PUA - Ngrok Execution (ee37eb7c-a4e7-4cd5-8fa4-efa27f1c3f31)
Detects the use of Ngrok, a utility used for port forwarding and tunneling, often used by threat actors to make local protected services publicly available. Involved domains are bin.equinox.io for download and *.ngrok.io for connections.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| PUA - Ngrok Execution (ee37eb7c-a4e7-4cd5-8fa4-efa27f1c3f31) | Sigma-Rules | Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) | Attack Pattern | 1 |