Getting Started with WMI Weaponization - Part 3
Tags
| attack-pattern: | Model Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 192a3fad-dff2-45b3-8b0d-655a08fc9d9f |
| Fingerprint | 91126818a5959777 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 11, 2017, 7 a.m. |
| Added to db | Jan. 18, 2023, 8:37 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Getting Started with WMI Weaponization – Part 3 |
| Title | Getting Started with WMI Weaponization - Part 3 |
| Detected Hints/Tags/Attributes | 38/1/15 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.netspi.com/getting-started-wmi-weaponization-part-3/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 107 | system.management |
|
| Details | Domain | 198 | youtube.com |
|
| Details | File | 28 | plink.exe |
|
| Details | File | 1 | c:\\windows\\system.ini |
|
| Details | File | 29 | system.ini |
|
| Details | File | 3 | c:\windows\system.ini |
|
| Details | File | 41 | system.obj |
|
| Details | File | 1 | c:\system.ini |
|
| Details | File | 1 | c:\bootnxt readable : true system : true version : writeable : true compressed : false encrypted : false size : hidden : true name : c:\pagefile.sys |
|
| Details | File | 1 | c:\swapfile.sys |
|
| Details | File | 8 | c:\pagefile.sys |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 33 | sethc.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | IPv4 | 18 | 10.1.1.1 |