ioc[.]one - OSINT Cyber Threat Intelligence Database

Highlight of an Email Attack Simulation Bypass | InQuest

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Models Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Hidden Window - T1143 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	ebf8f00b-4206-46af-a759-211a36e4a5e3
Fingerprint	36938d983935d64d
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 30, 2023, midnight
Added to db	June 5, 2023, 10:51 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Highlight of an Email Attack Simulation Bypass
Title	Highlight of an Email Attack Simulation Bypass \| InQuest
Detected Hints/Tags/Attributes	53/2/22

Source URLs

	Redirection	Url
Details	Source	https://inquest.net/blog/2023/05/30/highlight-email-attack-simulation-bypass

URL Provider

Details	Provider	Source level domain
Details	inquest.net	inquest.net

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	137	✔	InQuest	https://inquest.net/blog/rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	372	wscript.shell
Details	Domain	291	raw.githubusercontent.com
Details	Domain	339	system.net
Details	Domain	22	stream.read
Details	File	1208	powershell.exe
Details	File	2	jdsin.txt
Details	File	2	wshshell.exe
Details	File	2	hopper.ps1
Details	File	7	sys.ps1
Details	File	35	'powershell.exe
Details	File	2	command_log.txt
Details	Github username	2	azdakc
Details	md5	2	0bf97027b0bb4e278dea970aa24d9570
Details	IPv4	2	149.100.157.219
Details	IPv4	2	149.100.167.219
Details	Url	2	https://raw.githubusercontent.com/azdakc/gasd/main/jdsin.txt).content
Details	Url	2	https://raw.githubusercontent.com/azdakc/gasd/main/hopper.ps1
Details	Url	2	https://raw.githubusercontent.com/azdakc/gasd/main/jdsin.txt
Details	Windows Registry Key	582	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	480	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Details	Windows Registry Key	4	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
Details	Windows Registry Key	4	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce