EXPLORE
Sign In
← Back to Explore
T1499

Endpoint Denial of Service

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users. Endpoint DoS can be performed by exhausting the system resources those services are hosted on or exploiting the system to cause a persistent crash condition. Example services include websites, email services, DNS, and web-based applications. Adversaries have been observed conducting DoS attacks for political purposes(Citation: FireEye OpPoisonedHandover February 2016) and t...

WindowsLinuxmacOSContainersIaaS
10
Detections
3
Sources
1
Threat Actors

BY SOURCE

5elastic4splunk_escu1sigma

PROCEDURES (6)

Service2 detections

Auto-extracted: 2 detections for service

Privilege1 detections

Auto-extracted: 1 detections for privilege

Privilege1 detections

Auto-extracted: 1 detections for privilege

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Service1 detections

Auto-extracted: 1 detections for service

THREAT ACTORS (1)

Sandworm Team

DETECTIONS (10)

Abnormally Large DNS Response
elasticmedium
Cisco Secure Firewall - Static Tundra Smart Install Abuse
splunk_escu
Decline in host-based traffic
elasticlow
ESXi Bulk VM Termination
splunk_escu
Linux Magic SysRq Key Abuse
splunk_escu
Ollama Possible Memory Exhaustion Resource Abuse
splunk_escu
Possible Okta DoS Attack
elasticmedium
Potential Abuse of Linux Magic System Request Key
sigmamedium
Spike in Firewall Denies
elasticlow
Spike in host-based traffic
elasticlow