EXPLORE

← Back to Explore

T1189

Drive-by Compromise

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. Multiple ways of delivering exploit code to a browser exist (i.e., [Drive-by Target](https://attack.mitre.org/techniques/T1608/004)), including: * A legitimate website is compromised, allowing adversaries to inject malicious code * Script files served to a legitimate website from a publicly writeable cloud storage bucket are modified by an adversary * Malicious ads are paid for and serv...

Identity ProviderLinuxmacOSWindows

10

Detections

3

Sources

31

Threat Actors

BY SOURCE

6elastic3sigma1splunk_escu

PROCEDURES (10)

Inject1 detections

Auto-extracted: 1 detections for inject

Persist1 detections

Auto-extracted: 1 detections for persist

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Inject1 detections

Auto-extracted: 1 detections for inject

Email1 detections

Auto-extracted: 1 detections for email

Download1 detections

Auto-extracted: 1 detections for download

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Persist1 detections

Auto-extracted: 1 detections for persist

Remote1 detections

Auto-extracted: 1 detections for remote

DETECTIONS (10)

Cross Site Scripting Strings

Detect hosts connecting to dynamic domain providers

Flash Player Update from Suspicious Location

Potential Fake CAPTCHA Phishing Attack

Potential Foxmail Exploitation

Potential Masquerading as Business App Installer

Suspicious Browser Child Process

Suspicious Browser Child Process - MacOS

Unusual Web Request

WPS Office Exploitation via DLL Hijack