Vendor
medium
advisory
First Time Seen Remote Monitoring and Management Tool Execution
3 rulesDetects the execution of previously unseen remote monitoring and management (RMM) tools or remote access software on compromised Windows endpoints, often leveraged for command-and-control, persistence, and execution of malicious commands.
Elastic Defend +101
remote-access
rmm
command-and-control
persistence
3r
medium
advisory
Suspicious Module Loaded by LSASS for Credential Access
2 rules 2 TTPsDetection of unsigned or untrusted DLLs being loaded into the LSASS process, which is indicative of credential access attempts by adversaries aiming to steal sensitive information such as user passwords.
credential-access
lsass
windows
2r
2t
medium
advisory
LSASS Loading Suspicious DLL
2 rules 2 TTPs 9 IOCsDetection of LSASS loading an unsigned or untrusted DLL, which can indicate credential access attempts by malicious actors targeting sensitive information stored in the LSASS process.
Windows
credential-access
lsass
dll-injection
2r
2t
9i