Zero Dollar Detection and Response Orchestration with n8n, Security Onion, TheHive, and…
Tags
| attack-pattern: | Data Datasets Model Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | c4d3cd41-217b-488d-803c-af164205ae6a |
| Fingerprint | 1380e81044344990 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 23, 2022, 2:04 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Zero Dollar Detection and Response Orchestration with n8n, Security Onion, TheHive, and Velociraptor |
| Title | Zero Dollar Detection and Response Orchestration with n8n, Security Onion, TheHive, and… |
| Detected Hints/Tags/Attributes | 67/1/27 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 8 | rule.name |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 1 | install-guide.md |
|
| Details | Domain | 1 | training-material.md |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 1 | blog.huntresslabs.com |
|
| Details | Domain | 219 | gist.github.com |
|
| Details | Domain | 1 | flow.id |
|
| Details | File | 2 | api.config |
|
| Details | File | 1 | n8n-nodes-base.exe |
|
| Details | File | 6 | launcher.bat |
|
| Details | File | 1 | system-maintenance.bat |
|
| Details | File | 12 | hash.md5 |
|
| Details | File | 1 | actions.json |
|
| Details | File | 816 | index.html |
|
| Details | Github username | 2 | thehive-project |
|
| Details | Github username | 1 | weslambert |
|
| Details | md5 | 1 | 1c8a92bda81c8c7bf9ae054d26a561e0 |
|
| Details | md5 | 1 | 67d419cd42edc4b4754d9f3a5c191d86 |
|
| Details | IPv4 | 1 | 192.168.6.175 |
|
| Details | Url | 1 | https://github.com/thehive-project/thehivedocs/blob/master/installation/install-guide.md |
|
| Details | Url | 1 | https://github.com/thehive-project/thehivedocs/blob/master/training-material.md |
|
| Details | Url | 1 | https://github.com/weslambert/securityonion-velociraptor |
|
| Details | Url | 1 | https://medium.com/velociraptor-ir/velociraptors-acl-model-7f497575daee |
|
| Details | Url | 1 | https://blog.huntresslabs.com/tried-and-true-hacker-technique-dos-obfuscation-400b57cd7dd |
|
| Details | Url | 1 | https://gist.github.com/weslambert/1c8a92bda81c8c7bf9ae054d26a561e0 |
|
| Details | Url | 1 | https://192.168.6.175:8889/app/index.html?#/collected/{value}/{:flow.id |