Vendor
medium
advisory
Suspicious Child Processes Spawned by JetBrains TeamCity
2 rules 17 TTPs 1 CVEDetection of suspicious processes spawned by JetBrains TeamCity indicates potential exploitation of remote code execution vulnerabilities, with attackers using command interpreters and system binaries for malicious purposes.
TeamCity
supply-chain
initial-access
2r
17t
1c
critical
threat
JetBrains TeamCity Relative Path Traversal Vulnerability (CVE-2024-27199)
2 rules 1 TTP 1 CVEA relative path traversal vulnerability in JetBrains TeamCity (CVE-2024-27199) could allow limited administrative actions and has been linked to ransomware attacks.
exploited
TeamCity
cve-2024-27199
path-traversal
ransomware
jetbrains
2r
1t
1c
medium
threat
Kerberos Traffic from Unusual Process
2 rules 2 TTPsDetects network connections to the standard Kerberos port from an unusual process other than lsass.exe, potentially indicating Kerberoasting or Pass-the-Ticket activity on Windows systems.
Elastic Defend +22
kerberoasting
credential-access
lateral-movement
windows
2r
2t