Product: GitHub
Use-Case: Data Exfiltration
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 7 | 0 | 13 | 1 | 0 |
| Event Type | Rules | Models |
|---|---|---|
| process-created | T1048 - Exfiltration Over Alternative Protocol ↳ A-Tap-Installer: TAP software was installed on this asset. ↳ A-DNS-Exfiltration-Tools-Exec: Well-known DNS Exfiltration tools were executed on this asset. T1071 - Application Layer Protocol ↳ ATP-FTP-Exfil: Exfiltration Over Alternative Protocol ↳ A-Exfil-Tunnel-Tools-Exec: Tools known for data exfiltration and tunneling were executed on this asset. ↳ A-DNS-Exfiltration-Tools-Exec: Well-known DNS Exfiltration tools were executed on this asset. T1071.004 - Application Layer Protocol: DNS ↳ A-DNS-Exfiltration-Tools-Exec: Well-known DNS Exfiltration tools were executed on this asset. T1041 - Exfiltration Over C2 Channel ↳ A-Exfil-Tunnel-Tools-Exec: Tools known for data exfiltration and tunneling were executed on this asset. T1071.001 - Application Layer Protocol: Web Protocols ↳ A-Exfil-Tunnel-Tools-Exec: Tools known for data exfiltration and tunneling were executed on this asset. T1572 - Protocol Tunneling ↳ A-Exfil-Tunnel-Tools-Exec: Tools known for data exfiltration and tunneling were executed on this asset. T1040 - Network Sniffing ↳ A-NSniff-Cred: Potential network sniffing was observed on this asset. T1059 - Command and Scripting Interperter ↳ A-JPanda-Activity: Judgement Panda Exfil Activity detected on this asset T1560 - Archive Collected Data ↳ A-JPanda-Activity: Judgement Panda Exfil Activity detected on this asset T1003 - OS Credential Dumping ↳ A-JPanda-RUS-G-Activity: Judgement Panda Exfil Activity- Russian group activity detected on this asset T1552 - Unsecured Credentials ↳ A-JPanda-RUS-G-Activity: Judgement Panda Exfil Activity- Russian group activity detected on this asset T1552.001 - T1552.001 ↳ A-JPanda-RUS-G-Activity: Judgement Panda Exfil Activity- Russian group activity detected on this asset T1071.002 - Application Layer Protocol: File Transfer Protocols ↳ ATP-FTP-Exfil: Exfiltration Over Alternative Protocol |