Case Study: Incident Response is a relationship-driven business
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
attack-pattern: Models Command And Scripting Interpreter - T1623 Domain Account - T1087.002 Domain Account - T1136.002 Domains - T1583.001 Domains - T1584.001 Malicious File - T1204.002 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Account Discovery - T1087 Command-Line Interface - T1059 Powershell - T1086 Remote System Discovery - T1018 Rundll32 - T1085 User Execution - T1204 Remote System Discovery User Execution
Show in Graph
Common Information
Type Value
UUID 7df176ca-79e9-4d9b-980e-11f128fce4d8
Fingerprint a102b5d74936c78f
Analysis status DONE
Considered CTI value 2
Text language
Published May 17, 2021, 8 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Vulnerability Information
Title Case Study: Incident Response is a relationship-driven business
Detected Hints/Tags/Attributes 58/2/14
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2021/05/ctir-case-study.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 66 
redacted.com
Details File 2127 
cmd.exe
Details File 1209 
powershell.exe
Details File 1 
document_1223672987_11142020.zip
Details File 1 
55555555555.jpg
Details File 1 
20201120104627_bloodhound.zip
Details File 1 
20201120132133_users.json
Details File 1 
20201120132133_computers.json
Details IPv4 4 
95.174.65.241
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 99 
T1087.002
Details MITRE ATT&CK Techniques 243 
T1018
Details Url 1 
http://redacted.com/bpebqznfbkgl/55555555555.jpg