SANS ICS Cyber Security Challenge Write-Up-Part 4
Tags
| attack-pattern: | Control Panel - T1218.002 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Rootkit - T1014 Denial Of Service Rootkit |
Common Information
| Type | Value |
|---|---|
| UUID | 77487f7a-9e54-4d47-93b9-77fc6dc2c64b |
| Fingerprint | ef6a99350c768602 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Jan. 10, 2016, 11:44 a.m. |
| Added to db | Jan. 18, 2023, 8:04 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Adventures In Cyber Challenges |
| Title | SANS ICS Cyber Security Challenge Write-Up-Part 4 |
| Detected Hints/Tags/Attributes | 67/1/45 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 89 | vol.py |
|
| Details | Domain | 1 | bladabindi.bh |
|
| Details | Domain | 48 | baidu.com |
|
| Details | Domain | 46 | www.baidu.com |
|
| Details | Domain | 425 | isc.sans.edu |
|
| Details | File | 1 | bddd4e2b84fa2ad61eb065e7797270ff.exe |
|
| Details | File | 16 | runtime.exe |
|
| Details | File | 1 | c:\users\robert lee\appdata\local\microsoft\windows\usrclass.dat |
|
| Details | File | 3 | wdf01000.sys |
|
| Details | File | 85 | vol.py |
|
| Details | File | 30 | tcpip.sys |
|
| Details | File | 37 | dnsapi.dll |
|
| Details | File | 41 | rpcrt4.dll |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 1 | uninstallinfo.txt |
|
| Details | File | 2 | www.txt |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 4 | netscan.txt |
|
| Details | File | 1 | consoles.txt |
|
| Details | File | 1 | memoryzeauditscript.xml |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | privs.txt |
|
| Details | File | 3 | c:\windows\serviceprofiles\networkservice\ntuser.dat |
|
| Details | File | 3 | c:\windows\serviceprofiles\localservice\ntuser.dat |
|
| Details | File | 1 | %programfiles%\windows sidebar\sidebar.exe |
|
| Details | File | 1 | c:\windows\system32\mctadmin.exe |
|
| Details | File | 8 | c:\windows\system32\mswsock.dll |
|
| Details | File | 4 | c:\windows\system32\winrnr.dll |
|
| Details | File | 8 | rasadhlp.dll |
|
| Details | File | 4 | hnetcfg.dll |
|
| Details | File | 4 | c:\windows\system32\wshtcpip.dll |
|
| Details | md5 | 1 | bddd4e2b84fa2ad61eb065e7797270ff |
|
| Details | sha256 | 1 | aed8575924b627281fee830a078399ed41550434cae4fd72d763324b871c88ee |
|
| Details | IPv4 | 1 | 172.16.192.200 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | IPv4 | 1 | 1.4.62.0 |
|
| Details | IPv4 | 1 | 172.16.192.214 |
|
| Details | IPv4 | 1 | 172.16.192.164 |
|
| Details | IPv4 | 1 | 172.16.192.14 |
|
| Details | IPv4 | 1 | 172.16.192.64 |
|
| Details | IPv4 | 1 | 172.16.192.114 |
|
| Details | IPv6 | 1 | fe80::6090:beb3:9385:1c79 |
|
| Details | IPv6 | 1 | fe80::6090:beb3:9385:1c79:1900 |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/aed8575924b627281fee830a078399ed41550434cae4fd72d763324b871c88ee/analysis |
|
| Details | Url | 1 | https://isc.sans.edu/forums/diary/suspect |