InfoSec Handlers Diary Blog - SANS Internet Storm Center
Tags
attack-pattern: Data Event Triggered Execution - T1546 Powershell - T1059.001 Powershell Profile - T1546.013 Server - T1583.004 Server - T1584.004 Powershell - T1086 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID f51acf30-35ec-4b93-9d6f-923338e16bed
Fingerprint a8439a226b44636a
Analysis status DONE
Considered CTI value 2
Text language
Published June 9, 2023, midnight
Added to db June 11, 2023, 2:37 a.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline Internet Storm Center
Title InfoSec Handlers Diary Blog - SANS Internet Storm Center
Detected Hints/Tags/Attributes 39/1/17
Source URLs
Redirection Url
Details Source https://isc.sans.edu/diary/rss/29930
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 142 SANS Internet Storm Center, InfoCON: green https://isc.sans.edu/rssfeed_full.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 339 
system.net
Details Domain 3 
rs.open
Details Domain 360 
attack.mitre.org
Details Domain 10 
devblogs.microsoft.com
Details File 7 
powershell_profile.ps1
Details File 2 
res.url
Details File 3 
task.url
Details File 15 
powershell.core
Details sha256 2 
a3d265a0ab00466aab978d0ccf94bb48808861b528603bddead6649eea7c0d16
Details IPv4 2 
190.14.37.245
Details IPv4 2 
190.14.37.254
Details MITRE ATT&CK Techniques 6 
T1546.013
Details MITRE ATT&CK Techniques 43 
T1546
Details Url 2 
http://190.14.37.245:8000
Details Url 2 
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-7.3
Details Url 2 
https://attack.mitre.org/techniques/t1546/013
Details Url 2 
https://devblogs.microsoft.com/scripting/beginning-use-of-powershell-runspaces-part-1