GitHub - sensepost/notruler: The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Tags
| attack-pattern: | Outlook Rules - T1137.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 25dee6cc-f92e-4ef9-93e8-905e9e9da027 |
| Fingerprint | afcde3833975b503 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 11, 2017, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | sensepost/notruler |
| Title | GitHub - sensepost/notruler: The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. |
| Detected Hints/Tags/Attributes | 18/1/20 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://github.com/sensepost/notruler |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | john.ford |
|
| Details | Domain | 2 | testdomain.com |
|
| Details | Domain | 1 | cindy.shell |
|
| Details | Domain | 1 | myhost.somewhere.darkside.com |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | attack.attackpew.com |
|
| Details | Domain | 3 | iocs.md |
|
| Details | Domain | 55 | creativecommons.org |
|
| Details | Domain | 15 | sensepost.com |
|
| Details | 1 | john.ford@testdomain.com |
||
| Details | 1 | henry.hammond@testdomain.com |
||
| Details | 1 | james.smith@testdomain.com |
||
| Details | 1 | cindy.shell@testdomain.com |
||
| Details | File | 1 | morebad.bat |
|
| Details | File | 1 | bad.bat |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 2 | rce.html |
|
| Details | Url | 1 | http://attack.attackpew.com/rce.html |
|
| Details | Url | 2 | http://creativecommons.org/licenses/by-nc-sa/4.0 |
|
| Details | Url | 3 | http://sensepost.com/contact/. |