Unusual Web Browser

Description

Triggered when either a user or device exhibits a rare browser user agent string (e.g., iexplorer.exe instead of iexplore.exe).

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Unauthorized Software

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Command and Control
Exfiltration

MITRE ATT&CK Techniques

Application Layer Protocol
Exfiltration Over C2 Channel
Commonly Used Port

MITRE Threat Groups

APT18
APT19
APT28
APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN7
FIN8
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
Magic Hound
MuddyWater
Night Dragon
OilRig
Rocke
Sandworm Team
Soft Cell
Stealth Falcon
TEMP.Veles
Threat Group-3390
Wizard Spider

Data Sources

Web Proxy