Vendor: Malwarebytes

June 14, 2023 · View on GitHub

Product: Malwarebytes Endpoint Protection

RulesModelsMITRE ATT&CK® TTPsEvent TypesParsers
108371733
Use-CaseEvent Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessweb-activity-denied
json-malwarebytes-web-activity-denied
T1071.001 - Application Layer Protocol: Web Protocols
  • 3 Rules
  • 3 Models
Compromised Credentialsnetwork-alert
cef-malwarebytes-network-alert-ids

security-alert
cef-mbmc-security-alert-ipblock
cef-malwarebytes-security-alert-exploit
cef-mbmc-security-alert-detection
syslog-malwarebytes-security-alert
cef-malwarebytes-security-alert-1
cef-mbmc-security-alert-detection-1
cef-malwarebytes-security-alert

web-activity-denied
json-malwarebytes-web-activity-denied
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1133 - External Remote Services
T1189 - Drive-by Compromise
T1190 - Exploit Public Fasing Application
T1204.001 - T1204.001
T1566.002 - Phishing: Spearphishing Link
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 69 Rules
  • 32 Models
Cryptominingweb-activity-denied
json-malwarebytes-web-activity-denied
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 2 Rules
Data Exfiltrationweb-activity-denied
json-malwarebytes-web-activity-denied
T1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models
Data Leakweb-activity-denied
json-malwarebytes-web-activity-denied
T1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 4 Rules
  • 2 Models
Phishingweb-activity-denied
json-malwarebytes-web-activity-denied
T1189 - Drive-by Compromise
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566.002 - Phishing: Spearphishing Link
T1598.003 - T1598.003
  • 4 Rules
Privilege Abuseweb-activity-denied
json-malwarebytes-web-activity-denied
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Ransomwareweb-activity-denied
json-malwarebytes-web-activity-denied
T1071.001 - Application Layer Protocol: Web Protocols
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Drive-by Compromise

Exploit Public Fasing Application

Phishing

User Execution

External Remote Services

Valid Accounts

Valid Accounts

Exploitation for Privilege Escalation

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

Internal Spearphishing

Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

Resource Hijacking