The Invoke-CradleCrafter Overview — Daniel Bohannon
Tags
| attack-pattern: | Data Powershell - T1059.001 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | cef9bc08-c23f-4072-ae29-1d75bc198d0c |
| Fingerprint | 35590f8621f549e8 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 2, 2017, midnight |
| Added to db | Jan. 19, 2023, 12:09 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Daniel Bohannon |
| Title | The Invoke-CradleCrafter Overview — Daniel Bohannon |
| Detected Hints/Tags/Attributes | 39/1/18 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 3 | value.name |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 2 | downloadcradles.ps1 |
|
| Details | File | 5 | rasman.dll |
|
| Details | File | 9 | rasapi32.dll |
|
| Details | File | 59 | csc.exe |
|
| Details | File | 26 | cvtres.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 63 | bitsadmin.exe |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 199 | excel.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | wc.ps |
|
| Details | Url | 1 | http://bit.ly/l3g1t |
|
| Details | Url | 1 | http://bit.ly/e0mw9w |