ioc[.]one - OSINT Cyber Threat Intelligence Database

HackTheBox Sherlock Writeup: APTNightmare

Tags

maec-delivery-vectors:

Watering Hole

attack-pattern:

Data Additional Cloud Credentials - T1098.001 Compromise Software Supply Chain - T1195.002 Credentials - T1589.001 Cron - T1053.003 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Hidden Window - T1564.003 Ip Addresses - T1590.005 Malicious File - T1204.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Hidden Window - T1143 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	86ff5b7e-11aa-4ffe-bdd5-f3d3c83ffb06
Fingerprint	bde91d416d261785
Analysis status	DONE
Considered CTI value	-2
Text language
Published	Sept. 6, 2024, 4:26 p.m.
Added to db	Sept. 6, 2024, 7:21 p.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	HackTheBox Sherlock Writeup: APTNightmare
Title	HackTheBox Sherlock Writeup: APTNightmare
Detected Hints/Tags/Attributes	82/2/35

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@braydenprockish/hackthebox-sherlock-writeup-aptnightmare-efecc3f33b28?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	44		cve-2016-5195
Details	CVE	60		cve-2021-4034
Details	Domain	9		192.168.xxx.xxx
Details	Domain	1		cs-corp.cd
Details	Domain	6		dev.example.com
Details	Domain	1		sysmon.cs-corp.cd
Details	Domain	831		example.com
Details	Domain	2		pwnkit.sh
Details	Domain	5490		nist.gov
Details	Domain	641		nvd.nist.gov
Details	Domain	360		attack.mitre.org
Details	Domain	20		1768.py
Details	Email	17		user@example.com
Details	Email	1		admin@cs-corp.cd
Details	File	1		sysmon.cs
Details	File	1205		index.php
Details	File	15		dashboard.php
Details	File	39		www.log
Details	File	1		cs-windows.exe
Details	File	1		policy.docm
Details	File	364		console.log
Details	File	1		c:\users\ceo-us\downloads\policy.docm
Details	File	1208		powershell.exe
Details	File	10		download.exe
Details	File	17		1768.py
Details	File	26		windowsupdate.exe
Details	IPv4	27		192.168.1.3
Details	IPv4	27		192.168.1.5
Details	MITRE ATT&CK Techniques	15		T1098.001
Details	MITRE ATT&CK Techniques	44		T1053.003
Details	MITRE ATT&CK Techniques	36		T1195.002
Details	Url	1		https://www.logpoint.com/en/blog/detecting-pwnkit-local-privilege-escalation-vulnerability
Details	Url	1		https://nvd.nist.gov/vuln/detail/cve-2021-4034
Details	Url	57		https://attack.mitre.org
Details	Url	1		http://192.168.1.5:806/a