Putting attackers in hi vis jackets with sysmon - Nettitude Labs
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Model Powershell - T1059.001 Process Injection - T1631 Windows Service - T1543.003 Tool - T1588.002 Powershell - T1086 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID 9ea510f9-4cac-4010-b9b2-1fe798859257
Fingerprint 7e094e2f39a54c0d
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 16, 2017, 7:05 p.m.
Added to db Jan. 18, 2023, 9:56 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Putting attackers in hi vis jackets with sysmon
Title Putting attackers in hi vis jackets with sysmon - Nettitude Labs
Detected Hints/Tags/Attributes 34/2/5
Source URLs
Redirection Url
Details Source https://labs.nettitude.com/blog/putting-attackers-in-hi-vis-jackets-with-sysmon/
URL Provider
Details Provider Source level domain
Details nettitude.com labs.nettitude.com
Attributes
Details Type #Events CTI Value
Details File 25 
sysmon64.exe
Details File 1 
config_file_name.xml
Details File 478 
lsass.exe
Details File 2127 
cmd.exe
Details File 1209 
powershell.exe