围绕PowerShell事件日志记录的攻防博弈
Tags
attack-pattern: | Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 15d4b01e-0818-4266-a1d1-5fbce62e6dfc |
Fingerprint | ce57a7e6d3315961 |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | Dec. 1, 2018, midnight |
Added to db | Dec. 19, 2024, 2:58 p.m. |
Last updated | Dec. 21, 2024, 3:06 a.m. |
Headline | 围绕PowerShell事件日志记录的攻防博弈 |
Title | 围绕PowerShell事件日志记录的攻防博弈 |
Detected Hints/Tags/Attributes | 8/1/9 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/6797 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 8 | cve-2018-8415 |
|
Details | Domain | 2 | code.to |
|
Details | Domain | 14 | blogs.msdn.microsoft.com |
|
Details | Domain | 6752 | 163.com |
|
Details | Github username | 4 | powershell |
|
Details | Url | 2 | https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team |
|
Details | Url | 1 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8415[3].https://github.com/powershell/powershell/pull/8253[4].https://twitter.com/dissectmalware/status/1016462916059631616 |
|
Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging |
|
Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging |