InfoSec Handlers Diary Blog - SANS Internet Storm Center
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Installutil - T1218.004 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Xsl Script Processing - T1220 Tool - T1588.002 Installutil - T1118 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID d51a892b-1ea9-43a6-aae6-41d2d8e1b44c
Fingerprint 9100ba02365e8bcd
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 12, 2021, midnight
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Internet Storm Center
Title InfoSec Handlers Diary Blog - SANS Internet Storm Center
Detected Hints/Tags/Attributes 28/2/22
Source URLs
Redirection Url
Details Source https://isc.sans.edu/diary/rss/27092
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
Attributes
Details Type #Events CTI Value
Details Domain 3 
shortcut.click
Details Domain 339 
system.net
Details Domain 707 
google.com
Details Domain 1 
hera.lt
Details Domain 425 
isc.sans.edu
Details Domain 622 
en.wikipedia.org
Details File 1 
inv00620224400.chm
Details File 1 
c:\windows\hh.exe
Details File 1 
sdf48df.htm
Details File 1209 
powershell.exe
Details File 1 
delta2.jpg
Details File 5 
'installutil.exe
Details File 83 
installutil.exe
Details sha256 1 
af9fe480abc56cf1e1354eb243ec9f5bee9cac0d75df38249d1c64236132ceab
Details sha256 1 
88774ead57918bf293205d038402bd64ff6504d1cb1b72dba2b50061dfe88c79
Details sha256 1 
39ecb2d1c2a4aa01e62effc56bb27ee8d1fe34ec43e5c99ee0b138410cfa2ca9
Details MITRE ATT&CK Techniques 14 
T1220
Details Url 1 
http://hera.lt/delta2.jpg
Details Url 1 
https://isc.sans.edu/forums/diary/new
Details Url 1 
https://en.wikipedia.org/wiki/microsoft_compiled_html_help
Details Url 1 
https://www.virustotal.com/gui/file/af9fe480abc56cf1e1354eb243ec9f5bee9cac0d75df38249d1c64236132ceab/detection
Details Url 1 
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/htmlhelp/click-and-hhclick-method