SOC164 EventID:114 — SOC164 — Suspicious Mshta Behavior — letsdefend.io
Tags
attack-pattern: Javascript - T1059.007 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Mshta - T1170 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID ed28b2fe-193b-4f77-8064-f34e2d08667d
Fingerprint 8e618f902904b7c9
Analysis status DONE
Considered CTI value 0
Text language
Published July 21, 2023, 11:15 a.m.
Added to db July 21, 2023, 1:28 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline SOC164 EventID:114 — SOC164 — Suspicious Mshta Behavior — letsdefend.io
Title SOC164 EventID:114 — SOC164 — Suspicious Mshta Behavior — letsdefend.io
Detected Hints/Tags/Attributes 30/1/15
Source URLs
Redirection Url
Details Source https://medium.com/@zapbroob9/soc164-eventid-114-soc164-suspicious-mshta-behavior-letsdefend-io-9c04fc91224?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 47 
letsdefend.io
Details Domain 103 
www.mcafee.com
Details Domain 97 
virustotal.com
Details Domain 339 
system.net
Details File 456 
mshta.exe
Details File 36 
c:\windows\system32\mshta.exe
Details File 2125 
cmd.exe
Details File 1208 
powershell.exe
Details File 15 
server.txt
Details File 1260 
explorer.exe
Details md5 2 
6685c433705f558c5535789234db0e5a
Details IPv4 3 
172.16.17.38
Details IPv4 3 
193.142.58.23
Details Url 1 
https://www.mcafee.com/learn/what-is-mshta-how-can-it-be-used-and-how-to-protect-against-it
Details Url 3 
http://193.142.58.23/server.txt