LoFP
/
t1568
t1568
Title
Tags
legitimate use of ngrok
t1090
t1102
t1567
t1568
t1568.002
t1572
linux
sigma
legitimate use of the ngrok service.
t1090
t1102
t1567
t1567.001
t1568
t1568.002
t1572
windows
sigma
software downloads
t1105
t1568
sigma
this rule could identify benign domains that are formatted similarly to fin7's command and control algorithm. alerts should be investigated by an analyst to assess the validity of the individual observations.
t1071
t1568
network
elastic
this rule should be tailored to either exclude systems, as sources or destinations, in which this behavior is expected.
t1071
t1568
network
elastic
this rule should be tailored to exclude systems, either as sources or destinations, in which this behavior is expected.
t1071
t1568
network
elastic
LoFP
/
t1568