NOWHERE TO HIDE
Common Information
| Type | Value |
|---|---|
| UUID | f59b232e-f27f-42fc-b36e-60fbc47fbe64 |
| Fingerprint | 084889ad9868bb3abddafbe096d10cebc9f204c5663f4a96795504a2de863ada |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Sept. 14, 2020, 8:58 p.m. |
| Added to db | May 22, 2024, 10:16 a.m. |
| Last updated | Aug. 31, 2024, 8:24 a.m. |
| Headline | NOWHERE TO HIDE |
| Title | NOWHERE TO HIDE |
| Detected Hints/Tags/Attributes | 448/4/112 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 47 | cve-2017-0143 |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 3 | www.paghera.com |
|
| Details | Domain | 27 | api.github.com |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 2 | evtx.zip |
|
| Details | Domain | 3 | mirror.yandex.ru |
|
| Details | Domain | 368 | microsoft.com |
|
| Details | Domain | 4 | nmap.zip |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 6 | desktop.dat |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 50 | userinit.exe |
|
| Details | File | 212 | winlogon.exe |
|
| Details | File | 89 | wininit.exe |
|
| Details | File | 306 | services.exe |
|
| Details | File | 36 | httpd.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 2 | c:\programdata\desktop.dat |
|
| Details | File | 2 | inc-main-default-news.asp |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 61 | systeminfo.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 7 | ms.exe |
|
| Details | File | 2 | c:\\users\\public\\2.exe |
|
| Details | File | 131 | spoolsv.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 2 | evtx.zip |
|
| Details | File | 85 | log.txt |
|
| Details | File | 18 | makecab.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 4 | events.exe |
|
| Details | File | 69 | comsvcs.dll |
|
| Details | File | 10 | ose.exe |
|
| Details | File | 2 | c2wtshost.exe |
|
| Details | File | 62 | sqlbrowser.exe |
|
| Details | File | 2 | dc.log |
|
| Details | File | 2 | c:\programdata\emc\emc.exe |
|
| Details | File | 2 | 6p1.tar |
|
| Details | File | 2 | c3y7310s.css |
|
| Details | File | 2 | install_ssh.pl |
|
| Details | File | 2 | clean_logs.pl |
|
| Details | File | 5 | all.log |
|
| Details | File | 115 | auth.log |
|
| Details | File | 38 | debug.log |
|
| Details | File | 12 | qwinsta.exe |
|
| Details | File | 10 | tscon.exe |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 74 | mstsc.exe |
|
| Details | File | 13 | c:\windows\system32\netsh.exe |
|
| Details | File | 19 | nmap.exe |
|
| Details | File | 2 | rdpscan.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 81 | werfault.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 26 | taskhostw.exe |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 3 | 7zfm.exe |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 47 | winrar.exe |
|
| Details | File | 55 | control.exe |
|
| Details | File | 2 | winzip64.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 46 | runtimebroker.exe |
|
| Details | File | 2 | totalcmd64.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 63 | thunderbird.exe |
|
| Details | File | 18 | c:\windows\syswow64\rundll32.exe |
|
| Details | File | 1 | assert.php |
|
| Details | File | 23 | c:\windows\system32\sc.exe |
|
| Details | File | 13 | c:\windows\svchost.exe |
|
| Details | File | 1 | c:\\users\\public 2.exe |
|
| Details | File | 1 | c:\programdata\events.exe |
|
| Details | File | 1 | c:\programdata\lst.dat |
|
| Details | File | 1 | c:\programdata\events.log |
|
| Details | File | 2 | c:\programdata\adobe\adobe.exe |
|
| Details | File | 127 | c:\windows\system32\rundll32.exe |
|
| Details | File | 27 | c:\windows\system32\comsvcs.dll |
|
| Details | File | 2 | java.log |
|
| Details | File | 1 | adobe.log |
|
| Details | File | 1 | c:\programdata\taskmgr.exe |
|
| Details | File | 4 | 5.gz |
|
| Details | File | 32 | powershell_ise.exe |
|
| Details | File | 1 | nmap.bat |
|
| Details | File | 21 | c:\windows\system32\reg.exe |
|
| Details | File | 2 | c:\windows\system32\netstat.exe |
|
| Details | File | 5 | c:\windows\system32\mstsc.exe |
|
| Details | File | 3 | nmap.zip |
|
| Details | File | 2 | c:\program files\7-zip\7zg.exe |
|
| Details | File | 1 | lsass.7z |
|
| Details | Url | 2 | https://www.crowdstrike.com/endpoint-security-products/falcon- |
|
| Details | Url | 2 | https://www.crowdstrike.com/resources/reports/2020-crowdstrike-global-threat-report/. |
|
| Details | Url | 2 | https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/. |
|
| Details | Url | 2 | https://www.crowdstrike.com/blog/going-beyond-malware-the-rise-of-living-off-the-land-attacks/. |
|
| Details | Url | 12 | https://attack.mitre.org/. |
|
| Details | Url | 2 | https://attack.mitre.org/resources/updates |
|
| Details | Url | 2 | https://www.paghera.com/include/inc-main-default-news.asp |
|
| Details | Url | 2 | http://mirror.yandex.ru/pub/openbsd/openssh |
|
| Details | Url | 2 | https://raw.github |
|
| Details | Url | 1 | https://www.paghera.com/img-head/thumb/lib/[redacted].jpg |
|
| Details | Url | 1 | https://www.paghera.com/include/inc-main-default-news. |
|
| Details | Url | 1 | http://mirror.yandex.ru/pub/openbsd/openssh/portable/openssh- |
|
| Details | Windows Registry Key | 44 | HKLM\SOFTWARE\Policies\Microsoft\Windows |
|
| Details | Windows Registry Key | 5 | HKLM\SOFTWARE\Policies |