| Compromised Credentials | authentication-successful
↳moveit-authentication-successful-1
failed-logon
↳moveit-failed-logon-1
↳moveit-failed-logon
file-delete
↳moveit-file-delete-2
↳moveit-file-delete
↳moveit-file-delete-1
file-write
↳moveit-file-write-2
↳moveit-file-write-1
| T1003.002 - T1003.002
T1003.003 - T1003.003
T1078 - Valid Accounts
T1083 - File and Directory Discovery
T1133 - External Remote Services
| |
| Privilege Abuse | account-password-change
↳moveit-account-password-change
failed-logon
↳moveit-failed-logon-1
↳moveit-failed-logon
file-delete
↳moveit-file-delete-2
↳moveit-file-delete
↳moveit-file-delete-1
file-download
↳moveit-file-download
↳moveit-file-download-1
file-upload
↳moveit-file-upload
↳moveit-file-upload-2
↳moveit-file-upload-3
↳moveit-file-upload-1
file-write
↳moveit-file-write-2
↳moveit-file-write-1
member-added
↳moveit-member-added-2
↳moveit-member-added-1
| T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
| |
| Privileged Activity | failed-logon
↳moveit-failed-logon-1
↳moveit-failed-logon
file-delete
↳moveit-file-delete-2
↳moveit-file-delete
↳moveit-file-delete-1
file-download
↳moveit-file-download
↳moveit-file-download-1
file-upload
↳moveit-file-upload
↳moveit-file-upload-2
↳moveit-file-upload-3
↳moveit-file-upload-1
file-write
↳moveit-file-write-2
↳moveit-file-write-1
| T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
| |
| Ransomware | authentication-failed
↳moveit-authentication-failed
↳moveit-authentication-failed-1
↳moveit-ssh-login-failed
authentication-successful
↳moveit-authentication-successful-1
failed-logon
↳moveit-failed-logon-1
↳moveit-failed-logon
file-write
↳moveit-file-write-2
↳moveit-file-write-1
| T1078 - Valid Accounts
T1486 - Data Encrypted for Impact
| |