InfoSec Handlers Diary Blog - SANS Internet Storm Center
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID e161009c-a4d0-4476-8db2-971a0012dd53
Fingerprint 14a9d7d1782497b9
Analysis status DONE
Considered CTI value 0
Text language
Published May 10, 2018, midnight
Added to db Feb. 18, 2023, 12:10 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Internet Storm Center
Title InfoSec Handlers Diary Blog - SANS Internet Storm Center
Detected Hints/Tags/Attributes 39/1/8
Source URLs
Redirection Url
Details Source https://isc.sans.edu/diary/Exfiltrating+data+from+very+isolated+environments/23645
Details Source https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
Attributes
Details Type #Events CTI Value
Details Domain 1 
infigo.hr
Details File 226 
certutil.exe
Details File 2126 
cmd.exe
Details File 1208 
powershell.exe
Details File 1260 
explorer.exe
Details IPv4 1 
213.147.96.3
Details IPv4 23 
10.0.2.4
Details IPv4 1441 
127.0.0.1