ioc[.]one - OSINT Cyber Threat Intelligence Database

AppLocker Bypass – CMSTP

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	a1714380-f75e-488d-adca-807c2884af40
Fingerprint	a4b01ce76171d740
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 10, 2018, 7:01 a.m.
Added to db	Jan. 18, 2023, 10:08 p.m.
Last updated	Nov. 18, 2024, 2:36 a.m.
Headline	AppLocker Bypass – CMSTP
Title	AppLocker Bypass – CMSTP
Detected Hints/Tags/Attributes	22/1/24

Source URLs

	Redirection	Url
Details	Source	https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp/

URL Provider

Details	Provider	Source level domain
Details	pentestlab.blog	pentestlab.blog

Attributes

Details	Type	#Events	Value
Details	Domain	221	gist.github.com
Details	Domain	6	msitpros.com
Details	File	5	c:\windows\system32\cmstp.exe
Details	File	2	c:\windows\syswow64\cmstp.exe
Details	File	2	pentestlab.dll
Details	File	47	cmstp.exe
Details	File	6	cmstp.inf
Details	File	62	scrobj.dll
Details	Github username	2	netbiosx
Details	Github username	2	nicktyrer
Details	md5	1	15c963465bf1e78969fb3347c43b45b9
Details	md5	1	297ea22d3475bb7216a7525f1ee82568
Details	md5	1	0604bb9d7bcfef9e0cf82c28a7b76f0f
Details	md5	1	bbd10d20a5bb78f64a9d13f399ea0f80
Details	IPv4	34	10.0.0.2
Details	Url	1	http://10.0.0.2/tmp/powersct.sct
Details	Url	1	http://10.0.0.2/tmp/pentestlab.sct
Details	Url	1	https://gist.github.com/netbiosx/15c963465bf1e78969fb3347c43b45b9
Details	Url	1	https://gist.github.com/netbiosx/297ea22d3475bb7216a7525f1ee82568
Details	Url	1	https://gist.github.com/nicktyrer/0604bb9d7bcfef9e0cf82c28a7b76f0f
Details	Url	1	https://gist.github.com/nicktyrer/bbd10d20a5bb78f64a9d13f399ea0f80
Details	Url	2	https://msitpros.com/?p=3960
Details	Url	1	https://bohops.com/2018/02/26/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence
Details	Url	1	https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2