Living off the land: stealing NetNTLM hashes
Tags
attack-pattern: Credentials - T1589.001 Hardware - T1592.001 Server - T1583.004 Server - T1584.004 Sudo - T1169
Show in Graph
Common Information
Type Value
UUID bb341877-d70e-416d-9ccf-dce1fab01e0d
Fingerprint 8c0fe97278237993
Analysis status DONE
Considered CTI value 0
Text language
Published June 18, 2020, 10:59 a.m.
Added to db Jan. 18, 2023, 10:24 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Living off the land: stealing NetNTLM hashes
Title Living off the land: stealing NetNTLM hashes
Detected Hints/Tags/Attributes 36/1/28
Source URLs
Redirection Url
Details Source https://securify.nl/en/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html
URL Provider
Details Provider Source level domain
Details securify.nl securify.nl
Attributes
Details Type #Events CTI Value
Details Domain 4128 
github.com
Details Domain 27 
responder.py
Details Domain 36 
schemas.openxmlformats.org
Details Domain 6 
securify.nl
Details Domain 150 
www.w3.org
Details Domain 1 
leak.app
Details File 25 
responder.py
Details File 1 
leak.png
Details File 66 
settings.xml
Details File 2 
template.dotx
Details File 1 
leak.docx
Details File 1 
leak.html
Details File 1 
leak2.url
Details File 1 
leak.ico
Details File 1 
leak.mp3
Details File 1 
leak.wma
Details File 1 
leak.jar
Details File 1 
adaptive.xsd
Details File 1 
leak.exe
Details Github username 7 
lgandx
Details IPv4 109 
1.0.0.0
Details Url 1 
https://github.com/lgandx/responder.git
Details Url 22 
http://schemas.openxmlformats.org/package/2006/relationships
Details Url 15 
http://schemas.openxmlformats.org/officedocument/2006/relationships/attachedtemplate
Details Url 2 
https://securify.nl
Details Url 7 
http://www.w3.org/2000/09/xmldsig#
Details Url 50 
http://www.w3.org/2001/xmlschema-instance
Details Url 2 
http://www.w3.org/2000/09/xmldsig#sha1