CTF Writeup - Flare-On 2017 - 07: zsud.exe
Tags
| attack-pattern: | Data Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 9dee98da-4f2d-4837-b20e-ce031e7adb46 |
| Fingerprint | 3c0129466b3e5284 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Oct. 28, 2017, 4:18 p.m. |
| Added to db | Jan. 19, 2023, 12:06 a.m. |
| Last updated | Nov. 18, 2024, 8:27 a.m. |
| Headline | The Vulnerable Space |
| Title | CTF Writeup - Flare-On 2017 - 07: zsud.exe |
| Detected Hints/Tags/Attributes | 41/1/22 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 107 | system.management |
|
| Details | Domain | 149 | system.security |
|
| Details | Domain | 4 | cryptostreammode.read |
|
| Details | Domain | 28 | flare-on.com |
|
| Details | 2 | mudd1ng_by_y0ur53lph@flare-on.com |
||
| Details | File | 2 | zsud.exe |
|
| Details | File | 1 | whiskey_tango_flareon.dll |
|
| Details | File | 1 | flareon.dll |
|
| Details | File | 6 | collections.obj |
|
| Details | File | 4 | rijndaelmanaged.key |
|
| Details | File | 1 | zsud.ps1 |
|
| Details | File | 1 | thing.asp |
|
| Details | File | 1 | bruteforcer.ps1 |
|
| Details | File | 1 | thing.key |
|
| Details | File | 1 | direction_extractor.py |
|
| Details | File | 1 | send_right_directions.ps1 |
|
| Details | File | 6 | cryptography.md5 |
|
| Details | File | 1 | kevin_mandia.ps1 |
|
| Details | IPv4 | 1442 | 127.0.0.1 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | Url | 1 | http://127.0.0.1:9999/some/thing.asp |