Windows Exploitation: wmic - Hacking Articles
Tags
cmtmf-attack-pattern: Command-Line Interface
attack-pattern: Command-Line Interface - T1605 Mshta - T1218.005 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Tool - T1588.002 Command-Line Interface - T1059 Mshta - T1170 Powershell - T1086 Command-Line Interface
Show in Graph
Common Information
Type Value
UUID 970d085a-598e-4653-b210-393155687be4
Fingerprint e6689b9115a50dd7
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 23, 2019, 8:31 a.m.
Added to db Jan. 18, 2023, 11:21 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Hacking Articles
Title Windows Exploitation: wmic - Hacking Articles
Detected Hints/Tags/Attributes 36/2/14
Source URLs
Redirection Url
Details Source https://www.hackingarticles.in/bypass-application-whitelisting-using-wmic-exe-multiple-methods/
URL Provider
Details Provider Source level domain
Details hackingarticles.in www.hackingarticles.in
Attributes
Details Type #Events CTI Value
Details Domain 20 
www.hackingarticles.in
Details File 240 
wmic.exe
Details File 1 
g8gkv.xsl
Details File 1 
launcher.xsl
Details File 456 
mshta.exe
Details File 1 
payload.xsl
Details IPv4 18 
192.168.1.107
Details IPv4 6 
192.168.1.109
Details Url 3 
https://www.hackingarticles.in/koadic-com-command-control-framework
Details Url 1 
http://192.168.1.107:9996/g8gkv.xsl
Details Url 2 
https://www.hackingarticles.in/hacking-with-empire-powershell-post-exploitation-agent
Details Url 1 
http://192.168.1.107
Details Url 1 
http://192.168.1.107:8080/launcher.xsl
Details Url 1 
http://192.168.1.109/payload.xsl