The Azure log you probably didn’t know existed
Tags
| attack-pattern: | Data Impersonation - T1656 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | b7b14f23-fc5a-47e7-86b4-5bec17120227 |
| Fingerprint | b57b5fdf4f932751 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 11, 2024, midnight |
| Added to db | Aug. 31, 2024, 10:49 a.m. |
| Last updated | Nov. 17, 2024, 5:55 p.m. |
| Headline | The Azure log you probably didn’t know existed |
| Title | The Azure log you probably didn’t know existed |
| Detected Hints/Tags/Attributes | 16/1/24 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 417 | ✔ | Invictus Incident Response blog | https://www.invictus-ir.com/news/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 831 | example.com |
|
| Details | Domain | 2 | management.core.windows.net |
|
| Details | Domain | 4 | sts.windows.net |
|
| Details | Domain | 73 | schemas.microsoft.com |
|
| Details | Domain | 32 | schemas.xmlsoap.org |
|
| Details | Domain | 7 | microsoft.management |
|
| Details | Domain | 3 | bonacu.onmicrosoft.com |
|
| Details | 2 | exampleuser@example.com |
||
| Details | 1 | korstiaan@bonacu.onmicrosoft.com |
||
| Details | File | 2 | management.core |
|
| Details | File | 31 | schemas.xml |
|
| Details | IPv4 | 17 | 192.0.2.1 |
|
| Details | Url | 2 | https://management.core.windows.net |
|
| Details | Url | 1 | https://sts.windows.net/12345678-9abc-def0-1234-56789abcdef0 |
|
| Details | Url | 1 | http://schemas.microsoft.com/claims/authnclassreference |
|
| Details | Url | 2 | http://schemas.microsoft.com/claims/authnmethodsreferences |
|
| Details | Url | 1 | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
|
| Details | Url | 2 | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
|
| Details | Url | 1 | http://schemas.microsoft.com/identity/claims/objectidentifier |
|
| Details | Url | 1 | http://schemas.microsoft.com/identity/claims/scope |
|
| Details | Url | 2 | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
|
| Details | Url | 1 | http://schemas.microsoft.com/identity/claims/tenantid |
|
| Details | Url | 1 | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
|
| Details | Url | 1 | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn |