How to parse Windows Eventlog
Tags
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 New Service - T1050 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID f3b9f07e-962e-4e22-a4a3-f640f4997253
Fingerprint 106188c58e6c0e96
Analysis status DONE
Considered CTI value -2
Text language
Published March 13, 2016, 12:03 p.m.
Added to db Aug. 31, 2024, 2:03 a.m.
Last updated Nov. 11, 2024, 10:10 p.m.
Headline DFIR blog
Title How to parse Windows Eventlog
Detected Hints/Tags/Attributes 32/1/3
Source URLs
Redirection Url
Details Source https://dfirblog.wordpress.com/2016/03/13/how-to-parse-windows-eventlog/
URL Provider
Details Provider Source level domain
Details wordpress.com dfirblog.wordpress.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 103 DFIR blog https://dfirblog.wordpress.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 2 
logparser.exe
Details File 1 
'%rundll32.exe
Details IPv4 1 
10.1.47.151