EXPLORE

← Back to Explore

T1189

Drive-by Compromise

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. Multiple ways of delivering exploit code to a browser exist (i.e., [Drive-by Target](https://attack.mitre.org/techniques/T1608/004)), including: * A legitimate website is compromised, allowing adversaries to inject malicious code * Script files served to a legitimate website from a publicly writeable cloud storage bucket are modified by an adversary * Malicious ads are paid for and serv...

Identity ProviderLinuxmacOSWindows

10

Detections

3

Sources

31

Threat Actors

BY SOURCE

6elastic3sigma1splunk_escu

PROCEDURES (10)

Remote1 detections

Auto-extracted: 1 detections for remote

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Inject1 detections

Auto-extracted: 1 detections for inject

Download1 detections

Auto-extracted: 1 detections for download

Child Process1 detections

Auto-extracted: 1 detections for child process

Download1 detections

Auto-extracted: 1 detections for download

Remote1 detections

Auto-extracted: 1 detections for remote

Inject1 detections

Auto-extracted: 1 detections for inject

Child Process1 detections

Auto-extracted: 1 detections for child process

Remote1 detections

Auto-extracted: 1 detections for remote

DETECTIONS (10)

Cross Site Scripting Strings

Detect hosts connecting to dynamic domain providers

Flash Player Update from Suspicious Location

Potential Fake CAPTCHA Phishing Attack

Potential Foxmail Exploitation

Potential Masquerading as Business App Installer

Suspicious Browser Child Process

Suspicious Browser Child Process - MacOS

Unusual Web Request

WPS Office Exploitation via DLL Hijack