Identifying Group Policy attacks
Tags
attack-pattern: Data Clear Windows Event Logs - T1070.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Remote Access Software - T1663 Remote Desktop Protocol - T1021.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Startup Items - T1037.005 Web Shell - T1505.003 Tool - T1588.002 Powershell - T1086 Remote Access Tools - T1219 Remote Desktop Protocol - T1076 Scheduled Task - T1053 Third-Party Software - T1072 Startup Items - T1165 Windows Management Instrumentation - T1047 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID f2abdcee-2234-4292-80a3-984f65d5e4ec
Fingerprint 9d212dd36521998b
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 8, 2023, 5:19 p.m.
Added to db Nov. 19, 2023, 10:27 p.m.
Last updated Aug. 31, 2024, 6:29 p.m.
Headline Identifying Group Policy attacks
Title Identifying Group Policy attacks
Detected Hints/Tags/Attributes 65/1/3
Source URLs
Redirection Url
Details Source https://news.sophos.com/en-us/2023/11/08/identifying-group-policy-attacks/
URL Provider
Details Provider Source level domain
Details sophos.com news.sophos.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 183 Sophos News https://news.sophos.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1 
c:\windows\temp\sophos_gporeport.html
Details File 1 
rook.exe
Details File 1 
c:\windows\rook.exe