InQuest - Join the Hunt.
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 926974ef-11bb-4e05-9e63-4bed62ab904d |
| Fingerprint | 7552db981171cfc3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 23, 2020, 6:15 p.m. |
| Added to db | Sept. 11, 2022, 12:39 p.m. |
| Last updated | Sept. 5, 2024, 8:45 p.m. |
| Headline | SOC-Class: Use Case Development |
| Title | InQuest - Join the Hunt. |
| Detected Hints/Tags/Attributes | 37/2/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://inquest.net/blog/2020/11/23/SOC-Class-Use-Case-Development |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 137 | ✔ | InQuest | https://inquest.net/blog/rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | soc-survey.com |
|
| Details | Domain | 2 | soc-class.com |
|
| Details | File | 2 | carving-001.png |
|
| Details | File | 6 | image1.jpg |
|
| Details | File | 12 | image1.png |
|
| Details | File | 2 | olefileio.jpg |
|
| Details | md5 | 2 | 28ab3d552d6f795378f9e6bb692c4f5f |
|
| Details | md5 | 2 | afbdecbc6c7c5fc32ec922c2960b172b |
|
| Details | md5 | 2 | 1c2b1d2d121683a9597ae8cf17763958 |
|
| Details | md5 | 2 | 7f7aad6745acc211a264bbc1350aed89 |
|
| Details | md5 | 2 | a9b32fad32b4afb8cb3330c189fd7c87 |
|
| Details | sha256 | 2 | ccf6d989bd33ecd81ee39f8a89ec72e5f27936a277d2ff41f4afe2d89060c770 |
|
| Details | sha256 | 2 | 63c8b6288a09b1ac43867bee20e5147e1251d589458f0a2f5686f66a47e0d259 |
|
| Details | sha256 | 2 | d541874dd0e9d045f893a30c64cac85b5c9ecfa249d287d0378bc82199e35036 |
|
| Details | sha256 | 2 | eb940285e68042df9c82c929ba87c3bd4c93e4c7969b34ab4f09f20f90a892a8 |
|
| Details | sha256 | 2 | 40e5e65bc8514eb8ac9c1b87b297c4c010e6934338cddac16eef5a8d3a756cf8 |
|
| Details | Yara rule | 1 | rule halo_generated_a9b32fad32b4afb8cb3330c189fd7c87 : maldoc image {
meta:
tlp = "amber"
author = "Halogen Generated Rule"
date = "2020-11-18"
md5 = "['28ab3d552d6f795378f9e6bb692c4f5f', 'afbdecbc6c7c5fc32ec922c2960b172b', '1c2b1d2d121683a9597ae8cf17763958', '7f7aad6745acc211a264bbc1350aed89', 'a9b32fad32b4afb8cb3330c189fd7c87']"
family = "malware family"
filename = "Directory: ../../scratchpad/use-cases/images/"
scope = "['detection', 'collection']"
intel = "['']"
strings:
$png_img_value_0 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 CD 00 00 00 3A 08 02 00 00 00 9C 49 4A 9F 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 00 09 70 48 59 73 00 00 0E C4 00 00 0E C4 01 95 2B 0E 1B 00 00 20 12 49 44 41 54 78 5E ED 9D 07 5C 95 D5 1B C7 7D }
$png_img_value_1 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 18 00 00 00 18 08 02 00 00 00 6F 15 AA AF 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 00 09 70 48 59 73 00 00 0E C4 00 00 0E C4 01 95 2B 0E 1B 00 00 01 D2 49 44 41 54 38 4F 63 FC FF FF FF B7 EF BF E6 }
$png_img_value_2 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 00 18 00 00 00 18 08 02 00 00 00 6F 15 AA AF 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 00 09 70 48 59 73 00 00 0E C4 00 00 0E C4 01 95 2B 0E 1B 00 00 02 F5 49 44 41 54 38 4F 9D 54 5D 48 14 51 14 9E 3B }
$png_img_value_3 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 05 55 00 00 02 7D 08 02 00 00 00 BA A0 05 3D 00 00 00 06 62 4B 47 44 00 FF 00 FF 00 FF A0 BD A7 93 00 00 00 09 70 48 59 73 00 00 0E C3 00 00 0E C3 01 C7 6F A8 64 00 00 80 00 49 44 41 54 78 01 04 C1 3D 8E }
$png_img_value_4 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 02 DF 00 00 01 5B 08 02 00 00 00 82 A1 75 C0 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 FF CA 49 44 41 54 78 5E EC FD 77 97 1C C7 96 DE 0B 67 65 96 AF F6 DD E8 86 37 04 08 02 84 A1 3D 76 66 CE 68 AC E6 }
$png_img_value_5 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 03 53 00 00 00 FC 08 06 00 00 00 92 1A FE 3A 00 00 00 01 73 52 47 42 00 AE CE 1C E9 00 00 00 04 67 41 4D 41 00 00 B1 8F 0B FC 61 05 00 00 00 09 70 48 59 73 00 00 0E C2 00 00 0E C2 01 15 28 4A 80 00 00 94 }
$png_img_value_6 = { 89 50 4E 47 0D 0A 1A 0A 00 00 00 0D 49 48 44 52 00 00 02 6E 00 00 01 2C 08 02 00 00 00 F5 B2 A8 BE 00 00 00 06 62 4B 47 44 00 FF 00 FF 00 FF A0 BD A7 93 00 00 80 00 49 44 41 54 78 DA EC FD F7 77 5B C7 96 3F 0A BE 7F 64 7E 98 79 6F DE 74 B8 D7 B6 98 90 33 98 }
condition:
any of them
} |