EXPLORE DETECTIONS
124 detections found
Suspicious enumeration using Adfind tool
Attackers can use Adfind which is administrative tool to gather information about domain controllers or ADFS servers. They may also rename executables with other benign tools on the system.
KQL
Task creation associated with privilege escalation vulnerability, CVE-2019-0808
This query was originally published in the threat analytics report, *Windows 7 zero-day for CVE-2019-0808*
KQL
Tomcat 8 process executing PowerShell command line to perform data exploitation activities and setting up scheduler tasks.
This query was originally published in the threat analytics report, *Sysrv botnet evolution*.
KQL
View data on software identified as affected by Nobelium campaign
This query was originally published in the threat analytics report, *Solorigate supply chain attack*. Please note that these attacks are currently known as the *Nobelium campaign*.
KQL
PreviousPage 6 of 6