逆转、揭露、恢复:Windows Defender 隔离取证
Tags
attack-pattern: Data Python - T1059.006
Common Information
Type Value
UUID 8555687b-2f96-464e-9adb-26496bf99030
Fingerprint 9493bb3595de744e
Analysis status DONE
Considered CTI value 0
Text language
Published June 20, 2024, midnight
Added to db Sept. 10, 2024, 4:53 p.m.
Last updated Dec. 18, 2024, 8:04 p.m.
Headline 逆转、揭露、恢复:Windows Defender 隔离取证
Title 逆转、揭露、恢复:Windows Defender 隔离取证
Detected Hints/Tags/Attributes 13/1/12
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 483 CN-SEC 中文网 https://cn-sec.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 6
fh.read
Details Domain 1
fh.seek
Details Domain 3
dissect.target.target
Details Domain 5
dissect.target
Details File 13
mpengine.dll
Details File 3
dissect.cs
Details File 1
mimikatz_resourcedata_rc4_decrypted.bin
Details File 1
tz_trunk.zip
Details File 5
dissect.tar
Details File 5
get.tar
Details sha1 1
9ec21bb792e253dbdc2e88b6b180c4e048847ef6
Details IPv6 3
e::add