Vendor: Code42

November 29, 2023 · View on GitHub

Product: Code42 Incydr

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
149612299
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessapp-activity
code42-incydr-sk4-app-activity-success-appclient
code42-incydr-json-file-succes-file

print-activity
code42-incydr-json-file-succes-file
T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulationapp-activity
code42-incydr-sk4-app-activity-success-appclient
code42-incydr-json-file-succes-file
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Destruction of Datafile-delete
code42-incydr-str-file-success-logcollector
code42-incydr-json-file-delete-success-deviceaddress
code42-incydr-csv-file-delete-success-code42logcollector
code42-incydr-json-file-succes-file
T1070.004 - Indicator Removal on Host: File Deletion
T1485 - Data Destruction
  • 1 Rules
Privilege Escalationapp-activity
code42-incydr-sk4-app-activity-success-appclient
code42-incydr-json-file-succes-file
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

Replication Through Removable Media

External Remote Services

Valid Accounts

Server Software Component: Web Shell

Account Manipulation

Server Software Component

Boot or Logon Autostart Execution

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Exploitation for Privilege Escalation

Boot or Logon Autostart Execution

Obfuscated Files or Information: Indicator Removal from Tools

Indicator Removal on Host: File Deletion

Valid Accounts

Indicator Removal on Host

Obfuscated Files or Information

OS Credential Dumping

File and Directory Discovery

Replication Through Removable Media

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Proxy

Exfiltration Over Physical Medium: Exfiltration over USB

Exfiltration Over Physical Medium

Data Destruction

Data Encrypted for Impact