← Back to Explore
T1213.003
Code Repositories
Adversaries may leverage code repositories to collect valuable information. Code repositories are tools/services that store source code and automate software builds. They may be hosted internally or privately on third party sites such as Github, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git. Once adversaries gain access to a victim network or a private code repository, they may collect sensitiv...
SaaS
9
Detections
2
Sources
3
Threat Actors
BY SOURCE
5sigma4elastic
PROCEDURES (4)
General Monitoring5 detections
Auto-extracted: 5 detections for general monitoring
Exfiltrat2 detections
Auto-extracted: 2 detections for exfiltrat
Authentication Monitoring1 detections
Auto-extracted: 1 detections for authentication monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring
THREAT ACTORS (3)
DETECTIONS (9)
Bitbucket Full Data Export Triggered
sigmahigh
Bitbucket Unauthorized Full Data Export Triggered
sigmacritical
Github Activity on a Private Repository from an Unusual IP
elasticlow
Github Delete Action Invoked
sigmamedium
GitHub Exfiltration via High Number of Repository Clones by User
elasticmedium
Github Outside Collaborator Detected
sigmamedium
Github Self Hosted Runner Changes Detected
sigmalow
High Number of Cloned GitHub Repos From PAT
elasticlow
Potential Secret Scanning via Gitleaks
elasticmedium