Spec-tac-ula Deserialization: Deploying Specula with .NET
Tags
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Msbuild - T1127.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID e9803de4-c4c9-4b24-8b08-7775542f5b49
Fingerprint 267901a0e93617b4
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 17, 2024, midnight
Added to db Oct. 17, 2024, 2:48 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline UNKNOWN
Title Spec-tac-ula Deserialization: Deploying Specula with .NET
Detected Hints/Tags/Attributes 40/1/19
Source URLs
Redirection Url
Details Source https://trustedsec.com/blog/spec-tac-ula-deserialization-deploying-specula-with-net
URL Provider
Details Provider Source level domain
Details trustedsec.com trustedsec.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 385 TrustedSec https://www.trustedsec.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 228 
system.io
Details Domain 32 
ysoserial.net
Details Domain 73 
schemas.microsoft.com
Details File 7 
formatters.bin
Details File 13 
ysoserial.exe
Details File 312 
calc.exe
Details File 1 
e:\dev\payload.txt
Details File 2126 
cmd.exe
Details File 380 
notepad.exe
Details File 1 
localcodecompiler.cs
Details File 1 
e:\dev\poc\poc\bin\debug\poc.dll
Details File 2 
server.url
Details File 1 
xamlassemblyloadfromfilegenerator.cs
Details Url 1 
https://your/specula/server.url
Details Url 5 
http://schemas.microsoft.com/winfx/2006/xaml/presentation
Details Url 5 
http://schemas.microsoft.com/winfx/2006/xaml
Details Windows Registry Key 4 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office
Details Windows Registry Key 2 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
Details Windows Registry Key 14 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet