EXPLORE

← Back to Explore

T1584

Compromise Infrastructure

Adversaries may compromise third-party infrastructure that can be used during targeting. Infrastructure solutions include physical or cloud servers, domains, network devices, and third-party web and DNS services. Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it during other phases of the adversary lifecycle.(Citation: Mandiant APT1)(Citation: ICANNDomainNameHijacking)(Citation: Talos DNSpionage Nov 2018)(Citation: FireEye EPS Awakens Par...

PRE

6

Detections

2

Sources

0

Threat Actors

BY SOURCE

3elastic3sigma

PROCEDURES (5)

General Monitoring2 detections

Auto-extracted: 2 detections for general monitoring

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Aws1 detections

Auto-extracted: 1 detections for aws

Aws1 detections

Auto-extracted: 1 detections for aws

DETECTIONS (6)

AWS Route 53 Domain Transfer Lock Disabled

AWS Route 53 Domain Transferred to Another Account

Entra ID Custom Domain Added or Verified

Program Executions in Suspicious Folders

Suspicious External WebDAV Execution

Windows Update Error

sigmainformational