ioc[.]one - OSINT Cyber Threat Intelligence Database

DFPS_FOR508_v4.10_02-23.indd

Show in Graph

Common Information

Type	Value
UUID	4b6fc69f-27d9-49a2-b828-0bd5f6732608
Fingerprint	7fb26bcfd5dfb5972161d7780daf5e47cf70ce85dbd7c74d1ab7a2f2b758bc22
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 31, 2023, 8:51 a.m.
Added to db	March 21, 2024, 12:41 p.m.
Last updated	Aug. 31, 2024, 6:07 a.m.
Headline	DFPS_FOR508_v4.10_02-23.indd
Title	DFPS_FOR508_v4.10_02-23.indd
Detected Hints/Tags/Attributes	76/1/80

Source URLs

	Redirection	Url
Details	Source	https://sansorg.egnyte.com/dd/oQm41D67D6/

URL Provider

Details	Provider	Source level domain
Details	egnyte.com	sansorg.egnyte.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	dfir.sans.org
Details	Domain	3	www.forensicswiki.org
Details	Domain	89	vol.py
Details	Domain	21	sans.org
Details	Domain	2	for508.com
Details	File	119	smss.exe
Details	File	165	csrss.exe
Details	File	89	wininit.exe
Details	File	306	services.exe
Details	File	1122	svchost.exe
Details	File	4	shellexperiencehost.exe
Details	File	7	searchui.exe
Details	File	46	runtimebroker.exe
Details	File	142	wmiprvse.exe
Details	File	32	sihost.exe
Details	File	26	taskhostw.exe
Details	File	63	ctfmon.exe
Details	File	16	audiodg.exe
Details	File	131	spoolsv.exe
Details	File	19	securityhealthservice.exe
Details	File	198	msmpeng.exe
Details	File	87	nissrv.exe
Details	File	27	searchindexer.exe
Details	File	11	lsaiso.exe
Details	File	478	lsass.exe
Details	File	13	fontdrvhost.exe
Details	File	212	winlogon.exe
Details	File	55	dwm.exe
Details	File	1260	explorer.exe
Details	File	14	msascuil.exe
Details	File	49	onedrive.exe
Details	File	1208	powershell.exe
Details	File	137	conhost.exe
Details	File	46	system.exe
Details	File	125	ntoskrnl.exe
Details	File	3	%systemroot%\system32\smss.exe
Details	File	3	%systemroot%\system32\wininit.exe
Details	File	31	lsm.exe
Details	File	1	lsm.dll
Details	File	2	%systemroot%\system32\runtimebroker.exe
Details	File	15	calculator.exe
Details	File	2	%systemroot%\system32\taskhostw.exe
Details	File	5	%systemroot%\system32\winlogon.exe
Details	File	18	logonui.exe
Details	File	193	ntuser.dat
Details	File	50	userinit.exe
Details	File	2	%systemroot%\system32\csrss.exe
Details	File	4	%systemroot%\system32\services.exe
Details	File	32	%systemroot%\system32\svchost.exe
Details	File	2	%systemroot%\system32\lsaiso.exe
Details	File	10	%systemroot%\system32\lsass.exe
Details	File	11	%systemroot%\explorer.exe
Details	File	2125	cmd.exe
Details	File	1	10_02-23.indd
Details	File	28	usrclass.dat
Details	File	256	net.exe
Details	File	48	net1.exe
Details	File	74	mstsc.exe
Details	File	30	rdpclip.exe
Details	File	4	tstheme.exe
Details	File	30	at.exe
Details	File	249	schtasks.exe
Details	File	24	evil.exe
Details	File	1	c:\temp\evil.exe
Details	File	118	sc.exe
Details	File	7	evil.dll
Details	File	16	consolehost_history.txt
Details	File	25	wsmprovhost.exe
Details	File	240	wmic.exe
Details	File	23	scrcons.exe
Details	File	11	mofcomp.exe
Details	File	122	psexec.exe
Details	File	31	psexesvc.exe
Details	File	85	vol.py
Details	Url	1	http://sans.org/for508
Details	Url	1	http://for508.com/attck-lm
Details	Url	1	http://for508.com/jpcert-lm
Details	Windows Registry Key	1	HKLM\SYSTEM\Select\LastKnownGood
Details	Windows Registry Key	8	HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Details	Windows Registry Key	14	HKLM\SOFTWARE