Handy Elastic Tools for the Enthusiastic Detection Engineer — Elastic Security Labs
Tags
| attack-pattern: | Data Emond - T1546.014 Emond - T1519 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Tool - T1588.002 Connection Proxy - T1090 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 51dd1f62-01ef-4ea7-b553-f5be21345ece |
| Fingerprint | 330d4bd039d59e8d |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 12, 2022, midnight |
| Added to db | Nov. 20, 2023, 12:59 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Handy Elastic Tools for the Enthusiastic Detection Engineer |
| Title | Handy Elastic Tools for the Enthusiastic Detection Engineer — Elastic Security Labs |
| Detected Hints/Tags/Attributes | 50/1/10 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 306 | ✔ | Elastic Security Labs | https://www.elastic.co/security-labs/rss/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 55 | process.name |
|
| Details | Domain | 10 | contributing.md |
|
| Details | Domain | 17 | host.id |
|
| Details | Domain | 2 | cli.md |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | IPv4 | 132 | 10.0.0.0 |
|
| Details | IPv4 | 81 | 172.16.0.0 |
|
| Details | IPv4 | 124 | 192.168.0.0 |
|
| Details | IPv4 | 45 | 127.0.0.0 |