ioc[.]one - OSINT Cyber Threat Intelligence Database

DnsAdmins PrivEsc

Tags

attack-pattern:

Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	8bc99b03-41f1-45a4-9b22-d9ed05e6b1c2
Fingerprint	bcb94d1ac58590f3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 27, 2024, 3:46 p.m.
Added to db	Oct. 27, 2024, 5:39 p.m.
Last updated	Nov. 17, 2024, 12:58 p.m.
Headline	DnsAdmins PrivEsc
Title	DnsAdmins PrivEsc
Detected Hints/Tags/Attributes	32/1/9

Source URLs

	Redirection	Url
Details	Redirection	https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Fdnsadmins-privesc-0df5ef7e2f61%3Fsource%3Drss----7b722bfd1b8d---4
Details	Source	https://infosecwriteups.com/dnsadmins-privesc-0df5ef7e2f61?gi=208e459bfc7a&source=rss----7b722bfd1b8d---4
Details	Redirection	https://infosecwriteups.com/dnsadmins-privesc-0df5ef7e2f61?source=rss----7b722bfd1b8d---4

URL Provider

Details	Provider	Source level domain
Details	infosecwriteups.com	infosecwriteups.com
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	136	✔	InfoSec Write-ups - Medium	https://infosecwriteups.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		reverse.dll
Details	File	9		dnscmd.exe
Details	File	1		c:\users\netadm\reverse.dll
Details	File	118		sc.exe
Details	IPv4	1		10.10.16.16
Details	IPv4	619		0.0.0.0
Details	Url	1		http://0.0.0.0:1337
Details	Url	1		http://10.10.16.16:1337/reverse.dll
Details	Windows Registry Key	3		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters\ServerLevelPluginDll