Behavioral task
behavioral1
Sample
1ec58d2070fb475758cdb0ce888ec6133700b989aa3ea2d285e04249e6910789.pdf
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
1ec58d2070fb475758cdb0ce888ec6133700b989aa3ea2d285e04249e6910789.pdf
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
1ec58d2070fb475758cdb0ce888ec6133700b989aa3ea2d285e04249e6910789
-
Size
2.3MB
-
MD5
0769beb0603a6b295575cc81f300d66a
-
SHA1
63da39d2756708748b9dbff219764d1c9f1544b6
-
SHA256
1ec58d2070fb475758cdb0ce888ec6133700b989aa3ea2d285e04249e6910789
-
SHA512
3581ce43a044cdea0653866672f19a542e3081d9902f2604f8793f8457f3c3646f37927fddcc4afa8ebb8df832c62658e09bff5ab5fd4f04e63c48d45f76e128
-
SSDEEP
49152:cIpox/0K3UdneeR+fPIRZc5cgR/iby7LV4VpZikB:cIpox/X3U4C+fPIffgliby7RmZ7B
Malware Config
Signatures
Files
-
1ec58d2070fb475758cdb0ce888ec6133700b989aa3ea2d285e04249e6910789.pdf
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/whoami
-
https://attack.mitre.org/versions/v14/techniques/T1057
-
https://attack.mitre.org/versions/v14/techniques/T1007
-
https://attack.mitre.org/versions/v14/techniques/T1518
-
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-process?view=powershell-7.3
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist
-
https://attack.mitre.org/versions/v14/techniques/T1049/
-
https://learn.microsoft.com/en-us/powershell/module/nettcpip/get-nettcpconnection?view=windowsserver2022-ps
-
https://man7.org/linux/man-pages/man8/netstat.8.html
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
-
https://attack.mitre.org/versions/v14/techniques/T1016/
-
https://man7.org/linux/man-pages/man8/ip.8.html
-
https://man7.org/linux/man-pages/man8/ifconfig.8.html
-
https://linux.die.net/man/1/dig
-
https://linux.die.net/man/1/nslookup
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/dnscmd
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig
-
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7.3
-
https://man7.org/linux/man-pages/man1/ls.1.html
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/dir
-
https://attack.mitre.org/versions/v14/techniques/T1087/002/
-
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731033(v=ws.11)
-
https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser?view=windowsserver2022-ps
-
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732952(v=ws.11)
-
https://learn.microsoft.com/en-us/windows/win32/winsock/net-exe-2
-
https://attack.mitre.org/versions/v14/tactics/TA0007/
-
https://attack.mitre.org/versions/v14/techniques/T1552/001/
-
https://linux.die.net/man/1/gpg
-
https://man7.org/linux/man-pages/man8/sudo.8.html
-
https://attack.mitre.org/versions/v14/techniques/T1003/001/
-
https://www.microsoft.com/en-us/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/
-
https://attack.mitre.org/versions/v14/techniques/T1552/002/
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/reg
-
https://man7.org/linux/man-pages/man1/tail.1.html
-
https://man7.org/linux/man-pages/man1/head.1.html
-
https://man7.org/linux/man-pages/man1/more.1.html
-
https://man7.org/linux/man-pages/man1/less.1.html
-
https://www.man7.org/linux/man-pages/man1/cat.1.html
-
https://attack.mitre.org/versions/v14/techniques/T1003/003/
-
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc753343(v=ws.11)
-
https://attack.mitre.org/versions/v14/tactics/TA0006/
-
https://attack.mitre.org/versions/v14/techniques/T1569/002/
-
https://attack.mitre.org/software/S0029/
-
https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
-
https://learn.microsoft.com/en-us/sysinternals/downloads/pstools
-
https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-service
-
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/new-service?view=powershell-7.4
-
https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/use-at-command-to-schedule-tasks
-
https://learn.microsoft.com/en-us/windows/win32/services/controlling-a-service-using-sc
-
https://attack.mitre.org/versions/v14/techniques/T1059
-
https://man7.org/linux/man-pages/man1/tar.1.html
-
https://man7.org/linux/man-pages/man1/curl.1.html
-
https://www.vim.org/docs.php
-
https://cs.stanford.edu/people/miles/vi.html
-
https://www.zsh.org/
-
https://linux.die.net/man/1/csh
-
https://www.gnu.org/software/bash/manual/bash.html
-
https://man7.org/linux/man-pages/man1/sh.1p.html
-
https://attack.mitre.org/versions/v14/techniques/T1047/
-
https://attack.mitre.org/versions/v14/techniques/T1218/005/
-
https://learn.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.4
-
https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmic
-
https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page
-
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd
-
https://attack.mitre.org/versions/v14/tactics/TA0002/
-
https://github.com/cisagov/Decider/
-
https://attack.mitre.org/versions/v14/matrices/enterprise/
-
https://www.cisa.gov/sites/default/files/2023-06/Guide%20to%20Securing%20Remote%20Access%20Software_clean%20Final_508c.pdf
-
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
-
https://attack.mitre.org/techniques/T1020/001/
-
https://attack.mitre.org/techniques/T1546/
-
https://attack.mitre.org/techniques/T1552/005/
-
https://www.energy.gov/ceser/energy-threat-analysis-center-0
-
https://manpages.debian.org/testing/nftables/nft.8.en.html
-
https://man7.org/linux/man-pages/man8/iptables.8.html
-
https://man7.org/linux/man-pages/man1/scp.1.html
-
https://man7.org/linux/man-pages/man1/ssh.1.html
-
https://www.openssh.com/manual.html
-
https://learn.microsoft.com/en-us/windows/win32/winrm/portal
-
https://web.mit.edu/cdsdev/src/docs.html
-
https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/understanding-remote-desktop-protocol
-
https://man7.org/linux/man-pages/man1/lscpu.1.html
-
https://linux.die.net/man/8/procinfo
-
https://man7.org/linux/man-pages/man1/uname.1.html
-
https://man7.org/linux/man-pages/man1/id.1.html
-
https://man7.org/linux/man-pages/man1/whoami.1.html
-
https://man7.org/linux/man-pages/man1/curl.1.htmlv
-
https://attack.mitre.org/versions/v14/techniques/T1218/005
-
https://attack.mitre.org/versions/v14/techniques/T1020/001/
-
https://attack.mitre.org/versions/v14/techniques/T1546/
-
https://attack.mitre.org/versions/v14/techniques/T1552/005/
-
https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology
-
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
-
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
-
https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac
-
https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF
-
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
-
https://github.com/cisagov/LME
-
https://www.security.gov.uk/guidance/secure-by-design/principles/
-
https://www.cyber.gov.au/resources-business-and-government/governance-and-user-education/secure-by-design
-
https://www.cisa.gov/securebydesign
-
https://www.cisa.gov/sites/default/files/2023-10/Shifting-the-Balance-of-Cybersecurity-Risk-Principles-and-Approaches-for-Secure-by-Design-Software.pdf
-
https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf
-
https://www.cisa.gov/resources-tools/resources/federal-government-cybersecurity-incident-and-vulnerability-response-playbooks
-
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-245a
-
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
-
https://www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software
-
https://www.cyber.gov.au/
-
https://www.cisa.gov/news-events/alerts/2021/01/07/supply-chain-compromise
-
https://www.cisa.gov/news-events/analysis-reports/ar21-134a
-
https://labs.withsecure.com/publications/scheduled-task-tampering
-
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
-
https://www.cisa.gov/zero-trust-maturity-model
-
https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model#evolution-from-the-legacy-ad-tier-model
-
https://www.cisa.gov/cross-sector-cybersecurity-performance-goals
-
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
-
https://blueprint.asd.gov.au/
-
https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project#:%7E:text=Microsoft%20365%20%26%20Google%20Workspace%20Baselines
-
https://github.com/usnistgov/macos_security
-
https://www.cisecurity.org/benchmark/red_hat_linux
-
https://www.cisecurity.org/cis-benchmarks
-
https://learn.microsoft.com/en-us/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
-
https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-devices
-
https://www.microsoft.com/en-us/security/blog/2022/12/12/iis-modules-the-evolution-of-web-shells-and-how-to-detect-them/
-
https://csrc.nist.gov/pubs/sp/800/92/r1/ipd
-
https://www.ncsc.gov.uk/collection/device-security-guidance/platform-guides/macos
-
https://www.cisa.gov/sites/default/files/2023-10/SecureByDesign_1025_508c.pdf
-
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
-
https://www.loldrivers.io/
-
https://www.loobins.io/
-
https://gtfobins.github.io/
-
https://lolbas-project.github.io/
-
https://attack.mitre.org/versions/v14/techniques/T1021/004/
-
https://attack.mitre.org/versions/v14/techniques/T1071/
-
https://attack.mitre.org/versions/v14/techniques/T1090/
-
https://attack.mitre.org/versions/v14/techniques/T1567/
-
https://attack.mitre.org/versions/v14/techniques/T1105/
-
https://attack.mitre.org/techniques/T1562/004/
-
https://attack.mitre.org/techniques/T1562/001/
-
https://attack.mitre.org/versions/v14/techniques/T1021/006/
-
https://attack.mitre.org/versions/v14/techniques/T1021/005/
-
https://attack.mitre.org/versions/v14/techniques/T1021/001/
-
https://attack.mitre.org/versions/v14/techniques/T1082/
-
https://attack.mitre.org/versions/v14/techniques/T1033/
-
https://attack.mitre.org/versions/v14/techniques/T1083/
-
https://attack.mitre.org/versions/v14/techniques/T1003/008/
-
https://www.ncsc.gov.uk/section/about-this-website/contact-us
-
https://www.cisa.gov/tlp
-
http://gtfobins.github.io
-
http://loobins.io
-
http://loldrivers.io
-
http://cisa.gov
-
http://nsa.gov
-
http://hq.doe.gov
-
http://epa.gov
-
http://cyber.gov.au
-
http://cyber.gc.ca
-
http://ncsc.govt.nz
-
http://ncsc.gov.uk/report-an-incident
-
http://Zsh.org
-
http://Vim.org
-
http://Die.net
-
https://www.cisa.gov/tlp.
- Show all
-