BTLO: Hashish
Tags
attack-pattern: Credentials - T1589.001 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Credential Dumping - T1003 Exfiltration Over Command And Control Channel - T1041 Powershell - T1086 Remote Desktop Protocol - T1076 Remote Services - T1021
Show in Graph
Common Information
Type Value
UUID 9718313f-451a-4b1c-9b37-cb480a6fd5a3
Fingerprint b455b992a7234f01
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 25, 2024, 5:09 a.m.
Added to db Dec. 25, 2024, 6:32 a.m.
Last updated Dec. 25, 2024, 6:33 a.m.
Headline BTLO: Hashish
Title BTLO: Hashish
Detected Hints/Tags/Attributes 56/1/17
Source URLs
Redirection Url
Details Source https://medium.com/@shantaciak/btlo-hashish-165f49e00f76?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 20 
cve-2021-36934
Details Domain 102 
secretsdump.py
Details Domain 45 
psexec.py
Details File 1 
%username%\appdata\roaming\microsoft\windows\powershell\psreadline\consolehost_history.txt
Details File 18 
consolehost_history.txt
Details File 1 
invoke-hivenightmare.ps1
Details File 99 
secretsdump.py
Details File 69 
output.txt
Details File 42 
psexec.py
Details File 1 
dc.txt
Details md5 41 
aad3b435b51404eeaad3b435b51404ee
Details md5 1 
f5074ace71088981dfb732be9d7a35f7
Details IPv4 1582 
127.0.0.1
Details MITRE ATT&CK Techniques 324 
T1003
Details MITRE ATT&CK Techniques 180 
T1021
Details MITRE ATT&CK Techniques 177 
T1021.001
Details MITRE ATT&CK Techniques 460 
T1041