Threat Hunting: Fine Tuning Sysmon & Logstash to find Malware Callbacks C&C - Syspanda
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID a49ca27c-9f26-44a6-819c-dac65b302f21
Fingerprint 92110255a52119e7
Analysis status DONE
Considered CTI value 0
Text language
Published July 30, 2018, 8:03 a.m.
Added to db Jan. 18, 2023, 11:46 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Threat Hunting: Fine Tuning Sysmon & Logstash to find Malware Callbacks C&C
Title Threat Hunting: Fine Tuning Sysmon & Logstash to find Malware Callbacks C&C - Syspanda
Detected Hints/Tags/Attributes 41/1/33
Source URLs
Redirection Url
Details Source https://www.syspanda.com/index.php/2018/07/30/threat-hunting-fine-tuning-sysmon-logstash-find-malware-callbacks-cc/
URL Provider
Details Provider Source level domain
Details syspanda.com www.syspanda.com
Attributes
Details Type #Events CTI Value
Details Domain 285 
microsoft.net
Details Domain 12 
regex101.com
Details File 271 
chrome.exe
Details File 199 
firefox.exe
Details File 56 
iexplorer.exe
Details File 263 
iexplore.exe
Details File 1 
c:\program files\malwarebytes anti-malware\mbam.exe
Details File 34 
acrord32.exe
Details File 1 
c:\program files\dropbox\client\dropbox.exe
Details File 1 
c:\users\appdata\google\chrome\chrome.exe
Details File 1 
c:\program files\malwarebytes anti-malware\mba.exe
Details File 10 
software_reporter_tool.exe
Details File 1122 
svchost.exe
Details File 11 
dns.exe
Details File 1 
g2mupdate.exe
Details File 105 
googleupdate.exe
Details File 1 
g2minstaller.exe
Details File 5 
c:\windows\system32\logonui.exe
Details File 1 
c:\windows\syswow64\logonui.exe
Details File 3 
c:\windows\system32\dns.exe
Details File 2 
c:\windows\syswow64\inetsrv\w3wp.exe
Details File 478 
lsass.exe
Details File 29 
c:\windows\system32\lsass.exe
Details File 3 
installflashplayer.exe
Details File 198 
msmpeng.exe
Details File 2126 
cmd.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 10 
md.exe
Details File 2 
jp2launcher.exe
Details File 87 
java.exe
Details IPv4 124 
192.168.0.0
Details IPv4 132 
10.0.0.0
Details IPv4 81 
172.16.0.0