ioc[.]one - OSINT Cyber Threat Intelligence Database

Case: LNK File-WinRM

Tags

attack-pattern:

Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Brute Force - T1110 Powershell - T1086 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	4b799372-8b18-461e-b107-32ab1f33f821
Fingerprint	1f006b994f44a7e7
Analysis status	IN_PROGRESS
Considered CTI value	0
Text language
Published	Sept. 1, 2024, 8:09 p.m.
Added to db	Sept. 1, 2024, 10:34 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Case: LNK File-WinRM
Title	Case: LNK File-WinRM
Detected Hints/Tags/Attributes	59/1/62

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@brsdncr/case-lnk-file-winrm-eb8ed5b03db3?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	1	www.mamachine.org
Details	Domain	43	pypi.org
Details	Domain	4128	github.com
Details	Domain	1	mypayload.zip
Details	Domain	11	smbserver.py
Details	Domain	1	veeam.one
Details	Domain	16	www.veeam.com
Details	Domain	9	www.chiark.greenend.org.uk
Details	Domain	1	informationsecurity.medium.com
Details	Domain	4	the.earth.li
Details	Email	1	aaronwhe@windcorp.thm
Details	Email	1	addisonrus@windcorp.thm
Details	Email	1	aidenboy@windcorp.thm
Details	Email	1	alicepet@windcorp.thm
Details	Email	1	s/@windcorp.thm
Details	File	6	nmap_result.txt
Details	File	75	3-medium.txt
Details	File	2	gobuster_result.txt
Details	File	1	gobuster_assets_result.txt
Details	File	74	main.js
Details	File	4	search.js
Details	File	8	users.xml
Details	File	8	user.xml
Details	File	1	users_setwindcorp.txt
Details	File	1	gobuster_http_result.txt
Details	File	1	appnotes.txt
Details	File	224	rockyou.txt
Details	File	1	top-20-common-ssh-passwords.txt
Details	File	65	info.txt
Details	File	1	rising-trend-attackers-using-lnk-files-download-malware.html
Details	File	21	en.html
Details	File	1	mypayload.zip
Details	File	10	smbserver.py
Details	File	86	service.exe
Details	File	15	powershell.core
Details	File	28	plink.exe
Details	File	1	latest.html
Details	Github username	4	blacklanternsecurity
Details	Github username	9	fortra
Details	IPv4	1	10.10.238.121
Details	IPv4	1	10.10.188.100
Details	IPv4	619	0.0.0.0
Details	IPv4	1	20.114.59.183
Details	IPv4	1441	127.0.0.1
Details	IPv4	4	10.2.37.37
Details	Url	1	https://set.windcorp.thm
Details	Url	1	https://set.windcorp.thm/assets
Details	Url	1	https://set.windcorp.thm/assets/data/users.xml
Details	Url	1	http://set.windcorp.thm
Details	Url	1	https://set.windcorp.thm/appnotes.txt
Details	Url	1	https://www.trendmicro.com/en_us/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html
Details	Url	1	http://www.mamachine.org/mslink/index.en.html
Details	Url	1	https://pypi.org/project/pylnk3
Details	Url	1	https://github.com/blacklanternsecurity/mklnk
Details	Url	1	https://www.mamachine.org/mslink/mslink_v1.3.sh
Details	Url	1	https://github.com/fortra/impacket/tree/master
Details	Url	1	https://www.veeam.com/kb3144
Details	Url	1	https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Details	Url	1	https://informationsecurity.medium.com/remote-ssh-tunneling-with-plink-exe-7831072b3d7d
Details	Url	1	https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe
Details	Url	9	http://0.0.0.0:8000
Details	Url	1	http://10.2.37.37:8000/plink.exe