Suspicious Box Usage

Description

This anomaly contains a number of detection methods surrounding box usage and malicious intent (e.g., file relay through box). Check the associated detection methods for a comprehensive list of what triggers this anomaly.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise, Threat Intelligence

Alert Volume

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Exfiltration
Defense Evasion

MITRE ATT&CK Techniques

Exfiltration Over Other Network Medium
Web Service
Exfiltration

MITRE Threat Groups

Chimera
FIN6
Gamaredon Group
Inception
Rocke

Data Sources

Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Audit Trail