Skip to content

MISP galaxy

3c1b5fb0 c72f 45ba abd1 4d4c353144ab

MISP galaxy

Home
Statistics
360net
360net
- 360.net Threat Actors
Ammunitions
Ammunitions
- Ammunitions
Android
Android
- Android
Atrm
Atrm
- Azure Threat Research Matrix
Attck4fraud
Attck4fraud
- attck4fraud
Backdoor
Backdoor
- Backdoor
Banker
Banker
- Banker
Bhadra framework
Bhadra framework
- Bhadra Framework
Botnet
Botnet
- Botnet
Branded vulnerability
Branded vulnerability
- Branded Vulnerability
Cancer
Cancer
- Cancer
Cert eu govsector
Cert eu govsector
- Cert EU GovSector
China defence universities
China defence universities
- China Defence Universities Tracker
Cmtmf attack pattern
Cmtmf attack pattern
- CONCORDIA Mobile Modelling Framework - Attack Pattern
Country
Country
- Country
Cryptominers
Cryptominers
- Cryptominers
Disarm actortypes
Disarm actortypes
- Actor Types
Disarm countermeasures
Disarm countermeasures
- Countermeasures
Disarm detections
Disarm detections
- Detections
Disarm techniques
Disarm techniques
- Techniques
Election guidelines
Election guidelines
- Election guidelines
Entity
Entity
- Entity
Exploit kit
Exploit kit
- Exploit-Kit
Firearms
Firearms
- Firearms
First csirt services framework
First csirt services framework
- FIRST CSIRT Services Framework
First dns
First dns
- FIRST DNS Abuse Techniques Matrix
Gsma motif
Gsma motif
- GSMA MoTIF
Handicap
Handicap
- Handicap
Intelligence agencies
Intelligence agencies
- Intelligence Agencies
Interpol dwva
Interpol dwva
- INTERPOL DWVA Taxonomy
Malpedia
Malpedia
- Malpedia
Microsoft activity group
Microsoft activity group
- Microsoft Activity Group actor
Misinfosec amitt misinformation pattern
Misinfosec amitt misinformation pattern
- Misinformation Pattern
Mitre atlas attack pattern
Mitre atlas attack pattern
- MITRE ATLAS Attack Pattern
Mitre atlas course of action
Mitre atlas course of action
- MITRE ATLAS Course of Action
Mitre attack pattern
Mitre attack pattern
- Attack Pattern
Mitre course of action
Mitre course of action
- Course of Action
Mitre d3fend
Mitre d3fend
- MITRE D3FEND
Mitre data component
Mitre data component
- mitre-data-component
Mitre data source
Mitre data source
- mitre-data-source
Mitre ics assets
Mitre ics assets
- Assets
Mitre ics groups
Mitre ics groups
- Groups
Mitre ics levels
Mitre ics levels
- Levels
Mitre ics software
Mitre ics software
- Software
Mitre ics tactics
Mitre ics tactics
- Tactics
Mitre intrusion set
Mitre intrusion set
- Intrusion Set
Mitre malware
Mitre malware
- Malware
Mitre tool
Mitre tool
- mitre-tool
Nace
Nace
- NACE
Naics
Naics
- NAICS
Nice framework competency areas
Nice framework competency areas
- NICE Competency areas
Nice framework knowledges
Nice framework knowledges
- NICE Knowledges
Nice framework opm codes
Nice framework opm codes
- OPM codes in cybersecurity
Nice framework skills
Nice framework skills
- NICE Skills
Nice framework tasks
Nice framework tasks
- NICE Tasks
Nice framework work roles
Nice framework work roles
- NICE Work Roles
O365 exchange techniques
O365 exchange techniques
- o365-exchange-techniques
Online service
Online service
- online-service
Preventive measure
Preventive measure
- Preventive Measure
Producer
Producer
- Producer
Ransomware
Ransomware
- Ransomware
Rat
Rat
- RAT
Region
Region
- Regions UN M49
Rsit
Rsit
- rsit
Sector
Sector
- Sector
Sigma rules
Sigma rules
- Sigma-Rules
Social dark patterns
Social dark patterns
- Dark Patterns
Sod matrix
Sod matrix
- SoD Matrix
Stealer
Stealer
- Stealer
Surveillance vendor
Surveillance vendor
- Surveillance Vendor
Target information
Target information
- Target Information
Tds
Tds
- TDS
Tea matrix
Tea matrix
- Tea Matrix
Threat actor
Threat actor
- Threat Actor
Tidal campaigns
Tidal campaigns
- Tidal Campaigns
Tidal groups
Tidal groups
- Tidal Groups
Tidal references
Tidal references
- Tidal References
Tidal software
Tidal software
- Tidal Software
Tidal tactic
Tidal tactic
- Tidal Tactic
Tidal technique
Tidal technique
- Tidal Technique
Tmss
Tmss
- Threat Matrix for storage services
Tool
Tool
- Tool
Uavs
Uavs
- UAVs/UCAVs
Ukhsa culture collections
Ukhsa culture collections
- UKHSA Culture Collections

Hide Navigation Hide TOC

Process Creation Using Sysnative Folder (3c1b5fb0-c72f-45ba-abd1-4d4c353144ab)

Detects process creation events that use the Sysnative folder (common for CobaltStrike spawns)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d)	Attack Pattern	Process Creation Using Sysnative Folder (3c1b5fb0-c72f-45ba-abd1-4d4c353144ab)	Sigma-Rules	1