Azure Run Command for Dummies | Mandiant
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
country: Russia
attack-pattern: Data Command And Scripting Interpreter - T1623 Powershell - T1059.001 Command-Line Interface - T1059 External Remote Services - T1133 Hypervisor - T1062 Powershell - T1086 Valid Accounts - T1078 External Remote Services Valid Accounts
Show in Graph
Common Information
Type Value
UUID 5b33c011-0b7b-41b0-b59d-abbc6c88fc56
Fingerprint bc138e992795e7c0
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 14, 2021, midnight
Added to db Oct. 22, 2023, 11:20 p.m.
Last updated Nov. 18, 2024, 8:27 a.m.
Headline Azure Run Command for Dummies
Title Azure Run Command for Dummies | Mandiant
Detected Hints/Tags/Attributes 62/3/12
Source URLs
Redirection Url
Details Source https://www.mandiant.com/resources/blog/azure-run-command-dummies
Details Source https://www.mandiant.com/resources/azure-run-command-dummies
URL Provider
Details Provider Source level domain
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 27 
script.sh
Details Domain 21 
contoso.com
Details Email 1 
user@contoso.com
Details File 1 
handler.log
Details File 3 
windowsazureguestagent.exe
Details File 62 
whoami.exe
Details File 21 
script.ps1
Details File 59 
ntdsutil.exe
Details IPv4 1442 
127.0.0.1
Details MITRE ATT&CK Techniques 191 
T1133
Details MITRE ATT&CK Techniques 306 
T1078
Details MITRE ATT&CK Techniques 695 
T1059