High Or Critical Priority Host With Malware Detected

Description

Alerts when an infection is noted on a host with high or critical priority.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Endpoint Compromise

Alert Volume

Alerts when an infection is noted on a host with high or critical priority.

SPL Difficulty

Medium

Journey

Stage 4

MITRE ATT&CK Tactics

Initial Access
Execution

MITRE ATT&CK Techniques

Drive-by Compromise
Spearphishing Attachment
Spearphishing Link
User Execution

Spearphishing Attachment
Spearphishing Link

MITRE Threat Groups

APT-C-36
APT1
APT12
APT19
APT28
APT29
APT30
APT32
APT33
APT37
APT39
APT41
BRONZE BUTLER
BlackTech
Cobalt Group
DarkHydrus
Darkhotel
Dragonfly 2.0
Elderwood
FIN4
FIN6
FIN7
FIN8
Frankenstein
Gallmaker
Gamaredon Group
Gorgon Group
Inception
Kimsuky
Lazarus Group
Leviathan
Machete
Magic Hound
Mofang
Molerats
MuddyWater
Naikon
Night Dragon
OilRig
PLATINUM
Patchwork
RTM
Rancor
Sandworm Team
Sharpshooter
Silence
Stolen Pencil
TA459
TA505
The White Company
Tropic Trooper
Turla
Windshift
Wizard Spider
admin@338
menuPass

Data Sources

Anti-Virus or Anti-Malware