ioc[.]one - OSINT Cyber Threat Intelligence Database

PowerShell Web Access | Exploring Threat and Detection Capabilities

Tags

country:	Iran
attack-pattern:	Data Credentials - T1589.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 Remote Access Tools - T1219

Show in Graph

Common Information

Type	Value
UUID	d42c22cf-636d-4bf7-9c35-8af5912bbd9d
Fingerprint	ac5904ce83818902
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 27, 2024, 6:47 p.m.
Added to db	Oct. 27, 2024, 8:37 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	PowerShell Web Access \| Exploring Threat and Detection Capabilities
Title	PowerShell Web Access \| Exploring Threat and Detection Capabilities
Detected Hints/Tags/Attributes	40/2/15

Source URLs

	Redirection	Url
Details	Source	https://0xh4lpy.medium.com/powershell-web-access-exploring-threat-and-detection-capabilities-a5505e31bb01?source=rss------cybersecurity-5
Details	Source	https://0xh4lpy.medium.com/powershell-web-access-exploring-threat-and-detection-capabilities-a5505e31bb01?source=rss------infosec-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	0xh4lpy.medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08
Details	168	✔	Infosec on Medium	https://medium.com/feed/tag/infosec	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	768		www.youtube.com
Details	Domain	219		gist.github.com
Details	Domain	469		www.cisa.gov
Details	Domain	6		www.ultimatewindowssecurity.com
Details	File	17		logon.aspx
Details	File	25		wsmprovhost.exe
Details	File	1		powershell-web-access-your-network-s-backdoor-in-plain-sight.html
Details	Github username	4		mhaggis
Details	md5	1		7e67b659af9148fa593cf2402edebb41
Details	MITRE ATT&CK Techniques	460		T1059.001
Details	Url	1		https://www.youtube.com/watch?v=9aerwl7qd_8
Details	Url	1		https://gist.github.com/mhaggis/7e67b659af9148fa593cf2402edebb41.
Details	Url	1		https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a.
Details	Url	1		https://www.splunk.com/en_us/blog/security/powershell-web-access-your-network-s-backdoor-in-plain-sight.html
Details	Url	1		https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/.