ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of Malicious Security Support Provider DLLs - PDF Free Download

Tags

country:	Germany New Zealand
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Authentication Package - T1547.002 Control Panel - T1218.002 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Hardware - T1592.001 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Ntds - T1003.003 Powershell - T1059.001 Security Support Provider - T1547.005 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Software - T1592.002 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Authentication Package - T1131 Connection Proxy - T1090 Powershell - T1086 Rootkit - T1014 Security Support Provider - T1101 Rootkit

Show in Graph

Common Information

Type	Value
UUID	386cad07-6a93-4ca5-a70a-104b4eb2ee79
Fingerprint	861cc8565456e317
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 1, 2016, midnight
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	Analysis of Malicious Security Support Provider DLLs
Title	Analysis of Malicious Security Support Provider DLLs - PDF Free Download
Detected Hints/Tags/Attributes	137/3/53

Source URLs

	Redirection	Url
Details	Source	http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html

URL Provider

Details	Provider	Source level domain
Details	docplayer.net	docplayer.net

Attributes

Details	Type	#Events	Value
Details	Domain	2	blog.digital-forensics.it
Details	Domain	2	passing-the-hash.blogspot.com
Details	Domain	2	nsa.co.at
Details	Domain	1	dansolutions.com
Details	Domain	30	adsecurity.org
Details	Domain	1	www.adsecurity.org
Details	Domain	2	psu.edu
Details	Domain	2	matousec.com
Details	Domain	1	esri.com
Details	Domain	3	ernw.de
Details	Domain	37	gov.uk
Details	Domain	1	tribridge.com
Details	Domain	1	averagesecurityguy.info
Details	Domain	4127	github.com
Details	Domain	1	ecora.com
Details	Domain	1	www.ddls.com.au
Details	Domain	34	www.paloaltonetworks.com
Details	Domain	1	chattsec.org
Details	Email	2	mmg@nsa.co.at
Details	Email	1	drb45@psu.edu
Details	Email	1	dlaw@esri.com
Details	Email	1	fkuhn@ernw.de
Details	Email	1	msarhan@esri.com
Details	Email	1	chris.cognetta@tribridge.com
Details	Email	1	bbartlett@ecora.com
Details	Email	1	stephen@averagesecurityguy.info
Details	File	478	lsass.exe
Details	File	39	secur32.dll
Details	File	11	msv1_0.dll
Details	File	13	kerberos.dll
Details	File	1	negoexts.dll
Details	File	1	wsauth.dll
Details	File	1	ctxauth.dll
Details	File	7	schannel.dll
Details	File	1	tspkg.dll
Details	File	1	msoidssp.dll
Details	File	2	pku2u.dll
Details	File	1	phonefactorlsa.dll
Details	File	15	mimilib.dll
Details	File	1	%windir%\system32\kiwissp.log
Details	File	1	averagesecurityguy.inf
Details	Github username	1	averagesecurityguy
Details	Url	1	http://passing-the-hash.blogspot.com
Details	Url	2	http://nsa.co.at
Details	Url	1	http://dansolutions.com
Details	Url	1	http://www.adsecurity.org
Details	Windows Registry Key	4	HKLM\SYSTEM\CurrentControlSet\Control
Details	Windows Registry Key	8	HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	4	HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\S
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Sec
Details	Windows Registry Key	1	HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSC