Top 10 LoL Binaries and Techniques Used by Cyber Threat Actors
Tags
attack-pattern: Installutil - T1218.004 Mshta - T1218.005 Powershell - T1059.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Software - T1592.002 Tool - T1588.002 Installutil - T1118 Mshta - T1170 Powershell - T1086 Regsvr32 - T1117 Rundll32 - T1085 Scripting - T1064 Windows Management Instrumentation - T1047 Scripting
Show in Graph
Common Information
Type Value
UUID d9d706b9-457b-45b0-ade3-8a34802e5252
Fingerprint a46099c8936dff4f
Analysis status DONE
Considered CTI value -2
Text language
Published March 23, 2023, 8:55 a.m.
Added to db March 23, 2023, 10:23 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline UNKNOWN
Title Top 10 LoL Binaries and Techniques Used by Cyber Threat Actors
Detected Hints/Tags/Attributes 33/1/15
Source URLs
Redirection Url
Details Source https://medium.com/@alirezaghahrood/living-off-the-land-binaries-lolbins-are-legitimate-windows-system-files-tools-and-executables-4da3b3fe8660?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 3 
payload.ps1
Details File 62 
scrobj.dll
Details File 1 
payload-encoded.txt
Details File 55 
payload.exe
Details File 3 
c:\windows\temp\payload.exe
Details File 1018 
rundll32.exe
Details File 1 
c:\path\to\malicious.dll
Details File 1 
c:\path\to\malicious.js
Details File 1 
c:\path\to\payload.exe
Details File 83 
installutil.exe
Details Url 1 
http://malicious-url/payload.ps1
Details Url 1 
http://malicious-url/payload.sct
Details Url 1 
http://malicious-url/payload.hta
Details Url 1 
http://malicious-url/payload-encoded.txt
Details Url 1 
http://malicious-url/payload.exe