ETW Event Tracing for Windows and ETL Files
Tags
| attack-pattern: | Data Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | cf2f8c45-b890-4aa2-8ee6-c1a92b92d5a1 |
| Fingerprint | 244e0a4b4567ac06 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 7, 2018, 6:56 p.m. |
| Added to db | Jan. 19, 2023, 12:12 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | ETW Event Tracing for Windows and ETL Files |
| Title | ETW Event Tracing for Windows and ETL Files |
| Detected Hints/Tags/Attributes | 39/1/9 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://www.hecfblog.com/2018/06/etw-event-tracing-for-windows-and-etl.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | File | 1 | observed_etl_file_locations.xlsx |
|
| Details | File | 1 | tuvtekxir.exe |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 12 | netutils.dll |
|
| Details | Github username | 1 | gcpartners |
|
| Details | Url | 1 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa364080(v=vs.85).aspx |
|
| Details | Url | 1 | https://github.com/gcpartners/etlparser |