GitHub - nsacyber/Mitigating-Web-Shells: Guidance for mitigation web shells. #nsacyber
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a77330a9-0c94-4ffa-a763-b87e665df884 |
| Fingerprint | 9d1b9a18b1fe3e53 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | July 7, 2021, midnight |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | nsacyber/Mitigating-Web-Shells |
| Title | GitHub - nsacyber/Mitigating-Web-Shells: Guidance for mitigation web shells. #nsacyber |
| Detected Hints/Tags/Attributes | 68/1/48 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://github.com/nsacyber/Mitigating-Web-Shells |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | logcheck.py |
|
| Details | File | 2 | dirchecker.ps1 |
|
| Details | File | 2 | logcheck.ps1 |
|
| Details | File | 2 | logcheck.py |
|
| Details | File | 7 | yara64.exe |
|
| Details | File | 1 | yara.bin |
|
| Details | File | 8 | c:\windows\system32\inetsrv\w3wp.exe |
|
| Details | File | 24 | arp.exe |
|
| Details | File | 30 | at.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 6 | dsget.exe |
|
| Details | File | 9 | dsquery.exe |
|
| Details | File | 22 | find.exe |
|
| Details | File | 25 | findstr.exe |
|
| Details | File | 18 | fsutil.exe |
|
| Details | File | 9 | hostname.exe |
|
| Details | File | 51 | ipconfig.exe |
|
| Details | File | 1 | nbstat.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 48 | net1.exe |
|
| Details | File | 6 | netdom.exe |
|
| Details | File | 76 | netsh.exe |
|
| Details | File | 46 | netstat.exe |
|
| Details | File | 49 | nltest.exe |
|
| Details | File | 33 | nslookup.exe |
|
| Details | File | 59 | ntdsutil.exe |
|
| Details | File | 4 | pathping.exe |
|
| Details | File | 76 | ping.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 3 | qprocess.exe |
|
| Details | File | 10 | query.exe |
|
| Details | File | 12 | qwinsta.exe |
|
| Details | File | 165 | reg.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 118 | sc.exe |
|
| Details | File | 249 | schtasks.exe |
|
| Details | File | 61 | systeminfo.exe |
|
| Details | File | 56 | tasklist.exe |
|
| Details | File | 19 | tracert.exe |
|
| Details | File | 3 | ver.exe |
|
| Details | File | 345 | vssadmin.exe |
|
| Details | File | 95 | wevtutil.exe |
|
| Details | File | 62 | whoami.exe |
|
| Details | File | 240 | wmic.exe |
|
| Details | File | 41 | wusa.exe |
|
| Details | IPv4 | 103 | 192.168.1.0 |