Investigating with Splunk — TryHackMe Walkthrough
Tags
| attack-pattern: | Domains - T1583.001 Domains - T1584.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 0fd29dd2-6a04-4d19-9c51-c0abdb8a98ac |
| Fingerprint | 7807969347aec702 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Sept. 20, 2024, 6:30 p.m. |
| Added to db | Sept. 20, 2024, 8:44 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Investigating with Splunk — TryHackMe Walkthrough |
| Title | Investigating with Splunk — TryHackMe Walkthrough |
| Detected Hints/Tags/Attributes | 18/1/7 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 40 | gchq.github.io |
|
| Details | File | 31 | c:\windows\system32\wbem\wmic.exe |
|
| Details | File | 24 | news.php |
|
| Details | IPv4 | 9 | 10.10.10.5 |
|
| Details | Url | 27 | https://gchq.github.io/cyberchef |
|
| Details | Url | 3 | http://10.10.10.5/news.php |
|
| Details | Windows Registry Key | 3 | HKLM\SAM\SAM\Domains\Account\Users\Names\A1berto |