EXPLORE
Sign In
← Back to Explore
T1565.001

Stored Data Manipulation

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: FireEye APT38 Oct 2018)(Citation: DOJ Lazarus Sony 2018) By manipulating stored data, adversaries may attempt to affect a business process, organizational understanding, and decision making. Stored data could include a variety of file formats, such as Office files, databases, stored emails, and custom file formats. The type of...

LinuxmacOSWindows
19
Detections
3
Sources
1
Threat Actors

BY SOURCE

12elastic6sigma1splunk_escu

PROCEDURES (13)

General Monitoring5 detections

Auto-extracted: 5 detections for general monitoring

Exfiltrat2 detections

Auto-extracted: 2 detections for exfiltrat

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Dns1 detections

Auto-extracted: 1 detections for dns

Azure1 detections

Auto-extracted: 1 detections for azure

Cloud1 detections

Auto-extracted: 1 detections for cloud

Inject1 detections

Auto-extracted: 1 detections for inject

Dns1 detections

Auto-extracted: 1 detections for dns

Ransomware1 detections

Auto-extracted: 1 detections for ransomware

Cloud1 detections

Auto-extracted: 1 detections for cloud

Tamper1 detections

Auto-extracted: 1 detections for tamper

Inject1 detections

Auto-extracted: 1 detections for inject

Cloud1 detections

Auto-extracted: 1 detections for cloud

THREAT ACTORS (1)

APT38

DETECTIONS (19)

AWS CloudTrail Log Updated
elasticlow
AWS EC2 Encryption Disabled
elasticmedium
AWS S3 Static Site JavaScript File Uploaded
elasticmedium
AWS S3 Unauthenticated Bucket Access by Rare Source
elasticmedium
Azure Device or Configuration Modified or Deleted
sigmamedium
Azure DNS Zone Modified or Deleted
sigmamedium
Cisco Denial of Service
sigmamedium
Commands to Clear or Remove the Syslog - Builtin
sigmahigh
Deprecated - M365 Security Compliance Potential Ransomware Activity
elasticmedium
GitHub Actions Unusual Bot Push to Repository
elasticlow
High Number of Closed Pull Requests by User
elasticmedium
High Number of Protected Branch Force Pushes by User
elasticmedium
History File Deletion
sigmahigh
Hosts File Modified
elasticmedium
Kubernetes Secret or ConfigMap Access via Azure Arc Proxy
elasticmedium
Potential AWS S3 Bucket Ransomware Note Uploaded
elasticmedium
Potential Suspicious Change To Sensitive/Critical Files
sigmamedium
Several Failed Protected Branch Force Pushes by User
elasticmedium
Windows WBAdmin File Recovery From Backup
splunk_escu