Pazuzu: reflective DLL to run binaries from memory
Tags
attack-pattern: Process Hollowing - T1055.012 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID bdd492ea-5cab-4ff4-8c5b-ce036c611e25
Fingerprint 346559bd2497ffa4
Analysis status DONE
Considered CTI value 0
Text language
Published April 8, 2016, 4:59 a.m.
Added to db Jan. 19, 2023, 12:14 a.m.
Last updated Nov. 14, 2024, 1:19 p.m.
Headline UNKNOWN
Title Pazuzu: reflective DLL to run binaries from memory
Detected Hints/Tags/Attributes 20/1/7
Source URLs
Redirection Url
Details Source http://www.shelliscoming.com/2016/04/pazuzu-reflective-dll-to-run-binaries.html
URL Provider
Details Provider Source level domain
Details shelliscoming.com www.shelliscoming.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
pazuzu.py
Details File 1 
pazuzu.py
Details File 23 
x86.dll
Details File 4 
86.dll
Details File 1 
winhttp-stager.exe
Details File 8 
regshot.exe
Details IPv4 2 
192.168.1.44