ioc[.]one - OSINT Cyber Threat Intelligence Database

WSUS Attacks Part 1: Introducing PyWSUS - GoSecure

Tags

attack-pattern:

Ip Addresses - T1590.005 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	be507d0e-7777-4b73-b426-ba1bcb405bd4
Fingerprint	3573f9820a2768d0
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 3, 2020, noon
Added to db	Jan. 18, 2023, 11:19 p.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	WSUS Attacks Part 1: Introducing PyWSUS
Title	WSUS Attacks Part 1: Introducing PyWSUS - GoSecure
Detected Hints/Tags/Attributes	46/1/10

Source URLs

	Redirection	Url
Details	Source	https://www.gosecure.net/blog/2020/09/03/wsus-attacks-part-1-introducing-pywsus/

URL Provider

Details	Provider	Source level domain
Details	gosecure.net	www.gosecure.net

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		pywsus.py
Details	File	12		psexec64.exe
Details	File	2127		cmd.exe
Details	File	1		pywsus.py
Details	File	312		calc.exe
Details	File	8		spoof.tar
Details	File	8		poc.txt
Details	IPv4	2		172.16.205.20
Details	IPv4	1		172.16.205.21
Details	Url	1		https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wsusod/637559b5-81a4-4ad4-af60-fb5129aa7d4e