ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK
Common Information
| Type | Value |
|---|---|
| UUID | ea98d526-446e-42b9-a73c-d2fb49e8ff84 |
| Fingerprint | c8b96344b14cf89cdbc042e3ca765b1698e53f3c667224c09229b184593d17a3 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 10, 2022, 7:08 p.m. |
| Added to db | March 10, 2024, 3:33 a.m. |
| Last updated | Aug. 31, 2024, 8:04 a.m. |
| Headline | ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK |
| Title | ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK |
| Detected Hints/Tags/Attributes | 94/2/55 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 26 | mitre.org |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | File | 41 | system.obj |
|
| Details | File | 1 | addrbook.cs |
|
| Details | File | 1 | addrbook.js |
|
| Details | File | 1 | c:\\windows\\temp\\ts_msol1.tmp |
|
| Details | File | 1 | app_web_ic8e5fk4.dll |
|
| Details | File | 1 | app_web_06y3iviz.dll |
|
| Details | File | 1 | app_web_hp8vzzb4.dll |
|
| Details | File | 1 | app_web_sbp8l0mc.dll |
|
| Details | File | 1 | app_web_67vhaqff.dll |
|
| Details | File | 1 | app_web_xw4crb70.dll |
|
| Details | File | 1 | app_web_3oqt6248.dll |
|
| Details | File | 1 | app_web_f46v5okg.dll |
|
| Details | File | 1 | app_web_6nj14khm.dll |
|
| Details | File | 1 | app_web_cfzlqtlr.dll |
|
| Details | File | 1 | app_web_s8x7grb2.dll |
|
| Details | File | 1 | app_web_ugrfvudi.dll |
|
| Details | File | 1 | app_web_zm5ivgum.dll |
|
| Details | File | 1 | app_web_8mytedc8.dll |
|
| Details | File | 1 | app_web_paeld9n9.dll |
|
| Details | File | 1 | app_web_nitm6axl.dll |
|
| Details | File | 1 | app_web_ai57zs2m.dll |
|
| Details | File | 1 | app_web_ybra1dr2.dll |
|
| Details | Github username | 18 | ghostpack |
|
| Details | Github username | 5 | gchq |
|
| Details | Github username | 4 | dnspy |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | IPv4 | 109 | 1.0.0.0 |
|
| Details | IPv4 | 9 | 1.3.3.7 |
|
| Details | MITRE ATT&CK Techniques | 67 | T1505 |
|
| Details | MITRE ATT&CK Techniques | 91 | T1620 |
|
| Details | Url | 1 | https://attack.mitre.org/techniques/t1505/003 |
|
| Details | Url | 5 | https://attack.mitre.org/techniques |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/dotnet/framework/app- |
|
| Details | Url | 3 | https://github.com/ghostpack/rubeus |
|
| Details | Url | 3 | https://github.com/gchq/cyberchef |
|
| Details | Url | 3 | https://github.com/dnspy/dnspy |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/dotnet/api/system.object.equals |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/dotnet/api/system. |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/dotnet/api/system.web.httpapplication#remarks |
|
| Details | Url | 10 | https://www.crowdstrike.com |
|
| Details | Url | 8 | https://www.crowdstrike.com/free-trial-guide |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\JD |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Skew1 |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\GBG |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Data |
|
| Details | Windows Registry Key | 3 | HKLM\SAM\SAM\Domains\Account\F |
|
| Details | Windows Registry Key | 2 | HKLM\SAM\SAM\Domains\Account\Users |
|
| Details | Windows Registry Key | 1 | HKLM\SECURITY\Cache |
|
| Details | Windows Registry Key | 1 | HKLM\SECURITY\Policy\PolEKList\default |
|
| Details | Windows Registry Key | 1 | HKLM\SECURITY\Policy\Secrets |