Who Contains the Containers?
Tags
attack-pattern: Data Direct Exploits - T1587.004 Exploits - T1588.005 Hardware - T1592.001 Impersonation - T1656 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Hypervisor - T1062 New Service - T1050 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 0fb7ae20-2828-403c-bfc8-fb188f7088da
Fingerprint 378a99573b2773c5
Analysis status DONE
Considered CTI value 2
Text language
Published April 1, 2021, 9:06 a.m.
Added to db Jan. 18, 2023, 9:45 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Project Zero
Title Who Contains the Containers?
Detected Hints/Tags/Attributes 64/1/19
Source URLs
Redirection Url
Details Source https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html
URL Provider
Details Provider Source level domain
Details blogspot.com googleprojectzero.blogspot.com
Attributes
Details Type #Events CTI Value
Details CVE 2 
cve-2021-24096
Details CVE 1 
cve-2021-26891
Details CVE 1 
cve-2021-26865
Details CVE 1 
cve-2021-26864
Details Domain 7 
mcr.microsoft.com
Details File 1 
ntobjectmanager.psd
Details File 306 
services.exe
Details File 17 
hello.txt
Details File 5 
demo.exe
Details Windows Registry Key 4 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\SOFTWARE\Clients
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\DefaultUserEnvironment
Details Windows Registry Key 25 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\ODBC
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH
Details Windows Registry Key 3 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\Setup
Details Windows Registry Key 3 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node