Threat Command

This is a collection of rules for alerts generated by Rapid7 Threat Command.

Required license

To detect on alerts generated by Threat Command, you will need a Threat Command license.

Threat Command - A blacklist containing a company asset

Description

This detection identifies a blacklist containing a company asset.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Defacement - T1491
  • External Defacement - T1491.002
  • Gather Victim Host Information - T1592
Threat Command - A company asset communicating with a C&C server

Description

This detection identifies a company asset communicating with a C&C server.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Application Layer Protocol - T1071
  • Traffic Signaling - T1205
  • Remote Access Software - T1219
  • Dynamic Resolution - T1568
Threat Command - A company asset listed on a target list

Description

This detection identifies a company asset listed on a target list.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A company certificate with SSL issues detected

Description

This detection identifies a company certificate with SSL issues detected.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Develop Capabilities - T1587
  • Digital Certificates - T1587.003
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
Threat Command - A company development environment publicly exposed

Description

This detection identifies a company development environment publicly exposed.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Valid Accounts - T1078
  • Cloud Accounts - T1078.004
  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Network Topology - T1590.004
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A company domain is using OpenSSL library with a detected vulnerability

Description

This detection identifies a company domain is using OpenSSL library with a detected vulnerability.

Recommendation

Please review the alert in question.

Threat Command - A company domain is vulnerable to Heartbleed

Description

This detection identifies a company domain is vulnerable to Heartbleed.

Recommendation

Please review the alert in question.

Threat Command - A company domain is vulnerable to ROBOT

Description

This detection identifies a company domain is vulnerable to ROBOT.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Automated Exfiltration - T1020
  • Traffic Duplication - T1020.001
  • Web Service - T1102
  • Phishing - T1566
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Gather Victim Host Information - T1592
  • Client Configurations - T1592.004
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A company domain name is embedded in malware code

Description

This detection identifies a company domain name is embedded in malware code.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Network Service Discovery - T1046
  • Traffic Signaling - T1205
  • Defacement - T1491
  • External Defacement - T1491.002
  • Active Scanning - T1595
Threat Command - A company domain SSL certificate has expired

Description

This detection identifies a company domain SSL certificate has expired.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Develop Capabilities - T1587
  • Digital Certificates - T1587.003
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
Threat Command - A company domain supports non-compliant cipher-suites

Description

This detection identifies a company domain supports non-compliant cipher-suites.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Develop Capabilities - T1587
  • Digital Certificates - T1587.003
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
Threat Command - A company domain vulnerable to SQL injection

Description

This detection identifies a company domain vulnerable to SQL injection.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Drive-by Compromise - T1189
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A company domain with directory listing publicly exposed

Description

This detection identifies a company domain with directory listing publicly exposed.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A company email address reported as spamming

Description

This detection identifies a company email address reported as spamming.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Defacement - T1491
  • External Defacement - T1491.002
  • Unsecured Credentials - T1552
  • Credentials from Password Stores - T1555
  • Credentials from Web Browsers - T1555.003
Threat Command - A company executive is mentioned on a target list

Description

This detection identifies a company executive is mentioned on a target list.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Identity Information - T1589
  • Email Addresses - T1589.002
  • Employee Names - T1589.003
Threat Command - A company executive PII offered for sale

Description

This detection identifies a company executive PII offered for sale.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - A company internal login page is accessible outside of the organization

Description

This detection identifies a company internal login page is accessible outside of the organization.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Valid Accounts - T1078
  • Cloud Accounts - T1078.004
  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Network Topology - T1590.004
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A company login page with SSL certificate issues

Description

This detection identifies a company login page with SSL certificate issues.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Develop Capabilities - T1587
  • Digital Certificates - T1587.003
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
Threat Command - A company product is offered for sale on the black market

Description

This detection identifies a company product is offered for sale on the black market.

Recommendation

Please review the alert in question.

Threat Command - A company website reported as cardable

Description

This detection identifies a company website reported as cardable.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Defacement - T1491
  • External Defacement - T1491.002
Threat Command - A company website reported as defaced

Description

This detection identifies a company website reported as defaced.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Defacement - T1491
  • External Defacement - T1491.002
Threat Command - A company website vulnerable to XSS attacks

Description

This detection identifies a company website vulnerable to XSS attacks.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Drive-by Compromise - T1189
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - A copy of an app

Description

This detection identifies a copy of an app.

Recommendation

Review the alert in question.

Threat Command - A hacking tool targeting the company

Description

This detection identifies a hacking tool targeting the company.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Obtain Capabilities - T1588
  • Tool - T1588.002
Threat Command - An attempt to recruit a company insider

Description

This detection identifies an attempt to recruit a company insider.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Obtain Capabilities - T1588
  • Gather Victim Org Information - T1591
  • Phishing for Information - T1598
Threat Command - A negative use of the company's name was found

Description

This detection identifies a negative use of the company's name was found.

Recommendation

Review the alert in question.

Threat Command - An insider offering company information for sale

Description

This detection identifies an insider offering company information for sale.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Obtain Capabilities - T1588
  • Gather Victim Org Information - T1591
Threat Command - An intent to hack the company website

Description

This detection identifies an intent to hack the company website.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Identity Information - T1589
  • Gather Victim Network Information - T1590
  • Gather Victim Org Information - T1591
  • Gather Victim Host Information - T1592
  • Search Open Websites/Domains - T1593
  • Search Victim-Owned Websites - T1594
  • Active Scanning - T1595
  • Search Open Technical Databases - T1596
  • Search Closed Sources - T1597
  • Phishing for Information - T1598
Threat Command - An SSL problem in a company's domain detected

Description

This detection identifies an SSL problem in a company's' domain detected.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Automated Exfiltration - T1020
  • Traffic Duplication - T1020.001
  • Web Service - T1102
  • Phishing - T1566
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Gather Victim Host Information - T1592
  • Client Configurations - T1592.004
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - App in a malicious store

Description

This detection identifies app in a malicious store.

Recommendation

Please review the alert in question.

Threat Command - App in a store with a downloader

Description

This detection identifies app in a store with a downloader.

Recommendation

Please review the alert in question.

Threat Command - A problem in the company DNS server

Description

This detection identifies a problem in the company DNS server.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Application Layer Protocol - T1071
  • DNS - T1071.004
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • DNS - T1590.002
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Asset Mentions Exposed On Github

Description

This detection identifies asset Mentions Exposed On Github.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Cloud Infrastructure Discovery - T1580
  • Gather Victim Identity Information - T1589
  • Credentials - T1589.001
Threat Command - Attempted job scam using company-associated identity

Description

This detection identifies attempted job scam using company-associated identity.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Phishing for Information - T1598
Threat Command - A tweet mentioned a company asset

Description

This detection identifies a tweet mentioned a company asset.

Recommendation

Please review the alert in question.

Threat Command - A vulnerability in company's in-use technology was detected

Description

This detection identifies a vulnerability in company's in-use technology.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Network Service Discovery - T1046
  • Exploit Public-Facing Application - T1190
  • Obtain Capabilities - T1588
  • Vulnerabilities - T1588.006
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Company accounts suspected as Mule Accounts

Description

This detection identifies company accounts suspected as Mule Accounts.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Valid Accounts - T1078
  • Unsecured Credentials - T1552
  • Exfiltration Over Web Service - T1567
  • Compromise Accounts - T1586
  • Obtain Capabilities - T1588
Threat Command - Company accounts with credit balance offered for sale

Description

This detection identifies company accounts with credit balance offered for sale.

Recommendation

Please review the alert in question.

Threat Command - Company assets targeted in a campaign

Description

This detection identifies company assets targeted in a campaign.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Identity Information - T1589
  • Gather Victim Network Information - T1590
  • Gather Victim Org Information - T1591
  • Gather Victim Host Information - T1592
  • Active Scanning - T1595
Threat Command - Company confidential documents leaked

Description

This detection identifies company confidential documents leaked.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Automated Exfiltration - T1020
  • Valid Accounts - T1078
  • External Remote Services - T1133
Threat Command - Company database leaked

Description

This detection identifies a company database leak.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • OS Credential Dumping - T1003
  • Automated Exfiltration - T1020
  • Automated Collection - T1119
  • Transfer Data to Cloud Account - T1537
  • Unsecured Credentials - T1552
  • Credentials from Password Stores - T1555
  • Credentials from Web Browsers - T1555.003
  • Exfiltration Over Web Service - T1567
  • Search Closed Sources - T1597
  • Purchase Technical Data - T1597.002
Threat Command - Company DNS servers have AXFR transfer enabled

Description

This detection identifies company DNS servers have AXFR transfer enabled.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Company email contents leaked

Description

This detection identifies company email contents leaked.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Input Capture - T1056
  • Automated Collection - T1119
Threat Command - Company employee credentials leaked from a 3rd party service

Description

This detection identifies company employee credentials leaked from a 3rd party service.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • OS Credential Dumping - T1003
  • Network Sniffing - T1040
  • Input Capture - T1056
  • Valid Accounts - T1078
  • Email Collection - T1114
  • Credentials from Password Stores - T1555
  • Gather Victim Identity Information - T1589
  • Employee Names - T1589.003
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Company employee private details leaked

Description

This detection identifies company employee private details leaked.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Identity Information - T1589
  • Email Addresses - T1589.002
  • Employee Names - T1589.003
Threat Command - Company employees are on a target list

Description

This detection identifies company employees are on a target list.

Recommendation

Please review the alert in question.

Threat Command - Company executive login credentials leaked

Description

This detection identifies company executive login credentials leaked.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • OS Credential Dumping - T1003
  • Network Sniffing - T1040
  • Input Capture - T1056
  • Valid Accounts - T1078
  • Credentials from Password Stores - T1555
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Company executive SSN leaked

Description

This detection identifies a company executive SSN leak.

Recommendation

Review the alert in question.

Threat Command - Company executive suspicious social media profile

Description

This detection identifies company executive suspicious social media profile.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Spearphishing via Service - T1566.003
  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - Company gift cards offered for sale

Description

This detection identifies company gift cards offered for sale.

Recommendation

Please review the alert in question.

Threat Command - Company internal servers credentials leaked

Description

This detection identifies company internal servers credentials leaked.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • OS Credential Dumping - T1003
  • Network Sniffing - T1040
  • Input Capture - T1056
  • Valid Accounts - T1078
  • Credentials from Password Stores - T1555
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Company internal service publicly exposed

Description

This detection identifies a company internal service that was publicly exposed.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Valid Accounts - T1078
  • Cloud Accounts - T1078.004
  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Network Topology - T1590.004
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Company IP address was abused

Description

This detection identifies company IP address that was abused.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
Threat Command - Company phishing website

Description

This detection identifies a phishing website of your company.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Company product offered for sale illegitimately

Description

This detection identifies a company product offered for sale illegitimately.

Recommendation

Review the alert in question.

Threat Command - Company-related credentials offered for sale

Description

This detection identifies company-related credentials offered for sale.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • OS Credential Dumping - T1003
  • Network Sniffing - T1040
  • Input Capture - T1056
  • Valid Accounts - T1078
  • Internal Spearphishing - T1534
  • Credentials from Password Stores - T1555
  • Phishing - T1566
  • Gather Victim Identity Information - T1589
  • Credentials - T1589.001
  • Search Closed Sources - T1597
  • Purchase Technical Data - T1597.002
Threat Command - Company related files or folders were found in a ransomware leak

Description

This detection identifies company related files or folders were found in a ransomware leak.

Recommendation

Please review the alert in question.

Threat Command - Company sensitive data leaked

Description

This detection identifies company sensitive data that was leaked.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • OS Credential Dumping - T1003
  • Email Collection - T1114
  • Credentials from Password Stores - T1555
  • Search Closed Sources - T1597
  • Purchase Technical Data - T1597.002
Threat Command - Company software code leaked

Description

This detection identifies company software code leaked.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Cloud Infrastructure Discovery - T1580
  • Gather Victim Identity Information - T1589
  • Credentials - T1589.001
Threat Command - Company's secret is exposed publicly on GitHub

Description

This detection identifies company's secret is exposed publicly on GitHub.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Data from Information Repositories - T1213
  • Data from Cloud Storage Object - T1530
  • Exfiltration Over Web Service - T1567
  • Exfiltration to Code Repository - T1567.001
  • Cloud Infrastructure Discovery - T1580
  • Gather Victim Identity Information - T1589
  • Credentials - T1589.001
Threat Command - Company was mentioned on suspicious Telegram channel

Description

This detection identifies company was mentioned on suspicious Telegram channel.

Recommendation

Review the alert in question.

Threat Command - Confidential documents

Description

This detection identifies confidential documents.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Automated Exfiltration - T1020
  • Valid Accounts - T1078
  • External Remote Services - T1133
Threat Command - Credit card dump offered for sale

Description

This detection identifies credit card dump offered for sale.

Recommendation

Please review the alert in question.

Threat Command - Credit cards for sale

Description

This detection identifies credit cards for sale.

Recommendation

Please review the alert in question.

Threat Command - Custom query matched

Description

This detection identifies custom query matched.

Recommendation

Review the alert in question.

Threat Command - Details of a company active credit card were leaked

Description

This detection identifies details of a company active credit card were leaked.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Automated Collection - T1119
  • Compromise Accounts - T1586
  • Obtain Capabilities - T1588
  • Gather Victim Identity Information - T1589
  • Credentials - T1589.001
Threat Command - Exposed services

Description

This detection identifies exposed services.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Valid Accounts - T1078
  • Cloud Accounts - T1078.004
  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Network Topology - T1590.004
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Facebook unauthorized account

Description

This detection identifies facebook unauthorized account.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Spearphishing via Service - T1566.003
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - Flood control summary alert

Description

This detection identifies flood control summary alert.

Recommendation

Review the alert in question.

Threat Command - Indication of company website infection

Description

This detection identifies indication of company website infection.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Drive-by Compromise - T1189
  • Exploit Public-Facing Application - T1190
  • Credentials from Password Stores - T1555
  • Credentials from Web Browsers - T1555.003
Threat Command - Indication of scam intent involving the company sector/region

Description

This detection identifies indication of scam intent involving the company sector/region.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Spearphishing Attachment - T1566.001
  • Spearphishing Link - T1566.002
  • Spearphishing via Service - T1566.003
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Email Accounts - T1585.002
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Email Accounts - T1586.002
  • Gather Victim Org Information - T1591
  • Determine Physical Locations - T1591.001
  • Business Relationships - T1591.002
  • Identify Business Tempo - T1591.003
  • Identify Roles - T1591.004
Threat Command - Indication of scam or attack

Description

This detection identifies indication of scam or attack.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Spearphishing Attachment - T1566.001
  • Spearphishing Link - T1566.002
  • Spearphishing via Service - T1566.003
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Email Accounts - T1585.002
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Email Accounts - T1586.002
  • Gather Victim Org Information - T1591
  • Determine Physical Locations - T1591.001
  • Business Relationships - T1591.002
  • Identify Business Tempo - T1591.003
  • Identify Roles - T1591.004
Threat Command - Intellectual property related to company sector/region offered for sale or download

Description

This detection identifies intellectual property related to company sector/region offered for sale or download.

Recommendation

Review the alert in question.

Threat Command - IntelliFind queries

Description

This detection identifies intelliFind queries.

Recommendation

Review the alert in question.

Threat Command - LinkedIn profile impersonating key company employee

Description

This detection identifies linkedIn profile impersonating key company employee.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Spearphishing via Service - T1566.003
  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - Malicious application resembling company assets

Description

This detection identifies malicious application resembling company assets.

Recommendation

Please review the alert in question.

Threat Command - Old and unmaintained website is exposed publicly

Description

This detection identifies old and unmaintained website is exposed publicly.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Valid Accounts - T1078
  • Cloud Accounts - T1078.004
  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Network Topology - T1590.004
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Old internal login page is exposed publicly

Description

This detection identifies old internal login page is exposed publicly.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Valid Accounts - T1078
  • Cloud Accounts - T1078.004
  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Network Topology - T1590.004
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Open ports

Description

This detection identifies open ports.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Network Sniffing - T1040
  • Network Service Discovery - T1046
  • Traffic Signaling - T1205
  • Cloud Service Dashboard - T1538
  • Dynamic Resolution - T1568
  • DNS Calculation - T1568.003
  • Non-Standard Port - T1571
  • Gather Victim Network Information - T1590
  • IP Addresses - T1590.005
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Open ports on company databases

Description

This detection identifies open ports on company databases.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Network Sniffing - T1040
  • Network Service Discovery - T1046
  • Traffic Signaling - T1205
  • Cloud Service Dashboard - T1538
  • Dynamic Resolution - T1568
  • DNS Calculation - T1568.003
  • Non-Standard Port - T1571
  • Gather Victim Network Information - T1590
  • IP Addresses - T1590.005
  • Gather Victim Host Information - T1592
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Phishing kit for sale

Description

This detection identifies phishing kit for sale.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Obtain Capabilities - T1588
  • Tool - T1588.002
Threat Command - Phishing watch

Description

This detection identifies phishing watch.

Recommendation

Review the alert in question.

Threat Command - Phishing websites

Description

This detection identifies phishing websites.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Potential phishing email

Description

This detection identifies potential phishing email.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Spearphishing Attachment - T1566.001
  • Spearphishing Link - T1566.002
  • Compromise Accounts - T1586
  • Email Accounts - T1586.002
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Potential phishing website

Description

This detection identifies a potential phishing website.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
  • Phishing for Information - T1598
  • Spearphishing Service - T1598.001
Threat Command - Problem in company domain mail server DMARC/SPF

Description

This detection identifies problem in company domain mail server DMARC/SPF.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
Threat Command - Proxy/Socks servers connected to the company are offered for sale

Description

This detection identifies proxy/Socks servers connected to the company are offered for sale.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Proxy - T1090
  • External Remote Services - T1133
Threat Command - Public scan report containing company assets

Description

This detection identifies a public scan report containing company assets.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Gather Victim Network Information - T1590
  • Network Topology - T1590.004
  • IP Addresses - T1590.005
  • Gather Victim Host Information - T1592
Threat Command - RDP servers connected to the company are offered for sale

Description

This detection identifies rDP servers connected to the company are offered for sale.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Remote Services - T1021
  • Application Layer Protocol - T1071
  • External Remote Services - T1133
  • Search Closed Sources - T1597
  • Purchase Technical Data - T1597.002
Threat Command - Suspected phishing domain

Description

This detection identifies suspected phishing domain.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Acquire Infrastructure - T1583
  • Domains - T1583.001
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
  • Phishing for Information - T1598
Threat Command - Suspected phishing domain content update

Description

This detection identifies suspected phishing domain content update.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Phishing for Information - T1598
Threat Command - Suspected phishing domain MX update

Description

This detection identifies suspected phishing domain MX update.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Phishing for Information - T1598
Threat Command - Suspected phishing domain registrant update

Description

This detection identifies a suspected phishing domain registrant update.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Acquire Infrastructure - T1583
  • Domains - T1583.001
  • Phishing for Information - T1598
Threat Command - Suspected phishing domain registrar update

Description

This detection identifies suspected Phishing Domain Registrar Update.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Phishing for Information - T1598
Threat Command - Suspicious company executive social media profile

Description

This detection identifies a suspicious company executive social media profile.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Spearphishing via Service - T1566.003
  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - The details of a company active credit card offered for sale

Description

This detection identifies the details of a company active credit card that were offered for sale.

Recommendation

Review the alert in question.

Threat Command - The details of a company expired credit card were leaked

Description

This detection identifies the details of a company expired credit card were leaked.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Automated Collection - T1119
  • Compromise Accounts - T1586
  • Obtain Capabilities - T1588
  • Gather Victim Identity Information - T1589
  • Credentials - T1589.001
Threat Command - Tools for hacking company user accounts offered for sale

Description

This detection identifies tools for hacking company user accounts offered for sale.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Obtain Capabilities - T1588
  • Tool - T1588.002
Threat Command - Twitter unauthorized account

Description

This detection identifies an unauthorized Twitter account.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Spearphishing via Service - T1566.003
  • Establish Accounts - T1585
  • Social Media Accounts - T1585.001
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - Unauthorized brand use

Description

This detection identifies unauthorized brand use.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
Threat Command - Unauthorized use of company trademark in a mobile applicaiton

Description

This detection identifies unauthorized use of company trademark in a mobile applicaiton.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Compromise Infrastructure - T1584
  • Web Services - T1584.006
Threat Command - Unauthorized use of company trademark on a social media profile

Description

This detection identifies unauthorized use of company trademark on a social media profile.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Phishing - T1566
  • Spearphishing via Service - T1566.003
  • Compromise Accounts - T1586
  • Social Media Accounts - T1586.001
  • Gather Victim Org Information - T1591
  • Identify Roles - T1591.004
Threat Command - Unencrypted company login page

Description

This detection identifies unencrypted company login page.

Recommendation

Review the alert in question.

Threat Command - Unencrypted internal company login page

Description

This detection identifies unencrypted internal company login page.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Develop Capabilities - T1587
  • Digital Certificates - T1587.003
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
Threat Command - Unencrypted login page

Description

This detection identifies unencrypted login page.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Web Service - T1102
  • Phishing - T1566
  • Develop Capabilities - T1587
  • Digital Certificates - T1587.003
  • Gather Victim Network Information - T1590
  • Domain Properties - T1590.001
  • Active Scanning - T1595
  • Vulnerability Scanning - T1595.002
Threat Command - Vulnerabilities scenario

Description

This detection identifies vulnerabilities scenario.

Recommendation

Please review the alert in question.

Threat Command - Vulnerabilities update scenario

Description

This detection identifies vulnerabilities update scenario.

Recommendation

Please review the alert in question.

Threat Command - Vulnerability in the company application detected

Description

This detection identifies vulnerability in the company application detected.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • Exploitation for Client Execution - T1203
Threat Command - Vulnerability or malware related to company sector/region detected

Description

This detection identifies vulnerability or malware related to company sector/region detected.

Recommendation

Please review the alert in question.

MITRE ATT&CK Techniques

  • External Remote Services - T1133
  • Exploit Public-Facing Application - T1190
  • Supply Chain Compromise - T1195
  • Search Open Technical Databases - T1596
  • Scan Databases - T1596.005
Threat Command - Vulnerable service

Description

This detection identifies a vulnerable service.

Recommendation

Review the alert in question.

MITRE ATT&CK Techniques

  • Exploitation for Client Execution - T1203