detection-rules/privilege_escalation_krbrelayup_suspicious_logon.toml at fb6ee2c69864ffdfe347bf3b050cb931f53067a6 · elastic/detection-rules
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a7b3de55-715b-4844-9428-8fbe641b6f2e |
| Fingerprint | 1345421e2bcc7e13 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 26, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:46 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | UNKNOWN |
| Title | detection-rules/privilege_escalation_krbrelayup_suspicious_logon.toml at fb6ee2c69864ffdfe347bf3b050cb931f53067a6 · elastic/detection-rules |
| Detected Hints/Tags/Attributes | 24/1/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 36 | googleprojectzero.blogspot.com |
|
| Details | Domain | 361 | attack.mitre.org |
|
| Details | File | 2 | using-kerberos-for-authentication-relay.html |
|
| Details | File | 1 | winlog.log |
|
| Details | File | 1 | event_data.tar |
|
| Details | Github username | 4 | dec0ne |
|
| Details | Github username | 2 | cube0x0 |
|
| Details | sha1 | 2 | fb6ee2c69864ffdfe347bf3b050cb931f53067a6 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | MITRE ATT&CK Techniques | 79 | T1548 |
|
| Details | MITRE ATT&CK Techniques | 87 | T1548.002 |
|
| Details | MITRE ATT&CK Techniques | 27 | T1558 |
|
| Details | Url | 2 | https://github.com/dec0ne/krbrelayup |
|
| Details | Url | 2 | https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html |
|
| Details | Url | 1 | https://github.com/cube0x0/krbrelay |
|
| Details | Url | 1 | https://attack.mitre.org/techniques/t1548 |
|
| Details | Url | 5 | https://attack.mitre.org/techniques/t1548/002 |
|
| Details | Url | 4 | https://attack.mitre.org/tactics/ta0004 |
|
| Details | Url | 2 | https://attack.mitre.org/techniques/t1558 |
|
| Details | Url | 7 | https://attack.mitre.org/tactics/ta0006 |