EXPLORE
Sign In
← Back to Explore
T1491.001

Internal Defacement

An adversary may deface systems internal to an organization in an attempt to intimidate or mislead users, thus discrediting the integrity of the systems. This may take the form of modifications to internal websites or server login messages, or directly to user systems with the replacement of the desktop wallpaper.(Citation: Novetta Blockbuster)(Citation: Varonis) Disturbing or offensive images may be used as a part of [Internal Defacement](https://attack.mitre.org/techniques/T1491/001) in order ...

ESXiLinuxmacOSWindows
4
Detections
1
Sources
3
Threat Actors

BY SOURCE

4sigma

PROCEDURES (3)

Registry2 detections

Auto-extracted: 2 detections for registry

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

Registry1 detections

Auto-extracted: 1 detections for registry

THREAT ACTORS (3)

BlackByteGamaredon GroupLazarus Group

DETECTIONS (4)

Potential Ransomware Activity Using LegalNotice Message
sigmahigh
Potentially Suspicious Desktop Background Change Using Reg.EXE
sigmamedium
Potentially Suspicious Desktop Background Change Via Registry
sigmamedium
Replace Desktop Wallpaper by Powershell
sigmalow