ioc[.]one - OSINT Cyber Threat Intelligence Database

Remotely dump "Active Directory Domain Controller" machine user database using web shell

Tags

country:	India
attack-pattern:	Ntds - T1003.003 Python - T1059.006 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Tool - T1588.002 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	c91fb2dd-0562-4240-845c-e629b6090fbe
Fingerprint	16817d5905a3f6f3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 6, 2018, 12:55 a.m.
Added to db	Jan. 18, 2023, 11:28 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Remotely dump "Active Directory Domain Controller" machine user database using web shell
Title	Remotely dump "Active Directory Domain Controller" machine user database using web shell
Detected Hints/Tags/Attributes	33/2/7

Source URLs

	Redirection	Url
Details	Source	https://www.mannulinux.org/2018/12/remotely-dump-active-directory-domain.html

URL Provider

Details	Provider	Source level domain
Details	mannulinux.org	www.mannulinux.org

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	88		secretsdump.py
Details	File	122		psexec.exe
Details	File	27		out.txt
Details	File	1		c:\xmpp\htdocs\box\ps\out.txt
Details	File	85		secretsdump.py
Details	IPv4	2		192.168.56.200
Details	IPv4	20		192.168.56.101