%Temp%orary Constrained Language mode in AppLocker
Tags
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 24ca903d-96c4-4384-a8a1-7bc32f826650 |
| Fingerprint | 9f6c4e122bac22c6 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 6, 2018, 4:34 p.m. |
| Added to db | Jan. 18, 2023, 10:05 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | %Temp%orary Constrained Language mode inĀ AppLocker |
| Title | %Temp%orary Constrained Language mode in AppLocker |
| Detected Hints/Tags/Attributes | 27/1/9 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 1 | programfiles.txt |
|
| Details | File | 1 | programfilesx86.txt |
|
| Details | File | 2 | windows.txt |
|
| Details | Github username | 4 | api0cradle |
|
| Details | Url | 1 | https://posts.specterops.io/bypassing-application-whitelisting-with-runscripthelper-exe-1906923658fc |
|
| Details | Url | 1 | https://github.com/api0cradle/poweral |
|
| Details | Windows Registry Key | 11 | HKCU\Environment |