Vendor: Cofense

July 25, 2023 · View on GitHub

Product: Phishme

RulesModelsMITRE TTPsEvent TypesParsers
2611511
Use-CaseEvent Types/ParsersMITRE TTPContent
Compromised Credentialssecurity-alert
cef-phishme-security-alert
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
  • 18 Rules
  • 8 Models
Lateral Movementsecurity-alert
cef-phishme-security-alert
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 1 Rules
Malwaresecurity-alert
cef-phishme-security-alert
T1078 - Valid Accounts
T1204 - User Execution
  • 6 Rules
  • 4 Models
Privileged Activitysecurity-alert
cef-phishme-security-alert
T1068 - Exploitation for Privilege Escalation
  • 1 Rules

ATT&CK Matrix for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Valid Accounts

Command and Scripting Interperter

User Execution

Command and Scripting Interperter: PowerShell

Valid Accounts

Valid Accounts

Exploitation for Privilege Escalation

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information