ioc[.]one - OSINT Cyber Threat Intelligence Database

Amadey Threat Analysis and Detections

Tags

attack-pattern:

Data Datasets Model Accessibility Features - T1546.008 Botnet - T1583.005 Botnet - T1584.005 Clipboard Data - T1414 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Clipboard Data - T1115 Powershell - T1086 Rundll32 - T1085 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	95ae9cda-2f29-4e3d-939c-b853098dad8e
Fingerprint	9454c95e81215f8a
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 25, 2023, 9:15 a.m.
Added to db	July 25, 2023, 7:59 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Amadey Threat Analysis and Detections
Title	Amadey Threat Analysis and Detections
Detected Hints/Tags/Attributes	64/1/14

Source URLs

	Redirection	Url
Details	Source	https://www.splunk.com/en_us/blog/security/amadey-threat-analysis-and-detections.html

URL Provider

Details	Provider	Source level domain
Details	splunk.com	www.splunk.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	375	✔	Splunk Blogs	https://www.splunk.com/blog/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		oneext.exe
Details	File	1		metado.exe
Details	File	14		cacls.exe
Details	File	2126		cmd.exe
Details	File	8		clip64.dll
Details	File	7		cred64.dll
Details	File	1018		rundll32.exe
Details	File	37		icacls.exe
Details	File	3		xcacls.exe
Details	sha256	1		617f4082c320c24f27f69d146aae6973a3cb818860ab196cf2800ff16518c2bc
Details	sha256	1		89d30f7ba7b2af7f519d2fe066700fae723643e25b1859f32c60618956651710
Details	sha256	1		3d5d48ea2b6f76af583e541602950d89b8d96a13654469df3bc58dcddf879e9d
Details	sha256	1		015d60486e75035f83ea454e87afb38d11ec39643c33b07f61a40343078ee4f5
Details	MITRE ATT&CK Techniques	14		T1546.008