Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 6
Tags
| attack-pattern: | Data Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 14c3969e-2869-430e-8253-a951fe27bd1e |
| Fingerprint | dc150559a02e8b24 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 23, 2017, 7:49 p.m. |
| Added to db | Jan. 18, 2023, 9:28 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Cyber Wardog Lab |
| Title | Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 6 |
| Detected Hints/Tags/Attributes | 36/1/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 478 | lsass.exe |
|
| Details | File | 29 | c:\windows\system32\lsass.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 25 | sysmon.exe |
|
| Details | File | 1 | your_custom_config.xml |
|
| Details | File | 1 | startlogging.xml |
|
| Details | File | 1 | install-winlogbeat-service.ps1 |
|
| Details | File | 5 | install-service-winlogbeat.ps1 |
|
| Details | File | 11 | pscp.exe |
|
| Details | File | 2 | logstash-forwarder.crt |
|
| Details | File | 13 | output.log |
|
| Details | File | 32 | ssl.cer |
|
| Details | File | 4 | winlogbeat.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 3 | event_data.obj |
|
| Details | File | 5 | c:\\windows\\system32\\lsass.exe |