New Analytic Story
- Prestige Ransomware
- Windows Post-Exploitation
New Analytics
- Windows Modify Registry Reg Restore
- Windows Query Registry Reg Save
- Windows System User Discovery Via Quser
- Windows WMI Process And Service List
- Windows Cached Domain Credentials Reg Query
- Windows ClipBoard Data via Get-ClipBoard
- Windows Credentials from Password Stores Query
- Windows Credentials in Registry Reg Query
- Windows Indirect Command Execution Via Series Of Forfiles
- Windows Information Discovery Fsutil
- Windows Password Managers Discovery
- Windows Private Keys Discovery
- Windows Security Support Provider Reg Query
- Windows Steal or Forge Kerberos Tickets Klist
- Windows System Network Config Discovery Display DNS
- Windows System Network Connections Discovery Netsh
- Windows Change Default File Association For No File Ext
- Windows Service Stop Via Net and SC Application
Other Updates
- Added new Mitre MAP Coverage map json files to show the CISA 2021 Top Malware TTP coverage in docs/mitre-map.
- Fixed a bug in
contentctlto appropriate scheduling configuration in savedsearches.conf