Behavioral task
behavioral1
Sample
Operationalizing_Threat_Intelligence.pdf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Operationalizing_Threat_Intelligence.pdf
Resource
win10v2004-20220901-en
General
-
Target
Operationalizing_Threat_Intelligence.pdf
-
Size
21.1MB
-
MD5
ca7841e3eaccca3c20d7b6f5824938bb
-
SHA1
9b972a500b649416a08d0b8f02081c2d4c86f6dd
-
SHA256
e0d98cf3a5d72ef241e100bdab25efd448577a25f6f9fb9148bccd629136e179
-
SHA512
c1534844725f4d1ebd74296ef47d33ece05caaa361534c6a6f346533bc7248cf2f87b87d922ce474e49dd9bab5c9f945011fad7adedc0680b927d64acae362a3
-
SSDEEP
393216:c4tlqR9+RuUvOQPUnC13FYgobo5A36zLE39fkbKyyBBiRH0Z6ILDFqtdGlf2cTc:W7bUWVnCxugCXQL8kbKd2H0Z6IXCUluF
Malware Config
Signatures
Files
-
Operationalizing_Threat_Intelligence.pdf.pdf
-
http://www.packt.com
-
https://static.packt-cdn.com/downloads/9781801814683_ColorImages.pdf
-
http://www.packtpub.com/support/errata
-
http://authors.packtpub.com
-
https://packt.link/r/1-801-81468-6
-
https://www.urlscan.io
-
https://www.ijlter.org/index.php/ijlter/article/download/494/234
-
https://attack.mitre.org/
-
https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
-
https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/
-
https://www.spamhaus.org/
-
https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
-
https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
-
https://googleblog.blogspot.com/2010/01/new-approach-to-china.html
-
https://collaborate.mitre.org/attackics/index.php/Software/S0010
-
https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/
-
https://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html
-
https://www.kaspersky.com/about/press-releases/2013_kaspersky-lab-identifies-operation--red-october--an-advanced-cyber-espionage-campaign-targeting-diplomatic-and-government-institutions-worldwide
-
https://www.mandiant.com/resources/apt1-exposing-one-of-chinas-cyber-espionage-units
-
https://www.mandiant.com/resources/apt28-a-window-into-russias-cyber-espionage-operations
-
https://www.wired.com/story/russian-hackers-attack-ukraine/
-
https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/
-
https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little
-
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
-
https://www.theguardian.com/technology/2013/may/16/lulzsec-hacking-fbi-jail
-
https://www.theguardian.com/technology/2011/jun/21/soca-website-hacking-lulzsec
-
https://www.bbc.co.uk/news/world-middle-east-22287326
-
https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html
-
https://www.theregister.com/2015/02/11/anonymous_hacks_fuel_station_monitoring_system/
-
https://thediplomat.com/2011/09/how-al-qaeda-recruits-online/
-
https://www.telegraph.co.uk/news/worldnews/islamic-state/11531794/Australian-airport-website-hacked-by-Islamic-State.html
-
https://www.theguardian.com/world/2015/aug/13/isis-hacking-division-releases-details-of-1400-americans-and-urges-attacks
-
https://en.wikipedia.org/wiki/Islamic_State_Hacking_Division#cite_note-23
-
https://www.hackread.com/someone-hacked-swedish-radio-station-play-pro-isis-song/
-
http://www.newsweek.com/isis-linked-cyber-group-releases-kill-list-8786-us-targets-lone-wolf-attacks-578765
-
https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html
-
https://cve.mitre.org/
-
https://attack.mitre.org/groups/
-
https://docs.microsoft.com/en-us/sysinternals/
-
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
-
https://github.com/gentilkiwi/mimikatz
-
https://www.metasploit.com/
-
https://www.cobaltstrike.com/
-
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
-
https://www.vultr.com/
-
https://github.com/laramies/theHarvester
-
https://github.com/Dionach/CMSmap
-
https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/
-
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
-
https://www.snort.org/
-
https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf
-
https://attack.mitre.org/techniques/enterprise/
-
https://stixproject.github.io/
-
https://oasis-open.github.io/cti-documentation/taxii/intro
-
https://www.opencti.io/
-
https://www.misp-project.org/
-
https://ccdcoe.org/cycon/
-
https://attack.mitre.org/groups/G0007/
-
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
-
https://nordvpn.com
-
https://expressvpn.com
-
https://github.com/trailofbits/algo
-
https://osint.fans/tfvpn-for-osint-investigations
-
https://github.com/StreisandEffect/streisand
-
http://www.torproject.org
-
https://cybersecurity.att.com/products/ossim
-
http://www.zeek.org/
-
http://www.snort.org/
-
http://www.suricata.io
-
http://www.ossec.net
-
https://la-samhna.de
-
https://www.yubico.com/products/yubikey-5-overview/
-
http://www.virtualbox.com/
-
https://www.kali.org/get-kali/#kali-virtual-machines
-
https://www.sans.org/tools/sift-workstation
-
https://www.f-response.com
-
https://www.sleuthkit.org
-
https://www.remnux.com
-
http://tekdefense.com/automater
-
https://github.com/alexandreborges/malwoverview
-
https://github.com/viper-framework/viper
-
https://github.com/buffer/ioc_parser
-
https://github.com/cyware-labs/Threat-Response-Docker
-
https://keepass.info/
-
http://www.lastpass.com/
-
http://www.1password.com/
-
http://thunderbird.net
-
http://evernote.com
-
http://onenote.com
-
https://twitter.com/
-
https://www.facebook.com/
-
https://www.hybrid-analysis.com/
-
https://telegram.org/
-
https://discord.com/
-
https://www.virustotal.com/
-
https://www.shodan.io/
-
https://www.maltego.com/
-
https://opencti.io
-
https://www.anomali.com/products/threatstream
-
https://www.threatq.com/threatq-platform
-
https://www.recordedfuture.com/solutions/threat-intelligence-platform
-
https://community.riskiq.com/home
-
https://www.shodan.io
-
https://www.censys.io
-
https://community.riskiq.com/
-
https://otx.alienvault.com
-
https://docs.microsoft.com/en-us/sysinternals/downloads/strings
-
http://sandsprite.com/iDef/MAP/
-
https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml
-
http://www.aspack.com/
-
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
-
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regclosekey
-
https://mh-nexus.de/en/hxd/
-
https://sourceforge.net/projects/hexedit/
-
https://hexed.it/
-
https://github.com/guelfoweb/peframe
-
https://processhacker.sourceforge.io/
-
https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
-
https://github.com/horsicq/Detect-It-Easy
-
https://pev.sourceforge.io/
-
https://www.virtualbox.org/
-
https://www.wireshark.org/
-
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
-
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
-
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
-
https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile
-
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep
-
https://app.any.run/
-
https://www.joesandbox.com/
-
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti
-
https://attack.mitre.org/tactics/TA0003/
-
https://attack.mitre.org/techniques/T1547/
-
https://attack.mitre.org/techniques/T1547/001/
-
https://www.mitre.org/publications/technical-papers/finding-cyber-threats-with-attck-based-analytics
-
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
-
https://www.cisa.gov/uscert/ncas/alerts/aa20-302a
-
https://www.json.org/
-
https://oasis-open.github.io/cti-documentation/stix/examples
-
https://oasis-open.github.io/cti-documentation/examples/example_json/apt1.json
-
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
-
https://oasis-open.github.io/cti-documentation/examples/example_json/poisonivy.json
-
https://www.coresecurity.com/system/files/publications/2017/03/Damballa_Report_IMDDOS.pdf
-
https://gist.githubusercontent.com/rjsmitre/79775df68b0d1c7c0985b4fe7f115586/raw/d5d2a3e7b4ae52ff7153a8b7b5b57dd066611803/imddos.json
-
https://oasis-open.github.io/cti-stix-visualization/
-
https://www.mandiant.com/resources/tracking-malware-import-hashing
-
https://ssdeep-project.github.io/ssdeep/index.html
-
https://ssdeep-project.github.io/ssdeep/demo.html
-
https://bazaar.abuse.ch/sample/52fce8f05b7bcad7c37912d8408be264e25301464474c4968036f18cb6b80650/
-
https://gist.github.com/fr0gger/1263395ebdaf53e67f42c201635f256c
-
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
-
https://ja3er.com/
-
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
-
https://github.com/salesforce/jarm
-
https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf
-
https://cdn.ymaws.com/www.scip.org/resource/resmgr/White_Papers/Peterson-Appropriate-Factors.pdf
-
https://www.dni.gov/files/documents/ICD/ICD%20203%20Analytic%20Standards.pdf
-
https://stixproject.github.io/documentation/idioms/cve/
-
https://csrc.nist.gov/publications/detail/sp/800-61/archive/2004-01-16
-
https://d3fend.mitre.org/
-
https://d3fend.mitre.org/about
-
https://www.nist.gov/cyberframework
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
-
https://www.tweepy.org/
-
http://www.venomcontrol.com
-
https://zeltser.com/media/docs/cyber-threat-intel-and-ir-report-template.dotx
-
http://Packt.com
-
http://packt.com
-
https://www.packtpub.com/product/security/9781800209404
-
https://packt.link/9781838556372
-
http://978-1-80181-468-3www.packt.com
-
http://273urlscan.io
-
https://static.packt-cdn.com/downloads/9781801814683_ColorImages.pdf.Conventions
-
http://packtpub.com
-
http://Shodan.io
-
http://urlscan.io
-
https://www.dorkyboy.com/photoblog/templates/smokescreen/styles/js/mdddss/lmmnodejs/
-
http://dorkboy.com
-
https://attack.mitre.org
-
https://www.spamhaus.org
-
https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia.
-
https://googleblog.blogspot.com/2010/01/new-approach-to-china.html.
-
https://collaborate.mitre.org/attackics/index.php/Software/S0010.
-
https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/.
-
https://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html.
-
https://www.kaspersky.com/about/press-releases/2013_kaspersky-lab-identifies-operation--red-october--an-advanced-cyber-espionage-campaign-targeting-diplomatic-and-government-institutions-worldwide.
-
https://www.mandiant.com/resources/apt1-exposing-one-of-chinas-cyber-espionage-units.
-
https://www.mandiant.com/resources/apt28-a-window-into-russias-cyber-espionage-operations.
-
https://www.wired.com/story/russian-hackers-attack-ukraine/.
-
https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/.
-
https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little.
-
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/.As
-
https://www.theguardian.com/technology/2013/may/16/lulzsec-hacking-fbi-jail.
-
https://www.theguardian.com/technology/2011/jun/21/soca-website-hacking-lulzsec.
-
https://www.bbc.co.uk/news/world-middle-east-22287326.
-
https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html.
-
https://www.theregister.com/2015/02/11/anonymous_hacks_fuel_station_monitoring_system/.Next,
-
https://thediplomat.com/2011/09/how-al-qaeda-recruits-online/.
-
https://www.telegraph.co.uk/news/worldnews/islamic-state/11531794/Australian-airport-website-hacked-by-Islamic-State.html.
-
https://www.theguardian.com/world/2015/aug/13/isis-hacking-division-releases-details-of-1400-americans-and-urges-attacks.
-
https://en.wikipedia.org/wiki/Islamic_State_Hacking_Division#cite_note-23.
-
https://www.hackread.com/someone-hacked-swedish-radio-station-play-pro-isis-song/.
-
http://www.newsweek.com/isis-linked-cyber-group-releases-kill-list-8786-us-targets-lone-wolf-attacks-578765.Next,
-
https://cve.mitre.org/.To
-
https://attack.mitre.org/groups/.
-
https://www.metasploit.com
-
https://www.cobaltstrike.com
-
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/.As
-
https://www.vultr.com
-
http://Nasa.gov
-
https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/.Phishing
-
https://www.snort.org
-
https://attack.mitre.org/techniques/enterprise/.Within
-
https://stixproject.github.io
-
https://www.opencti.io
-
https://www.misp-project.org
-
https://ccdcoe.org/cycon/.In
-
http://www.zeek.org
-
http://www.snort.org
-
http://www.virtualbox.com
-
http://Malwoverview.py
-
https://keepass.info
-
http://www.lastpass.com
-
http://www.1password.com
-
https://twitter.com
-
https://www.facebook.com
-
https://www.hybrid-analysis.com
-
https://telegram.org
-
https://discord.com
-
https://www.virustotal.com
-
https://www.maltego.com
-
https://www.passivetotal.com
-
http://ensys.io
-
https://www.domaintools.com
-
http://whoisxmlapi.com
-
http://www.google.com
-
http://yahoo.com
-
http://mta5.am0.yahoodns.net.yahoo.com
-
http://mta7.am0.yahoodns.net.yahoo.com
-
http://mta6.am0.yahoodns.net
-
http://Google.com
-
https://community.riskiq.com
-
https://docs.microsoft.com/en-us/sysinternals/downloads/strings.
-
http://sandsprite.com/iDef/MAP/.
-
https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml.
-
http://www.aspack.com/.
-
https://docs.microsoft.com/en-us/windows/win32/debug/pe-format.
-
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regopenkeyexa
-
https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryvalueexa
-
https://hexed.it
-
https://www.winitor.com
-
https://processhacker.sourceforge.io
-
https://pev.sourceforge.io
-
https://ghidra-sre.org
-
https://www.virtualbox.org/.
-
http://time.windows.com
-
https://www.inetsim.org/.
-
https://www.wireshark.org/.
-
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview.
-
http://irc.badguy.au
-
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer.
-
https://docs.microsoft.com/en-us/sysinternals/downloads/procmon.
-
https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile.
-
https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep.
-
https://cuckoosandbox.org/.
-
http://any.run
-
https://app.any.run
-
https://www.joesandbox.com
-
https://www.dorkyboy.com/photoblog/templates/[..]/styles/js/mdddss/lmmnodejs/
-
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti.Now
-
https://attack.mitre.org/tactics/TA0003/.On
-
https://attack.mitre.org/techniques/T1547/.
-
https://attack.mitre.org/techniques/T1547/001/.Now
-
https://www.mitre.org/publications/technical-papers/finding-cyber-threats-with-attck-based-analytics,
-
https://attack.mitre.org/.
-
http://windows-several-update.com
-
http://urlscan.io.urlscan.iourlscan.io
-
http://teamtnt.red
-
http://chasebank.ru
-
http://stats.onetrust.digital
-
https://pozdravlenie.xyz/file/file43.exe:Figure
-
http://airbusocean.com
-
https://www.json.org/.Numerous
-
https://oasis-open.github.io/cti-documentation/stix/examples.
-
https://oasis-open.github.io/cti-stix-visualization/.
-
https://www.mandiant.com/resources/tracking-malware-import-hashing.
-
https://ssdeep-project.github.io/ssdeep/index.html.
-
https://ssdeep-project.github.io/ssdeep/demo.html.Figure
-
https://bazaar.abuse.ch/sample/52fce8f05b7bcad7c37912d8408
-
https://mb-api.abuse.ch/api/v1/
-
http://DhashIcon.py
-
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41.
-
https://ja3er.com/,
-
http://abuse.ch
-
http://ja3er.com
-
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a.
-
https://github.com/salesforce/jarm.
-
http://jarm.py
-
https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf.
-
https://cdn.ymaws.com/www.scip.org/resource/resmgr/White_Papers/Peterson-Appropriate-Factors.pdf.Always
-
https://www.dni.gov/files/documents/ICD/ICD%20203%20Analytic%20Standards.pdf.
-
https://stixproject.github.io/documentation/idioms/cve/.
-
https://d3fend.mitre.org/.Similar
-
https://d3fend.mitre.org/about:Figure
-
https://www.nist.gov/cyberframework.While
-
http://ozarkintbank.com
-
https://www.tweepy.org
-
http://narrow-ink.auto.playit.gg
-
http://payloads-poison.000webhostapp.com
-
http://000webhostapp.com
-
http://poison.000webhostapp.com
-
http://tria.ge
-
http://www.Tria.ge
-
http://exploit.in
-
http://hackforums.net
-
https://zeltser.com/media/docs/cyber-threat-intel-and-ir-report-template.dotx.
-
http://192any.run
-
http://252any.run
-
http://291-294urlscan.io
-
http://14urlscan.io
-
http://212whoisxmlapi.com
- Show all
-