Get-InjectedThreadEx – Detecting Thread Creation Trampolines — Elastic Security Labs
Tags
cmtmf-attack-pattern: Code Injection Process Injection
attack-pattern: Data Indirect Asynchronous Procedure Call - T1055.004 Code Injection - T1540 Hooking - T1617 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Server - T1583.004 Server - T1584.004 Software - T1592.002 Hooking - T1179 Powershell - T1086 Process Injection - T1055 Hooking
Show in Graph
Common Information
Type Value
UUID d335aaac-a318-4ba2-8645-1e87ed0e3f3d
Fingerprint b23c9952b5263045
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 7, 2022, midnight
Added to db Nov. 20, 2023, 12:59 a.m.
Last updated Nov. 18, 2024, 10:49 a.m.
Headline Get- InjectedThreadEx – Detecting Thread Creation Trampolines
Title Get-InjectedThreadEx – Detecting Thread Creation Trampolines — Elastic Security Labs
Detected Hints/Tags/Attributes 65/2/5
Source URLs
Redirection Url
Details Source https://www.elastic.co/security-labs/get-injectedthreadex-detection-thread-creation-trampolines
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 306 Elastic Security Labs https://www.elastic.co/security-labs/rss/feed.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 534 
ntdll.dll
Details File 291 
user32.dll
Details File 1 
image14.png
Details File 748 
kernel32.dll
Details File 1 
signed.dll