逆转、揭露、恢复:Windows Defender 隔离取证
Tags
attack-pattern: | Data Python - T1059.006 |
Common Information
Type | Value |
---|---|
UUID | 8555687b-2f96-464e-9adb-26496bf99030 |
Fingerprint | 9493bb3595de744e |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | June 20, 2024, midnight |
Added to db | Sept. 10, 2024, 4:53 p.m. |
Last updated | Dec. 18, 2024, 8:04 p.m. |
Headline | 逆转、揭露、恢复:Windows Defender 隔离取证 |
Title | 逆转、揭露、恢复:Windows Defender 隔离取证 |
Detected Hints/Tags/Attributes | 13/1/12 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://cn-sec.com/archives/3150819.html |
Details | Redirection | https://cn-sec.com/?p=3150819 |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 483 | ✔ | CN-SEC 中文网 | https://cn-sec.com/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 6 | fh.read |
|
Details | Domain | 1 | fh.seek |
|
Details | Domain | 3 | dissect.target.target |
|
Details | Domain | 5 | dissect.target |
|
Details | File | 13 | mpengine.dll |
|
Details | File | 3 | dissect.cs |
|
Details | File | 1 | mimikatz_resourcedata_rc4_decrypted.bin |
|
Details | File | 1 | tz_trunk.zip |
|
Details | File | 5 | dissect.tar |
|
Details | File | 5 | get.tar |
|
Details | sha1 | 1 | 9ec21bb792e253dbdc2e88b6b180c4e048847ef6 |
|
Details | IPv6 | 3 | e::add |