ioc[.]one - OSINT Cyber Threat Intelligence Database

Many roads to IAT | Corelan Cybersecurity Research

Tags

attack-pattern:

Data Indirect Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Tool - T1588.002 Connection Proxy - T1090 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	e5d135e8-482e-42df-8d1d-045cfc2f2e31
Fingerprint	aa13da1228656684
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 1, 2011, 11:20 a.m.
Added to db	Jan. 18, 2023, 10:59 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Corelan Cybersecurity Research
Title	Many roads to IAT \| Corelan Cybersecurity Research
Detected Hints/Tags/Attributes	52/1/62

Source URLs

	Redirection	Url
Details	Source	https://www.corelan.be/index.php/2011/12/01/roads-iat/

URL Provider

Details	Provider	Source level domain
Details	corelan.be	www.corelan.be

Attributes

Details	Type	#Events	Value
Details	Domain	5	windbg.info
Details	Domain	7	www.osronline.com
Details	Domain	21	blogs.msdn.com
Details	Domain	21	mona.py
Details	Domain	3	redmine.corelan.be
Details	Domain	16	www.corelan.be
Details	Domain	6	sandsprite.com
Details	Domain	622	en.wikipedia.org
Details	Domain	201	msdn.microsoft.com
Details	Domain	3	securitylabs.websense.com
Details	Domain	4	www.woodmann.com
Details	Domain	1	uinc.ru
Details	Domain	5	www.ntcore.com
Details	Domain	1	www.heaventools.com
Details	Domain	11	upx.sourceforge.net
Details	Domain	9	www.openrce.org
Details	File	380	notepad.exe
Details	File	5	windbg.inf
Details	File	2	1-common-cmds.html
Details	File	1	showthread.cfm
Details	File	3	test1.txt
Details	File	1	common-windbg-commands-reference.aspx
Details	File	20	mona.py
Details	File	3	redmine.core
Details	File	37	www.core
Details	File	1206	index.php
Details	File	41	rpcrt4.dll
Details	File	30	comctl32.dll
Details	File	1	'iatsearch.txt
Details	File	1	c:\logs\notepad\iatsearch.txt
Details	File	748	kernel32.dll
Details	File	80	msvcrt.dll
Details	File	86	ole32.dll
Details	File	185	shell32.dll
Details	File	19	winspool.drv
Details	File	229	advapi32.dll
Details	File	1	understanding_imports.html
Details	File	1	cc301808.aspx
Details	File	1	historyofpackingtechnology.pdf
Details	File	2	exsuite.php
Details	File	3	overview.htm
Details	File	312	calc.exe
Details	File	1	ida_patch_import.py
Details	File	1	ida_patch_imports.py
Details	Url	2	http://windbg.info/doc/1-common-cmds.html
Details	Url	1	http://www.osronline.com/showthread.cfm?link=155938
Details	Url	1	http://blogs.msdn.com/b/willy-peter_schaub/archive/2009/11/27/common-windbg-commands-reference.aspx
Details	Url	2	http://redmine.corelan.be/projects/mona
Details	Url	1	https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual
Details	Url	1	http://sandsprite.com/codestuff/understanding_imports.html
Details	Url	1	http://en.wikipedia.org/wiki/portable_executable
Details	Url	1	http://msdn.microsoft.com/en-us/magazine/cc301808.aspx
Details	Url	1	http://securitylabs.websense.com/content/assets/historyofpackingtechnology.pdf
Details	Url	1	http://msdn.microsoft.com/en-us/library/windows/desktop/ms724454(v=vs.85).aspx
Details	Url	1	http://www.woodmann.com/collaborative/tools/index.php/imprec
Details	Url	1	http://www.woodmann.com/collaborative/tools/index.php/lordpe
Details	Url	1	http://uinc.ru/files/neox/pe_tools.shtml
Details	Url	2	http://www.ntcore.com/exsuite.php
Details	Url	1	http://www.heaventools.com/overview.htm
Details	Url	7	http://upx.sourceforge.net
Details	Url	1	http://www.openrce.org/downloads/details/108/ollydump.
Details	Url	1	http://redmine.corelan.be/projects/ida-scripts