ioc[.]one - OSINT Cyber Threat Intelligence Database

Investigating a Suspicious Service - MDSec

Tags

attack-pattern:

Data Hidden Window - T1564.003 Powershell - T1059.001 Python - T1059.006 Tool - T1588.002 Hidden Window - T1143 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	95aebc43-78f6-47de-b325-8eea9dd5deaa
Fingerprint	280380570da6a3b5
Analysis status	DONE
Considered CTI value	0
Text language
Published	July 14, 2021, 7:59 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	Investigating a Suspicious Service
Title	Investigating a Suspicious Service - MDSec
Detected Hints/Tags/Attributes	37/1/7

Source URLs

	Redirection	Url
Details	Source	https://www.mdsec.co.uk/2021/07/investigating-a-suspicious-service/

URL Provider

Details	Provider	Source level domain
Details	mdsec.co.uk	www.mdsec.co.uk

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		mdsec.co.uk
Details	Domain	12		www.mdsec.co.uk
Details	Email	1		response@mdsec.co.uk
Details	File	2127		cmd.exe
Details	File	1209		powershell.exe
Details	Url	1		https://www.mdsec.co.uk
Details	Windows Registry Key	8		HKLM\System\CurrentControlSet\Services