Vendor: Ipswitch

April 15, 2026 · View on GitHub

Product: MoveIt Transfer

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
1405032109
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessaccount-password-change
ipswitch-moveittransfer-kv-user-password-modify-success-pwdfailed

app-login
ipswitch-moveittransfer-kv-app-login-success-signedon

authentication-failed
ipswitch-moveitdmz-kv-endpoint-login-fail-sshfail

authentication-successful
ipswitch-moveittransfer-kv-endpoint-login-success-signedon

failed-logon
ipswitch-moveittransfer-kv-endpoint-login-fail-signon
ipswitch-moveittransfer-kv-endpoint-login-fail-signon-1

member-added
ipswitch-moveitdmz-kv-group-member-add-success-addgroupmember
ipswitch-moveittransfer-kv-group-member-add-success-adduser
T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 20 Rules
  • 6 Models
Account Manipulationaccount-password-change
ipswitch-moveittransfer-kv-user-password-modify-success-pwdfailed

member-added
ipswitch-moveitdmz-kv-group-member-add-success-addgroupmember
ipswitch-moveittransfer-kv-group-member-add-success-adduser
T1098 - Account Manipulation
T1136 - Create Account
  • 25 Rules
  • 12 Models
Brute Force Attackfailed-logon
ipswitch-moveittransfer-kv-endpoint-login-fail-signon
ipswitch-moveittransfer-kv-endpoint-login-fail-signon-1
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1110 - Brute Force
T1110.003 - T1110.003
  • 9 Rules
Data Exfiltrationfile-write
ipswitch-mdmz-kv-file-write-success-moveitdmzaddfolder
ipswitch-moveitdmz-kv-file-write-success-rename
TA0002 - TA0002
  • 2 Rules
  • 1 Models
Data Leakfile-write
ipswitch-mdmz-kv-file-write-success-moveitdmzaddfolder
ipswitch-moveitdmz-kv-file-write-success-rename
T1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules
Destruction of Datafile-delete
ipswitch-mdmz-kv-file-delete-success-moveitdmzdelfile
ipswitch-mdmz-kv-file-delete-success-moveitdelfile
ipswitch-mdmz-kv-file-delete-success-moveitdmzdelfolder
T1070 - Indicator Removal on Host
T1070.004 - Indicator Removal on Host: File Deletion
T1485 - Data Destruction
  • 1 Rules
Privilege Escalationfailed-logon
ipswitch-moveittransfer-kv-endpoint-login-fail-signon
ipswitch-moveittransfer-kv-endpoint-login-fail-signon-1
T1210 - Exploitation of Remote Services
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

Create Account

External Remote Services

Valid Accounts

Server Software Component: Web Shell

Account Manipulation

Server Software Component

Boot or Logon Autostart Execution

Valid Accounts

Exploitation for Privilege Escalation

Boot or Logon Autostart Execution

Indicator Removal on Host: File Deletion

Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Indicator Removal on Host

Use Alternate Authentication Material: Pass the Ticket

OS Credential Dumping

Brute Force

Steal or Forge Kerberos Tickets

File and Directory Discovery

Exploitation of Remote Services

Remote Services

Use Alternate Authentication Material

Remote Services: Remote Desktop Protocol

Email Collection

Proxy: Multi-hop Proxy

Proxy

Data Destruction

Data Encrypted for Impact