EXPLORE

← Back to Explore

T1584

Compromise Infrastructure

Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastructure solutions include physical or cloud servers, domains, network devices, and third-party web and DNS services. Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it during other phases of the adversary lifecycle.(Citation: Mandiant APT1)(Citation: ICANNDomainNameHijacking)(Citation: Talos DNSpionage Nov 2018)(Citation: FireEye EPS Awakens Par...

PRE

7

Detections

2

Sources

0

Threat Actors

BY SOURCE

4sigma3elastic

PROCEDURES (7)

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Aws1 detections

Auto-extracted: 1 detections for aws

Aws1 detections

Auto-extracted: 1 detections for aws

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

DETECTIONS (7)

AWS Route 53 Domain Transfer Lock Disabled

AWS Route 53 Domain Transferred to Another Account

Entra ID Custom Domain Added or Verified

Program Executions in Suspicious Folders

Suspicious External WebDAV Execution

WebDAV Temporary Local File Creation

Windows Update Error

sigmainformational