status
• process t1543
• procid
• prod
• producer gimp
• products id
• productversion
• prod url
• profile
• progbits
• program
• programfiles
• programs
• programyear
• progress report
• project id
• prop
• property
• property name
• propidx
• propname
• proposal id
• protect
• protection
• protocol h2
• protocol t1071
• protocol t1095
• proton
• province
• proxy
• psaudit
• psperson
• pss s
• pty ltd
• public key
• public schools
• public site
• public url
• pull hiring
• pulse
• pulse pulses
• pulses
• pulses none
• pulses otx
• pulse submit
• purpose
• putty
• pxnzj
• python
• python connection
• python software
• qabatchgrp
• qacounter
• qadocument
• qa folder
• qanotselected
• qaoperator
• qaoperatorindex
• qaoperatorlabel
• qapercentage
• qa selected
• qaselected
• qaselectednode
• qastartdate
• qa var
• quasi
• queries
• query
• query language
• query sort
• quoted
• qxrfnjuodik
• raas
• ragnar locker
• raheel
• raheel bhojani
• raheel var
• rally
• ramnit
• rand
• random2digit
• ransom
• ransomware
• raspberry robin
• rc2i
• read c
• readme file
• read more
• reads
• real estate
• realteck audio
• reappointment
• reason
• reb approval
• rebcapiddict
• received date
• receiveddatestr
• recente
• record
• records site
• record type
• record value
• recreation
• recreation fomd
• recruitment
• redacted
• redacted for
• redcap
• redirect
• redirect chain
• redirected
• redline stealer
• redrum
• red team
• reference
• referer
• referral url
• referrer
• refloadapihash
• refresh
• refresh list
• refund
• regards
• regbinary
• regdword
• regexp
• registers
• registrant name
• registrar
• registrar abuse
• registrar iana
• registrarsafe
• registrar url
• registrar whois
• registry admin
• registry domain
• registry keys
• registry run
• registry tech
• regopenkeyexw
• regsetvalueexa
• regsetvalueexw
• regsz
• regtempdescr
• relacionada
• related
• related nids
• related pulses
• related tags
• relayrouter
• relic
• relocation
• remcos
• remote
• remote attack
• remote attackers
• remote system
• replacement
• report
• report fgsr
• reportlogs
• reportlogslogs
• report of
• report on
• report process
• reports
• report sorry
• report spam
• reporttype
• request
• request chain
• requesteddate
• request status
• requireddate
• reredrum
• res0012345
• research group
• resolutions
• resolved ips
• resource
• resource path
• resources
• resources api
• response
• response ip
• responsejson
• rest
• result
• resultdata
• result length
• results
• resultstr
• retain title
• retrieves
• return
• returndata
• returns
• returns json
• retype
• reutrn false
• revdate
• reverse dns
• review
• reviewer
• reviewgroup
• review process
• review request
• review sorry
• rexxfield
• rhttps
• riskware
• rmcfg
• rm file
• rm filing
• rm system
• rnrn
• rnrncopyright
• road city
• ro adm
• ro backscan
• ro code
• ro document
• ro scripts
• rosm
• rostpay
• round
• ro workflow
• rows
• rrfgroupname
• rso project
• rticon english
• rticon neutral
• rticon russian
• ruby logo
• rule folder
• runasuser
• running report
• running script
• runtime modules
• runyear
• rva entry
• sabey
• safe browsing
• safefilename
• safe site
• safety manual
• salariedreg aux
• sale
• sales
• salford
• salicode
• saludos
• sameorigin x
• sample
• sample analysis
• sample email
• sample hash
• samplename
• samplepath
• sample rm
• samples
• sandbox
• san francisco
• sat jul
• savbwcd
• save
• saved
• save form
• savemetadata
• saving
• scammer
• scan doc
• scan endpoints
• scan file for virus
• scan file online
• scanned
• scans record
• schedule
• school
• school district
• schools
• science addp
• scifilescanner
• scott mccormick
• screenshot
• script
• script domains
• script script
• script started
• script urls
• search
• searchcriteria
• search length
• search match
• searchmatchdob
• searchmatchmove
• search otx
• searchresult
• search term
• searchterm
• sea x
• sec ch
• secretary
• sectigo https
• sectrack
• secunia
• secureorigin
• secure server
• security
• security tls
• securitytype
• seen
• select
• select family
• select index
• select uuid
• self-delete
• self deletion
• sendemail
• september
• serial number
• server
• servers
• service
• service log
• service privacy
• services
• serving ip
• set cookie
• set message
• settings c
• setup error
• seznam
• sfqh4dt74w0 url
• sfsussl
• sha1
• sha256
• sha256 file
• shadowpad
• share
• shared
• shared c
• shared drive
• sharedinkarsa c
• sharedinkbgbg c
• sharedink c
• sharedinkcscz c
• sharedinkdadk c
• sharepoint
• shareurl
• shell
• shell commands
• shelltraywnd
• shell uce
• sheriff
• shit
• shortdescr
• shortxml
• show
• showing
• show process
• show technique
• siblings domain
• si desea
• sie auf
• sie eingeladen
• sie erstellt
• sie knnen
• signals mutexes
• signeddate
• signer
• signer1
• signer2
• silent log
• simda
• simda cnc
• simplified
• sim unlock
• sincerely
• singapore
• single family
• sinkhole
• site
• siteconfig
• siteconfigjson
• siteconsumer
• sitecontext
• sitefile
• siteid
• sitemanager
• sitename
• sitepath
• site running
• sites
• sitetitle
• site viewer
• size
• size entropy
• size raw
• skynet
• slcc2
• smartfolder
• smfstr
• smithtech
• Smokeloader
• snatch
• sneaky server
• s ngcctnrsvc
• sniffs
• soa nxdomain
• social engineering
• socks5systemz
• software
• software caddy
• solutions
• songculture attacked
• sorry
• sortparameter
• source browser
• source level
• spaceship
• space team
• span
• span a
• span span
• spark
• spasite
• spawns
• splitcount
• spotify artist
• spring
• sptox
• spybanker
• spytox og
• spyware
• sqli dumper
• srcroot
• sreredrum
• ssdeep
• ssl certificate
• stack
• stamping
• standard
• starfield
• start
• start april
• start building
• start date
• startdate
• startdatetime
• start december
• started
• start february
• start fgsr
• start form
• startindex
• starting
• starting name
• start january
• start june
• start kofax
• start march
• startpage
• start service
• stateprovince
• static
• status
• status code
• statusevent
• statusname
• status page
• staus
• stcalifornia
• stdapl
• stealer
• steam
• steam get ip
• steganography
• step0statusfail
• step workflow
• stop service
• store
• store id
• storeid
• stovl promises
• streams size
• string
• stringify
• strings
• stripcharacter
• strong
• strong name
• strrelse
• strtab
• stuccid
• studdept
• student
• student case
• student ccid
• studentccid
• studentfiles
• student id
• studentid
• studentref
• student term
• student view
• stuid
• stuln
• subdoctype
• subdomains
• subject
• subject key
• subject public
• subject title
• submission
• submission date
• submissions
• submit
• submit button
• submit form
• submitters
• subset
• success
• successfully
• successfully ea
• summary
• summary iocs
• summary leaf
• supccid
• supdept
• superccid
• super hentai
• superitaliansub
• supervisor
• supervisor ccid
• suppobox
• support
• suresh
• suresh joshee
• suricata
• suricata ipv4
• surnamechar
• susp
• suspicious
• swipper
• switch
• swrort
• synchronization
• syntaxerror
• system
• system overview
• system property
• systemroot
• systweak
• sysv
• t1055
• t1055 spawns
• t1059 uses
• t1063
• t1064 executes
• t1082
• t1129
• t1189 found
• t1676916559
• ta0002 command
• ta0004 process
• ta0009 command
• ta0040
• ta569
• tag
• tag count
• tagging
• tag manager
• tags
• tags og
• tags viewport
• tahoma arial
• taille
• tamanho
• tamao
• taobao network
• target
• targetdisk
• targeted
• targetfile
• targeting
• targets
• task
• task assigned
• taskassignee
• taskenddate
• taskfilter
• taskid
• task info
• taskjson
• tasks
• tasks dashlet
• tasks filter
• tasktype
• td td
• team
• team http
• team phishing
• teams
• teams api
• team top
• tech
• tech country
• technology
• teen porn
• telecom
• telefonica co
• telper
• temp
• tempfilename
• template
• tencent habo
• term
• terry harris
• test
• test effective
• test java
• testpath path
• test person
• text
• text c
• text/html
• textjavascript
• textpart
• tfrith
• thank
• thebrotherssabey
• theme directory
• therapy fomd
• therecord
• thesis
• thesis deposit
• thesis programs
• thesis status
• third
• third-party-cookies
• third_party_cookies
• this
• this determine
• threat
• threat analyzer
• threat level
• threat network
• threat report
• threat roundup
• threats
• threats et
• thumbprint
• thursday
• tiggre
• time
• time click
• time limit
• timeperiod
• timestamp entry
• titel
• title
• title added
• title error
• title head
• title launch
• title navy
• title spytox
• title works
• titolo
• titre
• tittel
• tls ca
• tls handshake
• tls rsa
• tls sni
• tls web
• tmobile
• tmobile metro
• today
• tofsee
• to max
• toni braxton
• to now
• tools
• topropertykey
• total
• total afa
• tracker
• trackers
• Tracking Domains
• traffic group
• tran
• transcriptarr
• transcripts
• treaties
• tre rcupre
• trevor report
• trid dos
• trid elf
• trident
• trigger
• trigger aps
• trimlr
• triple mirrors
• trmp
• trojan
• trojandropper
• trojan evader
• trojan features
• trojanproxy
• trojanspy
• tr tr
• true
• tsara brashears
• tsvt
• ttf c
• ttl value
• ttulo
• tucows
• tue apr
• tuesday
• turn
• twitter
• twitter ad
• twitter andor
• twitter running
• type
• type address
• typeerror
• typekey
• type mimetype
• type name
• typeof function
• typeprop
• type rtrcdata
• type win32
• typo squatting
• ua71173394
• uaesign
• ua full
• UAlberta
• ua platform
• uappol
• uappol content
• uappol function
• uappol metadata
• uarmm
• uaroduedate
• uaroemplid
• uaropriority
• uarotasktype
• uas road
• uathdep
• ubuntu
• ucddaocjgah
• ukhdaauqaaaaaac
• ukraine
• u kunt
• unauthorized
• unicode
• unique
• united
• united kingdom
• united states
• university
• university home
• university vpn
• unix
• unknown
• unknown command
• unknown ns
• unknown soa
• unknown win
• unprocesseddata
• unsafe
• unsuccessful1
• uofacap
• uofa ecm
• uofa edrms
• update
• updated
• update date
• updater
• upgrade
• upload
• uploader
• upload file
• uri args
• url add
• url analysis
• url history
• url hostname
• url http
• url https
• urlorigin
• urls
• urls http
• urls https
• urls show
• url summary
• url text
• url webdav
• url zum
• usage
• us bundled
• us creation
• usd twitter
• user
• useragent
• user group
• user name
• username
• userprofile
• users
• user sync
• utc gcfezl5ynvb
• utc google
• utc gtmsxrf
• utc linkedin
• utc na
• utc submissions
• utf8
• util function
• utility enter
• v2 document
• v3 serial
• v4inhxvlhx0
• val2
• valid
• valid from
• validity
• valid usage
• value
• var csvfile
• var currentuser
• var document
• var folder
• variables
• var logfile
• varname
• var startdate
• var taskid
• var title
• vault
• vbs
• vendor finding
• verfgung
• verify
• verisign
• verisign time
• version
• version history
• versionhistory
• very
• veryhigh
• vetting process
• vhash
• viet nam
• vietnam
• vietnam unknown
• view
• viewer access
• view error
• view warning
• vipre
• virgin islands
• virtool
• virtual machine
• virus
• virustotal
• visible
• visit
• vj87
• v object
• void
• vous
• vs2003
• vxstream
• w3cdtd html
• wacatac
• wachtwoord
• warning
• way ahead
• webdav
• webdav url
• web deployed
• web link
• web open
• web script
• webscript
• web scripts
• web service
• web services
• webzilla
• wed aug
• wed jan
• wednesday
• weeks ago
• weinedoewse net
• wendy
• where index0
• white cve
• whitelisted
• whmis
• whois
• whois lookup
• whois lookups
• whois record
• whois registrar
• whois server
• whois ssl
• whois whois
• wi fi
• win16 ne
• win32
• win32bios
• win32diskdrive
• win32 dll
• win32 dynamic
• win32 exe
• win32imali mar
• win32process
• win32processor
• win32sfone jul
• win32upatre mar
• win64
• windir
• window
• windows
• windows module
• windows nt
• windows service
• windows startup
• wir legen
• without referer
• woocommerce
• wordpress
• workers compensation
• workflow
• workflow desc
• workflow id
• workflowid
• workflow link
• workflow name
• workingtitle
• worm
• wow64
• write
• write c
• writeconsolea
• written c
• x00x00
• x509v3 extended
• x509v3 key
• x509v3 subject
• x8bxe5
• x8i string
• x amz
• xamzexpires300
• x cache
• xcitium verdict
• x content
• xfbml1
• x frame
• xl div
• xmlcont
• xml field
• xml file
• xmlfile
• xmlfilename
• xmlfileobj
• xmlnode
• xml related
• xmlsourcenode
• xml spreadsheet
• xmlstr
• xmltoarray
• xmlutil
• xorcrypt
• xor ddos
• xorddos
• xport
• xrat
• xslayer
• xss protection
• x sucuri
• xszcgdvlhymmww
• xtrat
• xvideos
• y3i string
• yapaxi
• yara detections
• yara rule
• yaxpax
• yesno
• yoa https
• yoda
• yodaprot
• youth
• y seleccione
• yumna
• yyyymmdd
• z6s3i
• z6s3i string
• z6s3i y3i
• zbot
• zenbox
• zeppelin
• zeus
• zhreformengresp
• zhrroleuserresp
• zip blaze
• zombie
• zp6axi0
• zsextbzusbrvsk
• zur site

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1014 - Rootkit
• T1016 - System Network Configuration Discovery
• T1018 - Remote System Discovery
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1047 - Windows Management Instrumentation
• T1049 - System Network Connections Discovery
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1056.004 - Credential API Hooking
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.006 - Python
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1064 - Scripting
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1091 - Replication Through Removable Media
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1098 - Account Manipulation
• T1102 - Web Service
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1114.001 - Local Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1120 - Peripheral Device Discovery
• T1123 - Audio Capture
• T1125 - Video Capture
• T1129 - Shared Modules
• T1132 - Data Encoding
• T1134 - Access Token Manipulation
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1155 - AppleScript
• T1156 - Malicious Shell Modification
• T1158 - Hidden Files and Directories
• T1185 - Man in the Browser
• T1189 - Drive-by Compromise
• T1202 - Indirect Command Execution
• T1203 - Exploitation for Client Execution
• T1204.001 - Malicious Link
• T1204.002 - Malicious File
• T1204.003 - Malicious Image
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1221 - Template Injection
• T1222 - File and Directory Permissions Modification
• T1428 - Exploit Enterprise Resources
• T1439 - Eavesdrop on Insecure Network Communication
• T1444 - Masquerade as Legitimate Application
• T1447 - Delete Device Data
• T1448 - Carrier Billing Fraud
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1457 - Malicious Media Content
• T1472 - Generate Fraudulent Advertising Revenue
• T1480 - Execution Guardrails
• T1485 - Data Destruction
• T1486 - Data Encrypted for Impact
• T1496 - Resource Hijacking
• T1497 - Virtualization/Sandbox Evasion
• T1505 - Server Software Component
• T1512 - Capture Camera
• T1516 - Input Injection
• T1518.001 - Security Software Discovery
• T1518 - Software Discovery
• T1523 - Evade Analysis Environment
• T1529 - System Shutdown/Reboot
• T1539 - Steal Web Session Cookie
• T1543 - Create or Modify System Process
• T1546 - Event Triggered Execution
• T1547.006 - Kernel Modules and Extensions
• T1547 - Boot or Logon Autostart Execution
• T1548 - Abuse Elevation Control Mechanism
• T1552 - Unsecured Credentials
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1555 - Credentials from Password Stores
• T1560 - Archive Collected Data
• T1562 - Impair Defenses
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1571 - Non-Standard Port
• T1573 - Encrypted Channel
• T1574.006 - Dynamic Linker Hijacking
• T1574 - Hijack Execution Flow
• T1578.003 - Delete Cloud Instance
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1585.001 - Social Media Accounts
• T1588.001 - Malware
• T1595 - Active Scanning
• T1598 - Phishing for Information
• T1602.002 - Network Device Configuration Dump
• T1610 - Deploy Container
• T1614 - System Location Discovery
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0008 - Lateral Movement
• TA0009 - Collection
• TA0011 - Command and Control
• TA0034 - Impact
• TA0040 - Impact

Passive DNS

• xcloud.uk

Attack Log References

Whois Information