Please enable JavaScript.
Coggle requires JavaScript to display documents.
json(106000) OAT - Coggle Diagram
json(106000)
OAT
file_event(106002)
if_sid - 106000
id - 2
file_open(106023)
if_sid - 106002
subid - 102
file_deletion(106024)
if_sid - 106002
subid - 103
file_creation(106022)
if_sid - 106002
subid - 101
file_setsecurity(106025)
if_sid - 106002
subid - 104
file_copy(106026)
if_sid - 106002
subid - 105
file_move(106027)
if_sid - 106002
subid - 106
file_close(106028)
if_sid - 106002
subid - 107
file_setattribute(106031)
if_sid - 106002
subid - 110
file_modifiedtimestamp(106029)
if_sid - 106002
subid - 108
file_modify(106030)
if_sid - 106002
subid - 109
id - 106062
if_sid - 106030
Modification of the hosts file.
process_event(106001)
if_sid - 106000
id - 1
process_terminate(106017)
if_sid - 106001
subid - 3
process_load_image(106018)
if_sid - 106001
subid - 4
process_create(106016)
if_sid - 106001
subid - 2
id - 106060
if_sid - 106016
Net Use Shared Resource Mapping Detected.
Aggregation
id - 106061
if_matched_sid - 106060
Potential Brute Force Attempt via Net Use for Shared Resource Mapping.
id - 106064
if_sid - 106016
User Password Modification via Net.exe Command Line Utility..
id - 106065
if_sid - 106016
Suspicious Malicious Script Execution from User's Download Path.
id - 106067
if_sid - 106016
Attempted execution attribute modification via Chmod command detected.
id - 106069
if_sid - 106016
Executable Script Execution from Startup Folder.
id - 106070
if_sid - 106016
System Reboot Via Command Line.
process_execute(106019)
if_sid - 106001
subid - 5
process_open(106015)
if_sid - 106001
subid - 1
process_connect(106020)
if_sid - 106001
subid - 6
process_traceme(106021)
if_sid - 106001
subid - 7
connection_event(106003)
if_sid - 106000
id - 3
connection_outbound(106035)
if_sid - 106003
subid - 204
id - 106063
if_sid - 106035
Unusual Outbound Winlogon Connection on Non-Standard Port.
connection_inbound(106034)
if_sid - 106003
subid - 203
connection_listen(106033)
if_sid - 106003
subid - 202
connection_connect(106032)
if_sid - 106003
subid - 201
registry_event(106005)
if_sid - 106000
id - 5
registry_rename (106040)
if_sid - 106005
subid - 404
registry_delete(106039)
if_sid - 106005
subid - 403
registry_set(106038)
if_sid - 106005
subid - 402
registry_create(106037)
if_sid - 106005
subid - 401
account_event(106006)
if_sid - 106000
id - 6
account_modify(106044)
if_sid - 106006
subid - 504
account_impersonate(106043)
if_sid - 106006
subid - 503
account_deletion(106042)
if_sid - 106006
subid - 502
account_addition(106041)
if_sid - 106006
subid - 501
modified_process_event(106008)
if_sid - 106000
id - 8
modified_process_read_process(106051)
if_sid - 106008
subid - 704
modified_process_write_process(106050)
if_sid - 106008
subid - 703
modified_process_write_memory(106049)
if_sid - 106008
subid - 702
modified_process_create_remotethread(106048)
if_sid - 106008
subid - 701
internet_event(106007)
if_sid - 106000
id - 7
internet_download (106047)
if_sid(106007)
subid(603)
internet_connect(106046)
if_sid - 106007
subid - 602
internet_open(106045)
if_sid - 106007
subid - 601
memory_event(106013)
if_sid - 106000
id - 13
memory_read(106057)
if_sid - 106013
subid - 1003
memory_modify_permission(106056)
if_sid - 106013
subid - 1002
memory_modify(106055)
if_sid - 106013
subid - 1001
bm_event(106014)
if_sid - 106000
id - 14
bm_invoke_api(106059)
if_sid - 106014
subid - 1102
bm_invoke(106058)
if_sid - 106014
subid - 1101
dns_event(106004)
if_sid - 106000
id - 4
dns_query(106036)
if_sid - 106004
subid - 301
window_hook_event(106009)
if_sid - 106000
id - 9
windows_hook_set(106053)
if_sid - 106009
subid - 801
amsi_event(106011)
if_sid - 106000
id - 11
amsi_execute(106054)
if_sid - 106011
subid - 901
windows_event(106010)
if_sid - 106000
id - 10
wmi_event(106012)
if_sid - 106000
id - 12