Behavioral task
behavioral1
Sample
Understanding_a_Payloads_Life.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Understanding_a_Payloads_Life.pdf
Resource
win10v2004-20240412-en
General
-
Target
Understanding_a_Payloads_Life.pdf
-
Size
4.7MB
-
MD5
1481b92ff2af8677db95aca6eca50c9d
-
SHA1
f749e486475da80ca3bc268030712ffc23e9601a
-
SHA256
21271ef39311c668b64d0071c7f20a5e31feae6acbe017c9cb9ad4d0dce56393
-
SHA512
5b4730389c22e414ced67e61b305575ffbe44b172705c9af07ef66e65200cbc641b8acb1a543e8adf62d94b025fa0c53e7398f34df7808aebfdf74440959c1e0
-
SSDEEP
98304:J+Tzy/qGjKVtrrTtA/d1rSE2flr548dnXdpVJTI8GO475BGIWU96:J+TOyGOnrtIIs8t3jTIi47T96
Malware Config
Signatures
Files
-
Understanding_a_Payloads_Life.pdf.pdf
-
http://attl4s.github.io
-
http://www.hick.org/code/skape/papers/meterpreter.pdf
-
https://github.com/rapid7/metasploit-payloads
-
https://github.com/rapid7/metasploit-framework/discussions/14490
-
https://github.com/stephenfewer/ReflectiveDLLInjection
-
http://github.com/rapid7/ReflectiveDLLInjection
-
http://www.cobaltstrike.com/blog/cobalt-strike-4-4-the-one-with-the-reconnect-button/
-
http://bruteratel.com/research/feature-update/2021/06/01/PE-Reflection-Long-Live-The-King/
-
http://www.mdsec.co.uk/2021/12/nighthawk-0-1-new-beginnings/
-
http://github.com/HavocFramework/Havoc/blob/main/WIKI.MD#agents
-
http://www.hick.org/code/skape/papers/remote-library-injection.pdf
-
https://www.exploit-db.com/docs/english/13007-reflective-dll-injection.pdf
-
https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreter
-
https://github.com/rapid7/metasploit-payloads/blob/master/c/meterpreter/source/metsrv/metsrv.c
-
https://github.com/stephenfewer/ReflectiveDLLInjection/blob/master/dll/src/ReflectiveLoader.c
-
https://github.com/hasherezade/pe-bearSee?
-
https://github.com/rapid7/metasploit-framework/issues/16493ReflectiveLoadersince
-
https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-configuration.html
-
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/x64/meterpreter_loader_x64.rb
-
https://github.com/hasherezade/pe-bear
-
https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-configuration.htmlhttps://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-configuration.html
-
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/x64/meterpreter_loader_x64.rbDllMain...
-
https://github.com/rapid7/ReflectiveDLLInjection/blob/master/dll/src/ReflectiveLoader.cIf
-
https://github.com/rapid7/metasploit-payloads/blob/master/c/meterpreter/source/metsrv/metsrv.cMetsrvspecifies
-
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/ms16_075_reflection_juicy.rb
-
https://github.com/HavocFramework/Havoc/blob/master/Teamserver/pkg/common/builder/builder.goDemon
-
https://github.com/HavocFramework/Havoc/blob/master/Teamserver/pkg/common/builder/builder.go
-
http://github.com/HavocFramework/Havoc/blob/master/Teamserver/pkg/common/builder/builder.goCompiles
-
https://github.com/rapid7/metasploit-framework/tree/master/modules/encoders
-
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload_generator.rb
-
http://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/encoder.rbshellcode
-
http://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x64/xor.rbThe
-
http://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/encoder.rbThe
-
https://github.com/EgeBalci/sgn
-
https://www.mdsec.co.uk/2022/05/nighthawk-0-2-catch-us-if-you-can/
-
https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/malleable-c2-extend_main.htm
-
https://github.com/rapid7/metasploit-framework/tree/master/data/templates
-
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/exe.rb
-
https://github.com/rapid7/rex/blob/master/lib/rex/powershell/payload.rb
-
https://github.com/rapid7/rex-powershell/blob/master/data/templates/to_mem_pshreflection.ps1.template
-
http://github.com/rapid7/metasploit-framework/blob/master/data/templates/src/pe/exe/template.c
-
http://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/exe.rb#L5491.Finds
-
https://github.com/rapid7/metasploit-framework/pull/17594https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/exe.rb
-
http://github.com/rapid7/metasploit-framework/tree/master/data/templatesGeneration
-
http://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exe/segment_appender.rbThe
-
http://blog.scrt.ch/2014/06/13/metasploit-psexec-resurrect/x64
-
https://www.blackhillsinfosec.com/advanced-msfvenom-payload-generation/
-
https://github.com/rapid7/rex/blob/master/lib/rex/text.rb
-
https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/artifacts-antivirus_artifact-kit-main.htm
-
https://download.cobaltstrike.com/aggressor-script/functions.html
-
https://hstechdocs.helpsystems.com
-
https://www.shellterproject.com/OST
-
https://outflank.nl/services/outflank-security-tooling/Inceptor
-
https://github.com/klezVirus/inceptorScareCrow-https://github.com/optiv/ScareCrowPEzor-https://github.com/phra/PEzorFreeze
-
https://github.com/optiv/Freeze
-
https://www.rapid7.com/blog/post/2015/03/25/stageless-meterpreter-payloads/
-
https://www.cobaltstrike.com/blog/talk-to-your-children-about-payload-staging/
-
https://github.com/BishopFox/sliver/wiki/Stagers
-
https://www.cobaltstrike.com/blog/staged-payloads-what-pen-testers-should-know/https://www.cobaltstrike.com/blog/talk-to-your-children-about-payload-staging/https://www.cobaltstrike.com/blog/a-loader-for-metasploits-meterpreter/
-
https://github.com/BishopFox/sliver/wiki/Stagershttps://github.com/rsmudge/metasploit-loaderhttps://github.com/tothi/stager_libpeconv
-
https://github.com/DiabloHorn/undetected-meterpreter-stagers
-
https://github.com/rapid7/metasploit-payloads/blob/master/c/meterpreter/source/metsrv/remote_dispatch.cMetsrvExtension2
-
https://github.com/rapid7/Metasploit-framework/tree/master/lib/msf/core/payload/windowsExamples:reverse_http.rbreverse_tcp.rbreverse_win_http.rb
-
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/payload/windows/x64/reverse_tcp_x64.rb
-
https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/the-ins-and-outs-of-http-and-https-communications-in-meterpreter-and-metasploit-stagers.html
-
https://buffered.io/posts/staged-vs-stageless-handlers/
-
http://github.com/stephenfewer/ReflectiveDLLInjectionYou
-
http://www.exploit-db.com/docs/english/13007-reflective-dll-injection.pdf
-
https://mez0.cc/posts/exploring-dll-loads/
-
https://disman.tl/2015/01/30/an-improved-reflective-dll-injection-technique.html
-
https://www.netspi.com/blog/technical/adversary-simulation/srdi-shellcode-reflective-dll-injection/
-
http://github.com/monoxgas/sRDI
-
https://www.cobaltstrike.com/blog/cobalt-strike-4-4-the-one-with-the-reconnect-button/
-
http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html
-
https://phasetw0.com/malware/writing-optimized-windows-shellcode-in-c/
-
https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/malleable-c2-extend_user-defined-rdll.htm
-
http://github.com/benheise/TitanLdr
-
https://github.com/boku7/BokuLoader
-
https://github.com/kyleavery/AceLdr
-
http://github.com/Cracked5pider/KaynStrike
-
https://securityintelligence.com/posts/defining-cobalt-strike-reflective-loader/Great
-
https://github.com/boku7/BokuLoaderhttps://twitter.com/0xBoku
-
https://modexp.wordpress.com/2019/06/24/inmem-exec-dll/
-
https://www.mdsec.co.uk/2022/11/nighthawk-0-2-1-haunting-blue/
-
https://docs.metasploit.com/https://github.com/rapid7/metasploit-frameworkhttps://github.com/rapid7/metasploit-payloadspaper
-
https://buffered.io/Raphael
-
https://www.youtube.com/@DashnineMedia
- Show all
-