Product
high
threat
Ransomware-as-a-Service (RaaS) Ecosystem: Affiliate Tradecraft and Initial Access Vectors
2 rules 1 TTPRansomware-as-a-service (RaaS) attacks leverage affiliates for initial access, persistence, and exfiltration, using varied techniques like compromised RDP, vulnerable VPNs, and rogue RMM tools, impacting multiple organizations in a single campaign.
Remote Desktop Protocol +7
ransomware
raas
initial-access
persistence
2r
1t
high
advisory
Privilege Elevation via Parent Process PID Spoofing
2 rules 1 TTPThis rule detects parent process spoofing used to create an elevated child process, specifically targeting privilege escalation to SYSTEM, where adversaries may spoof the parent process identifier (PPID) of a new process to evade process-monitoring defenses or to elevate privileges on Windows systems.
Elastic Endpoint +2
privilege-escalation
windows
ppid-spoofing
2r
1t