Hook Heaps and Live Free
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Hooking - T1179 Hooking
Show in Graph
Common Information
Type Value
UUID e15827c9-4439-44b6-aca4-88be8c53ced7
Fingerprint ee059a537e6515e0
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 9, 2021, 12:14 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Hook Heaps and Live Free
Title Hook Heaps and Live Free
Detected Hints/Tags/Attributes 51/2/20
Source URLs
Redirection Url
Details Source https://www.arashparsa.com/hook-heaps-and-live-free/
URL Provider
Details Provider Source level domain
Details arashparsa.com www.arashparsa.com
Attributes
Details Type #Events CTI Value
Details Domain 4128 
github.com
Details Domain 281 
docs.microsoft.com
Details Domain 13 
ired.team
Details Domain 2 
guidedhacking.com
Details File 748 
kernel32.dll
Details File 291 
user32.dll
Details File 1260 
explorer.exe
Details File 80 
msvcrt.dll
Details File 2126 
cmd.exe
Details Github username 4 
waldo-irc
Details Github username 5 
ccob
Details Github username 7 
tsudakageyu
Details Url 60 
https://github.com
Details Url 2 
https://github.com/waldo-irc/lockdexedemo
Details Url 3 
https://github.com/ccob/beaconeye
Details Url 2 
https://docs.microsoft.com/en-us/windows/win32/api/heapapi/nf-heapapi-heapwalk
Details Url 2 
https://www.ired.team/offensive-security/code-injection-process-injection/import-adress-table-iat-hooking.
Details Url 2 
https://guidedhacking.com/threads/how-to-hook-import-address-table-iat-hooking.13555
Details Url 2 
https://github.com/tsudakageyu/minhook.
Details Url 2 
https://docs.microsoft.com/en-us/windows/win32/api/heapapi/nf-heapapi-heapalloc