Vendor: Bitdefender

June 14, 2023 · View on GitHub

Product: GravityZone

Use-Case: Ransomware

RulesModelsMITRE ATT&CK® TTPsEvent TypesParsers
20222
Event TypeRulesModels
app-loginT1078 - Valid Accounts
Auth-Ransomware-Shost: User authentication or login from a known ransomware IP
web-activity-deniedT1071.001 - Application Layer Protocol: Web Protocols
WEB-UI-Ransomware: User attempted to connect to IP address which is associated to Ransomware