Putting data in Alternate data streams and how to execute it – part 2
Tags
| attack-pattern: | Data |
Common Information
| Type | Value |
|---|---|
| UUID | 34e59f6d-e590-4747-b1e5-b96b20e36521 |
| Fingerprint | f5281933687513f7 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | April 11, 2018, 2:14 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 2:36 a.m. |
| Headline | Putting data in Alternate data streams and how to execute it – part 2 |
| Title | Putting data in Alternate data streams and how to execute it – part 2 |
| Detected Hints/Tags/Attributes | 15/1/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 12 | oddvar.moe |
|
| Details | Domain | 9 | ss64.com |
|
| Details | Domain | 1 | procexp.cab |
|
| Details | Domain | 221 | gist.github.com |
|
| Details | File | 10 | extrac32.exe |
|
| Details | File | 1 | extract.html |
|
| Details | File | 3 | c:\ads\file.txt |
|
| Details | File | 1 | c:\ads\procexp.exe |
|
| Details | File | 1 | c:\ads\procexp.cab |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 25 | findstr.exe |
|
| Details | File | 1 | findstr.html |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 1 | c:\ads\works.txt |
|
| Details | Github username | 4 | api0cradle |
|
| Details | md5 | 1 | cdd2d0d0ec9abb686f0e89306e277b8f |
|
| Details | Url | 3 | https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it |
|
| Details | Url | 1 | https://ss64.com/nt/extract.html |
|
| Details | Url | 1 | https://ss64.com/nt/findstr.html |
|
| Details | Url | 1 | https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f |