Attack path: Remote Services
Kill-chain expansion via actor co-occurrence analysis ·
15 techniques ·
14 detectable
·
1 detection gaps
Entry point: CVE-2024-34887
T1021
Reconnaissance
Priv Escalation
Credential Access
Lateral Movement
T1021
Remote Services
✓ sigma
999.0x lift
T1021.002
SMB/Windows Admin Shares
✓ sigma
1.6x lift
T1021.004
SSH
✓ sigma
1.6x lift
T1080
Taint Shared Content
× no rule
1.6x lift
T1550.002
Pass the Hash
✓ sigma
1.6x lift
T1210
Exploitation of Remote Service…
✓ sigma
1.6x lift
T1021.001
Remote Desktop Protocol
✓ sigma
1.6x lift
T1021.006
Windows Remote Management
✓ sigma
1.6x lift
Entry point (from CVE)
Detection rule available
Detection gap - potential blind spot
Lift = how strongly this technique co-occurs with the entry point across shared threat actors (1x = expected, 5x = highly distinctive)
Hunt package
All 15 techniques in this chain - Sigma rules, Atomic tests, and detection gaps in one view.