Elliot on Security - Living Off the Land: Reverse Engineering Methodology + Tips & Tricks (Cmdl32 Case Study)
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Program Download |
Common Information
| Type | Value |
|---|---|
| UUID | 9bb0dda2-29f2-44aa-9225-3d8c7cef1760 |
| Fingerprint | 26101b502fa59fe8 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | July 30, 2023, midnight |
| Added to db | Aug. 4, 2023, 2:30 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Elliot on Security |
| Title | Elliot on Security - Living Off the Land: Reverse Engineering Methodology + Tips & Tricks (Cmdl32 Case Study) |
| Detected Hints/Tags/Attributes | 76/2/15 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 163 | ✔ | — | https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 537 | pic.twitter.com |
|
| Details | Domain | 831 | example.com |
|
| Details | File | 8 | cmdl32.exe |
|
| Details | File | 1 | c:\windows\system32\cmdl32.exe |
|
| Details | File | 1 | cmdln32.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | c:\windows\system32\rasphone.exe |
|
| Details | File | 2 | settings.txt |
|
| Details | File | 1 | settings2.txt |
|
| Details | File | 25 | findstr.exe |
|
| Details | File | 37 | icacls.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 97 | mpcmdrun.exe |
|
| Details | File | 8 | rasautou.exe |
|
| Details | Url | 43 | http://example.com |