Why Is Python so Popular to Infect Windows Hosts? - SANS Internet Storm Center
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Powershell - T1086 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 032bad10-24f6-4574-a91a-178318f39862 |
| Fingerprint | 10144445f1a47456 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 27, 2024, midnight |
| Added to db | Aug. 31, 2024, 5:56 a.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Internet Storm Center |
| Title | Why Is Python so Popular to Infect Windows Hosts? - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 37/1/33 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/diary/rss/31208 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 142 | ✔ | SANS Internet Storm Center, InfoCON: green | https://isc.sans.edu/rssfeed_full.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 3 | python.zip |
|
| Details | Domain | 19 | document.zip |
|
| Details | Domain | 2 | stub.py |
|
| Details | Domain | 46 | datetime.now |
|
| Details | Domain | 123 | ipinfo.io |
|
| Details | Domain | 145 | api.telegram.org |
|
| Details | Domain | 98 | requests.post |
|
| Details | Domain | 43 | file.read |
|
| Details | Domain | 170 | www.sans.org |
|
| Details | Domain | 74 | blog.didierstevens.com |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 2 | python.zip |
|
| Details | File | 2 | c:\\users\\public\\document.zip |
|
| Details | File | 1 | c:\\users\\public\\stub.py |
|
| Details | File | 7 | platform.pl |
|
| Details | File | 8 | '.zip |
|
| Details | File | 1 | c:\users\public\number.txt |
|
| Details | File | 1 | c:\users\public\document\python.exe |
|
| Details | File | 1 | c:\users\public\stub.py |
|
| Details | File | 1 | c:\\users\\public\\windows.bat |
|
| Details | File | 7 | windows.bat |
|
| Details | sha256 | 1 | e721ae2bfd0f3bc4da3b60090aa734cd31878134ed3fdfa49abc4b26b825da47 |
|
| Details | Url | 1 | https://github.com/h4x0rpeter/cookiestealer/raw/main/python.zip |
|
| Details | Url | 1 | https://ipinfo.io").text>>c:\\users\\public\\stub.py |
|
| Details | Url | 33 | https://api.telegram.org/bot |
|
| Details | Url | 1 | https://www.sans.org/webcasts/who-said-that-python-was-unix-best-friend-only |
|
| Details | Url | 2 | https://blog.didierstevens.com/my-software |
|
| Details | Url | 2 | https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal |
|
| Details | Url | 2 | https://isc.sans.edu/diary/from |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/e721ae2bfd0f3bc4da3b60090aa734cd31878134ed3fdfa49abc4b26b825da47/detection |