New Analytics
- Citrix ADC Exploitation CVE-2023-3519
- Windows Modify Registry EnableLinkedConnections
- Windows Modify Registry LongPathsEnabled
- Windows Modify Registry Risk Behavior
- Windows Post Exploitation Risk Behavior
- Windows Common Abused Cmd Shell Risk Behavior
Updated Analytics
- O365 Add App Role Assignment Grant User
- MSHTML Module Load in Office Product
- Office Document Spawned Child Process To Download
- Office Product Spawn CMD Process
- Office Product Spawning BITSAdmin
- Office Product Spawning CertUtil
- Office Product Spawning MSHTA
- Office Product Spawning Rundll32 with no DLL
- Office Product Spawning Windows Script Host
New Analytic Story
- BlackByte Ransomware
- CVE-2023-36884 Office and Windows HTML RCE Vulnerability
- Citrix Netscaler ADC CVE-2023-3519
Other Updates
- Tagged several detection analytics to
BlackByte Ransomware
- Removed unused fields from detections.json for SSE API
- Improved validation script for the csv lookup and yaml files