Caching Out: The Value of Shimcache for Investigators | Mandiant
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID 0c63306f-6816-49dc-9255-39b45bc4ebdf
Fingerprint b386d813b5660f85
Analysis status DONE
Considered CTI value 0
Text language
Published June 17, 2015, midnight
Added to db Aug. 12, 2023, 3:55 a.m.
Last updated Nov. 18, 2024, 5:33 a.m.
Headline Caching Out: The Value of Shimcache for Investigators
Title Caching Out: The Value of Shimcache for Investigators | Mandiant
Detected Hints/Tags/Attributes 27/1/25
Source URLs
Redirection Url
Details Source https://www.mandiant.com/resources/blog/caching-out-the-val
URL Provider
Details Provider Source level domain
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 285 
microsoft.net
Details File 11 
foo.txt
Details File 3 
bar.exe
Details File 1 
c:\program files\microsoft office\office14\excel.exe
Details File 1 
c:\windows\syswow64\ehstorshell.dll
Details File 1 
tortoiseoverlays.dll
Details File 1 
c:\setup64.exe
Details File 2 
c:\windows\system32\net1.exe
Details File 18 
c:\windows\system32\net.exe
Details File 18 
logonui.exe
Details File 36 
malware.exe
Details File 31 
psexesvc.exe
Details File 1 
c:\program files\mcafee\virusscan enterprise\mfeann.exe
Details File 41 
mscorsvw.exe
Details File 1 
c:\program files\veritas\netbackup\bin\bpclntcmd.exe
Details File 1 
c:\winnt\system32\malware.exe
Details File 1 
c:\winnt\psexesvc.exe
Details File 5 
23.exe
Details File 1 
c:\windows\softwaredistribution\download\2e82ac0c6b3ff801d344ecc65c0ecbe9\update\update.exe
Details File 10 
ngen.exe
Details File 1 
regtlibv12.exe
Details File 1 
databasemail90.exe
Details File 1 
netfxupdate.exe
Details File 1 
setregni.exe
Details md5 1 
2e82ac0c6b3ff801d344ecc65c0ecbe9