Squiblydoo Attack Analysis, Detection, and Mitigation - SOC Prime
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Javascript - T1059.007 Powershell - T1059.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Powershell - T1086 Regsvr32 - T1117 Signed Binary Proxy Execution - T1218
Show in Graph
Common Information
Type Value
UUID 51bb4f2a-e2db-400a-9f5a-071129498d71
Fingerprint 75a509149137bf05
Analysis status DONE
Considered CTI value 0
Text language
Published June 26, 2023, 4:17 p.m.
Added to db June 26, 2023, 6:28 p.m.
Last updated Nov. 18, 2024, 9:32 a.m.
Headline Squiblydoo Attack Analysis, Detection, and Mitigation
Title Squiblydoo Attack Analysis, Detection, and Mitigation - SOC Prime
Detected Hints/Tags/Attributes 52/1/5
Source URLs
Redirection Url
Details Source https://socprime.com/blog/squiblydoo-attack-analysis-detection-and-mitigation/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 460 
regsvr32.exe
Details File 7 
regsvr32.dll
Details File 10 
certreq.exe
Details File 62 
scrobj.dll
Details File 2128 
cmd.exe