Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence
Tags
attack-pattern: Cmstp - T1218.003 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Pubprn - T1216.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Cmstp - T1191 Powershell - T1086 Regsvr32 - T1117 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID f250f8c8-46c1-45b1-8b44-d0b893059c43
Fingerprint 34409b28e8b78391
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 26, 2018, 5:12 p.m.
Added to db Jan. 18, 2023, 9:12 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline bohops
Title Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence
Detected Hints/Tags/Attributes 40/1/22
Source URLs
Redirection Url
Details Source https://bohops.com/2018/02/26/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence/
URL Provider
Details Provider Source level domain
Details bohops.com bohops.com
Attributes
Details Type #Events CTI Value
Details File 14 
setupapi.dll
Details File 14 
advpack.dll
Details File 1018 
rundll32.exe
Details File 2 
file.inf
Details File 62 
scrobj.dll
Details File 47 
cmstp.exe
Details File 1 
test.inf
Details File 4 
pubprn.vbs
Details File 7 
microsoft.js
Details File 1 
'microsoft.js
Details File 23 
msxsl.exe
Details File 3 
file.xml
Details File 1 
file.xsl
Details File 19 
system.xml
Details File 1 
xsl.xsl
Details IPv4 1441 
127.0.0.1
Details Url 1 
http://url/file.sct
Details Url 1 
http://url/file.sct").exec()',[microsoft.jscript.vsa.vsaengine
Details Url 1 
http://url/file.sct').exec
Details Url 1 
http://url/file.xml
Details Url 1 
http://url/file.xsl
Details Url 1 
http://url/file.xsl',$s,$r);$x.transform('http://url/file.xml