Vendor
medium
advisory
Remote Execution via File Shares
2 rules 2 TTPsThis rule identifies the execution of a file that was created by the virtual system process, potentially indicating lateral movement via network file shares in Windows environments.
lateral-movement
file-share
windows
2r
2t
medium
advisory
Remote Execution via File Shares
2 rules 2 TTPsThe rule identifies the execution of a file created by the virtual system process, potentially indicating lateral movement via network file shares, by detecting a sequence of file creation/modification followed by process execution, excluding trusted vendors.
Elastic Defend
lateral-movement
file-shares
windows
2r
2t
low
advisory
Component Object Model (COM) Hijacking via Registry Modification
2 rules 4 TTPsAdversaries may establish persistence by executing malicious content triggered by hijacked references to COM objects through Component Object Model (COM) hijacking via registry modification on Windows systems.
Elastic Defend +9
persistence
com-hijacking
windows
registry
defense-evasion
privilege-escalation
2r
4t