ioc[.]one - OSINT Cyber Threat Intelligence Database

Control access to software using Software Restrictions in Group Policy

Tags

attack-pattern:

Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Software - T1592.002 Tool - T1588.002 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	e516c606-a8a9-45af-bd49-59acb060636a
Fingerprint	dc3d4b1eec670d1f
Analysis status	DONE
Considered CTI value	0
Text language
Published	Sept. 8, 2016, midnight
Added to db	Sept. 26, 2022, 9:32 a.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	UNKNOWN
Title	Control access to software using Software Restrictions in Group Policy
Detected Hints/Tags/Attributes	40/1/17

Source URLs

	Redirection	Url
Details	Source	http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx

URL Provider

Details	Provider	Source level domain
Details	microsoft.com	technet.microsoft.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		chriscorio.com
Details	Domain	369		microsoft.com
Details	Email	1		winsecurity@chriscorio.com
Details	Email	1		durgas@microsoft.com
Details	File	380		notepad.exe
Details	File	1260		explorer.exe
Details	File	33		c:\windows\system32\notepad.exe
Details	File	18		logonui.exe
Details	File	50		userinit.exe
Details	File	172		dllhost.exe
Details	File	1018		rundll32.exe
Details	File	55		control.exe
Details	File	5		%windir%\explorer.exe
Details	File	263		iexplore.exe
Details	File	14		consent.exe
Details	File	2127		cmd.exe
Details	Windows Registry Key	1		HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer