Download Web Cradle With AMSI Patching without powershell.exe
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
attack-pattern: Command And Scripting Interpreter - T1623 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Command-Line Interface - T1059 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f31c396b-f4ae-48c3-9ee7-e6c4a1c15b6e
Fingerprint a44bafe6bf1f03ce
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 3, 2023, 9:23 a.m.
Added to db Aug. 3, 2023, 11:32 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline High-level Overview
Title Download Web Cradle With AMSI Patching without powershell.exe
Detected Hints/Tags/Attributes 32/2/11
Source URLs
Redirection Url
Details Source https://nyameeeain.medium.com/web-download-cradle-with-amsi-patching-without-powershell-exe-225c31f06e25?source=rss------malware-5
URL Provider
Details Provider Source level domain
Details medium.com nyameeeain.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 107 
system.management
Details Domain 339 
system.net
Details Domain 291 
raw.githubusercontent.com
Details Domain 4 
runspace.open
Details Domain 10 
devblogs.microsoft.com
Details File 1209 
powershell.exe
Details File 1 
calc.ps1
Details File 6 
collections.obj
Details Github username 1 
nyameeeain
Details Url 1 
https://raw.githubusercontent.com/nyameeeain/calc_for_poc/main/powershell/calc.ps1
Details Url 1 
https://devblogs.microsoft.com/dotnet/announcing-net-framework-4-8-early-access-build-3694