ioc[.]one - OSINT Cyber Threat Intelligence Database

KQL KC7 — A Scandal in Valdoria Part 1

Tags

attack-pattern:

Powershell - T1059.001 Scheduled Task - T1053.005 Powershell - T1086 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	50b304e7-adf2-4de0-b563-b2c552442a11
Fingerprint	4e07045babe4c8ea
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 11, 2024, 12:27 p.m.
Added to db	Nov. 11, 2024, 2:18 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	KQL KC7 — A Scandal in Valdoria Part 1
Title	KQL KC7 — A Scandal in Valdoria Part 1
Detected Hints/Tags/Attributes	23/1/17

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@Abdalla116/kql-kc7-a-scandal-in-valdoria-part-1-713dc1aeba1e?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		valdoriantimes.news
Details	Domain	1174		gmail.com
Details	Domain	1		promotionrecruit.com
Details	Email	1		ronnie_mclovin@valdoriantimes.news
Details	Email	1		newspaper_jobs@gmail.com
Details	File	2		opedfinal_to_print.docx
Details	File	1		valdorian_times_editorial_offer_letter.docx
Details	File	1		c:\users\sogose\downloads\valdorian_times_editorial_offer_letter.docx
Details	File	1		hacktivist_manifesto.ps1
Details	File	249		schtasks.exe
Details	File	1208		powershell.exe
Details	File	1		c:\programdata\hacktivist_manifesto.ps1
Details	sha256	1		60b854332e393a6a2f0015383969c3ac705126a6b7829b762057a3994967a61f
Details	IPv4	1		10.10.0.3
Details	IPv4	1		136.130.190.181
Details	Url	1		https://promotionrecruit.com/published/valdorian_times_editorial_offer_letter.docx
Details	Url	1		https://promotionrecruit.com