Skip to content

Latest commit

 

History

History
7 lines (7 loc) · 4.68 KB

2_ds_unix_unix_dhcpd.md

File metadata and controls

7 lines (7 loc) · 4.68 KB
Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content
Compromised Credentials app-login
unix-unixdhcpd-str-endpoint-notification-parameter

authentication-successful
unix-dhcpd-str-dhcp-traffic-dhcpd
unix-dhcpd-csv-dhcp-traffic-release
unix-dhcpd-str-dhcp-traffic-dhcpnak
unix-dhcpd-str-dhcp-traffic-dhcprelease
unix-dhcpd-csv-dhcp-traffic-expired
unix-dhcpd-str-dhcp-traffic-dhcpinform
 T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 27 Rules
  • 16 Models
Lateral Movement app-login
unix-unixdhcpd-str-endpoint-notification-parameter

authentication-successful
unix-dhcpd-str-dhcp-traffic-dhcpd
unix-dhcpd-csv-dhcp-traffic-release
unix-dhcpd-str-dhcp-traffic-dhcpnak
unix-dhcpd-str-dhcp-traffic-dhcprelease
unix-dhcpd-csv-dhcp-traffic-expired
unix-dhcpd-str-dhcp-traffic-dhcpinform
 T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Malware app-login
unix-unixdhcpd-str-endpoint-notification-parameter

authentication-successful
unix-dhcpd-str-dhcp-traffic-dhcpd
unix-dhcpd-csv-dhcp-traffic-release
unix-dhcpd-str-dhcp-traffic-dhcpnak
unix-dhcpd-str-dhcp-traffic-dhcprelease
unix-dhcpd-csv-dhcp-traffic-expired
unix-dhcpd-str-dhcp-traffic-dhcpinform
 T1078 - Valid Accounts
  • 1 Rules
Privilege Abuse account-password-change
unix-dhcpd-str-dhcp-discoverdhcpd
unix-dhcpd-str-dhcp-discover-nofreeleases
unix-dhcpd-csv-dns-record-delete-fail-notdeleted
unix-dhcpd-str-dhcp-acknowledge-dhcpack
unix-dhcpd-str-app-notification-balancingpool
unix-dhcpd-str-app-notification-reuselease
unix-dhcpd-str-app-notification-balancedpool

app-login
unix-unixdhcpd-str-endpoint-notification-parameter
 T1078 - Valid Accounts
T1098 - Account Manipulation
  • 3 Rules
Ransomware app-login
unix-unixdhcpd-str-endpoint-notification-parameter

authentication-successful
unix-dhcpd-str-dhcp-traffic-dhcpd
unix-dhcpd-csv-dhcp-traffic-release
unix-dhcpd-str-dhcp-traffic-dhcpnak
unix-dhcpd-str-dhcp-traffic-dhcprelease
unix-dhcpd-csv-dhcp-traffic-expired
unix-dhcpd-str-dhcp-traffic-dhcpinform
 T1078 - Valid Accounts
  • 1 Rules