Operational Look at Sysinternals Sysmon 6.20 Update
Tags
| country: | United States Of America |
| attack-pattern: | Data Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 9fe2b3b0-743f-4069-96fc-f43ddcfe9434 |
| Fingerprint | be95c35d31659e23 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 24, 2017, midnight |
| Added to db | Jan. 18, 2023, 11:07 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | Shell is Only the Beginning |
| Title | Operational Look at Sysinternals Sysmon 6.20 Update |
| Detected Hints/Tags/Attributes | 48/2/10 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 30 | www.sysinternals.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | File | 5 | fltmc.exe |
|
| Details | File | 25 | sysmon.exe |
|
| Details | File | 50 | www.sys |
|
| Details | File | 1 | notwhatitlooks.exe |
|
| Details | File | 1 | c:\windows\notwhatitlooks.exe |
|
| Details | File | 15 | powershell.core |
|
| Details | File | 1 | c:\windows directory : c:\windows isreadonly : false exists : true fullname : c:\windows\notwhatitlooks.exe |
|
| Details | Url | 1 | https://twitter.com/gentilkiwi/status/935312221277704192 |