SolarWinds Post-Compromise Hunting with Azure Sentinel
Tags
Common Information
| Type | Value |
|---|---|
| UUID | e3073bc0-c64d-4430-95a8-ed7deba9effc |
| Fingerprint | 32632e5b2cfe443a |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 16, 2020, 7:54 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | SolarWinds Post-Compromise Hunting with Azure Sentinel |
| Title | SolarWinds Post-Compromise Hunting with Azure Sentinel |
| Detected Hints/Tags/Attributes | 108/1/46 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | evdata.dataitem.eventdata.data |
|
| Details | Domain | 2 | dataitem.eventdata.data |
|
| Details | Domain | 1 | microsoft.identity.health |
|
| Details | Domain | 2 | initiatedby.app |
|
| Details | Domain | 17 | mail.read |
|
| Details | Domain | 2 | breached.contoso.com |
|
| Details | Domain | 50 | avsvmcloud.com |
|
| Details | Domain | 1 | na.contoso.com |
|
| Details | File | 29 | orion.core |
|
| Details | File | 26 | businesslayer.dll |
|
| Details | File | 2 | evdata.dat |
|
| Details | File | 3 | eventdata.dat |
|
| Details | File | 15 | servicehost.exe |
|
| Details | File | 1 | adfs.ps |
|
| Details | File | 1 | hsurrogate.exe |
|
| Details | File | 1 | azureadconnect.exe |
|
| Details | File | 2 | sensor.exe |
|
| Details | File | 25 | wsmprovhost.exe |
|
| Details | File | 54 | mmc.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 53 | adfind.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 165 | csrss.exe |
|
| Details | File | 3 | mod1.log |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 118 | sc.exe |
|
| Details | File | 48 | net1.exe |
|
| Details | File | 256 | net.exe |
|
| Details | File | 82 | taskkill.exe |
|
| Details | File | 5 | sgrmbroker.exe |
|
| Details | File | 8 | mssense.exe |
|
| Details | File | 5 | 'cscript.exe |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv6 | 72 | ::1 |
|
| Details | Windows Registry Key | 44 | HKLM\SOFTWARE\Policies\Microsoft\Windows |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\services\HealthService |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\Sense |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\WinDefend |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\MsSecFlt |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\SgrmBroker |
|
| Details | Windows Registry Key | 1 | HKLMSYSTEM\CurrentControlSet\Services\SgrmAgent |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\AATPSensorUpdater |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\AATPSensor |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\mpssvc |