Vendor: LogMeIn

June 14, 2023 · View on GitHub

Product: RemotelyAnywhere

Use-Case: Ransomware

RulesModelsMITRE ATT&CK® TTPsEvent TypesParsers
10111
Event TypeRulesModels
remote-logonT1078 - Valid Accounts
↳ Auth-Ransomware-Shost: User authentication or login from a known ransomware IP

Contents

  1. 0.1Product: RemotelyAnywhere
  2. 0.2Use-Case: Ransomware