ioc[.]one - OSINT Cyber Threat Intelligence Database

NOWHERE TO HIDE

Show in Graph

Common Information

Type	Value
UUID	b7e41abd-6a58-4bed-a322-4d4137072b76
Fingerprint	4434ae2f1adab20354c557911ed432bf269507e8e4982c8e28b5ed837f86eabe
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 14, 2020, 8:59 p.m.
Added to db	April 14, 2024, 2:18 a.m.
Last updated	Aug. 31, 2024, 4:49 a.m.
Headline	NOWHERE TO HIDE
Title	NOWHERE TO HIDE
Detected Hints/Tags/Attributes	409/4/66

Source URLs

	Redirection	Url
Details	Source	https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf

URL Provider

Details	Provider	Source level domain
Details	crowdstrike.com	go.crowdstrike.com

Attributes

Details	Type	#Events	Value
Details	CVE	47	cve-2017-0143
Details	Domain	172	www.crowdstrike.com
Details	Domain	360	attack.mitre.org
Details	Domain	3	www.paghera.com
Details	Domain	27	api.github.com
Details	Domain	339	system.net
Details	Domain	4127	github.com
Details	Domain	2	evtx.zip
Details	Domain	3	mirror.yandex.ru
Details	File	1018	rundll32.exe
Details	File	6	desktop.dat
Details	File	2125	cmd.exe
Details	File	323	winword.exe
Details	File	271	chrome.exe
Details	File	1260	explorer.exe
Details	File	50	userinit.exe
Details	File	212	winlogon.exe
Details	File	89	wininit.exe
Details	File	306	services.exe
Details	File	36	httpd.exe
Details	File	1122	svchost.exe
Details	File	2	c:\programdata\desktop.dat
Details	File	2	inc-main-default-news.asp
Details	File	95	wevtutil.exe
Details	File	61	systeminfo.exe
Details	File	1208	powershell.exe
Details	File	7	ms.exe
Details	File	2	c:\\users\\public\\2.exe
Details	File	131	spoolsv.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	2	evtx.zip
Details	File	85	log.txt
Details	File	18	makecab.exe
Details	File	142	wmiprvse.exe
Details	File	4	events.exe
Details	File	69	comsvcs.dll
Details	File	10	ose.exe
Details	File	2	c2wtshost.exe
Details	File	62	sqlbrowser.exe
Details	File	2	dc.log
Details	File	2	c:\programdata\emc\emc.exe
Details	File	2	6p1.tar
Details	File	2	c3y7310s.css
Details	File	2	install_ssh.pl
Details	File	2	clean_logs.pl
Details	File	5	all.log
Details	File	115	auth.log
Details	File	38	debug.log
Details	File	12	qwinsta.exe
Details	File	10	tscon.exe
Details	File	165	reg.exe
Details	File	74	mstsc.exe
Details	File	13	c:\windows\system32\netsh.exe
Details	File	19	nmap.exe
Details	File	2	rdpscan.exe
Details	File	117	taskmgr.exe
Details	Url	2	https://www.crowdstrike.com/endpoint-security-products/falcon-
Details	Url	2	https://www.crowdstrike.com/resources/reports/2020-crowdstrike-global-threat-report/.
Details	Url	2	https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/.
Details	Url	2	https://www.crowdstrike.com/blog/going-beyond-malware-the-rise-of-living-off-the-land-attacks/.
Details	Url	12	https://attack.mitre.org/.
Details	Url	2	https://attack.mitre.org/resources/updates
Details	Url	2	https://www.paghera.com/include/inc-main-default-news.asp
Details	Url	2	http://mirror.yandex.ru/pub/openbsd/openssh
Details	Url	2	https://raw.github
Details	Windows Registry Key	44	HKLM\SOFTWARE\Policies\Microsoft\Windows