Dismantling Smart App Control — Elastic Security Labs
Tags
attack-pattern: Data Model Code Signing - T1553.002 Hardware - T1592.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Software - T1592.002 Vulnerabilities - T1588.006 Code Signing - T1116 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID e1e2913b-653a-442d-9002-33995253a6a2
Fingerprint 1c781e196de5e245
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 6, 2024, midnight
Added to db Aug. 31, 2024, 9:31 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Dismantling Smart App Control
Title Dismantling Smart App Control — Elastic Security Labs
Detected Hints/Tags/Attributes 57/1/16
Source URLs
Redirection Url
Details Source https://www.elastic.co/security-labs/dismantling-smart-app-control
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 306 Elastic Security Labs https://www.elastic.co/security-labs/rss/feed.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 21 
process.parent.name
Details Domain 5 
process.ext.api.name
Details Domain 55 
process.name
Details Domain 5 
agent.id
Details Domain 10 
windows.storage
Details Domain 1 
file.ext.windows
Details File 674 
node.js
Details File 1260 
explorer.exe
Details File 1208 
powershell.exe
Details File 5 
target.exe
Details File 49 
process.exe
Details File 533 
ntdll.dll
Details File 10 
storage.dll
Details File 185 
shell32.dll
Details sha256 1 
ba35b8b4346b79b8bb4f97360025cb6befaf501b03149a3b5fef8f07bdf265c7
Details sha256 3 
4e213bd0a127f1bb24c4c0d971c2727097b04eed9c6e62a57110d168ccc3ba10