Abusing Catalog Hygiene to Bypass Application Whitelisting
Tags
attack-pattern: Data Code Signing - T1553.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Code Signing - T1116 Connection Proxy - T1090 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID c2e20047-80c0-4b6f-b15d-f7cb7720ee34
Fingerprint 3d2ca73c3a24260f
Analysis status DONE
Considered CTI value 0
Text language
Published May 4, 2019, 5:10 p.m.
Added to db Jan. 18, 2023, 9:13 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline bohops
Title Abusing Catalog Hygiene to Bypass Application Whitelisting
Detected Hints/Tags/Attributes 23/1/12
Source URLs
Redirection Url
Details Source https://bohops.com/2019/05/04/abusing-catalog-file-hygiene-to-bypass-application-whitelisting/
URL Provider
Details Provider Source level domain
Details bohops.com bohops.com
Attributes
Details Type #Events CTI Value
Details CVE 6 
cve-2018-8492
Details File 46 
microsoft.xml
Details File 7 
msxml3.dll
Details File 1 
mxsml3.dll
Details File 62 
scrobj.dll
Details File 5 
msxml6.dll
Details File 48 
mshtml.dll
Details File 376 
wscript.exe
Details File 155 
cscript.exe
Details Windows Registry Key 1 
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID
Details Windows Registry Key 21 
HKEY_CLASSES_ROOT\CLSID
Details Windows Registry Key 1 
HKEY_CURRENT_USER\SOFTWARE\CLASSES\CLSID