Building Incident Response Toolkit - Redline (part 2) - dfir it!
Tags
attack-pattern: Data Analyze Data Collected - T1287 Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID ef3a8e83-f19d-4665-9bba-b6cf50242013
Fingerprint 22f1c9811fa00481
Analysis status DONE
Considered CTI value 0
Text language
Published April 4, 2015, 4:15 p.m.
Added to db Jan. 18, 2023, 9:33 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline dfir it!
Title Building Incident Response Toolkit - Redline (part 2) - dfir it!
Detected Hints/Tags/Attributes 34/1/8
Source URLs
Redirection Url
Details Source https://dfir.it/blog/2015/04/04/building-incident-response-toolkit-redline-part2/
URL Provider
Details Provider Source level domain
Details dfir.it dfir.it
Attributes
Details Type #Events CTI Value
Details File 2127 
cmd.exe
Details File 137 
conhost.exe
Details File 165 
csrss.exe
Details File 3 
m64.exe
Details File 12 
strings.exe
Details File 1 
c:\m64.exe
Details IPv4 2 
10.10.100.100
Details IPv4 2 
10.10.100.50