ioc[.]one - OSINT Cyber Threat Intelligence Database

InfoSec Handlers Diary Blog - SANS Internet Storm Center

Tags

attack-pattern:

Data Gpu Hardware Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Kerberoasting - T1558.003 Malware - T1587.001 Malware - T1588.001 Pass The Hash - T1550.002 Password Cracking - T1110.002 Reversible Encryption - T1556.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Hypervisor - T1062 Kerberoasting - T1208 Pass The Hash - T1075 Default Credentials

Show in Graph

Common Information

Type	Value
UUID	f978c425-d427-4d39-8e35-71822bd37832
Fingerprint	b700d91f49634487
Analysis status	DONE
Considered CTI value	0
Text language
Published	Feb. 5, 2019, midnight
Added to db	Feb. 18, 2023, 1:41 a.m.
Last updated	Nov. 18, 2024, 4:38 a.m.
Headline	Internet Storm Center
Title	InfoSec Handlers Diary Blog - SANS Internet Storm Center
Detected Hints/Tags/Attributes	76/1/25

Source URLs

	Redirection	Url
Details	Source	https://isc.sans.edu/diary/rss/24612

URL Provider

Details	Provider	Source level domain
Details	sans.edu	isc.sans.edu

Attributes

Details	Type	#Events	Value
Details	Domain	12	www.blackhillsinfosec.com
Details	Domain	427	isc.sans.edu
Details	Domain	2	c-apt-ure.blogspot.com
Details	Domain	1373	twitter.com
Details	Domain	101	www.theregister.co.uk
Details	File	1	first-tc-2018_tom-ueltschi_sysmon_public.pdf
Details	File	1	is-this-blog-still-alive.html
Details	Url	1	https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz
Details	Url	1	https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a
Details	Url	1	https://isc.sans.edu/forums/diary/rooting
Details	Url	1	https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy
Details	Url	1	https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always
Details	Url	2	https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection
Details	Url	1	https://www.blackhillsinfosec.com/your-password-is-wait-for-it-not-always-encrypted
Details	Url	1	https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group
Details	Url	1	https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/how-to-configure-protected-accounts
Details	Url	1	https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified
Details	Url	1	https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-considerations
Details	Url	1	http://security-research.dyndns.org/pub/slides/first-tc-2018/first-tc-2018_tom-ueltschi_sysmon_public.pdf
Details	Url	1	http://c-apt-ure.blogspot.com/2017/12/is-this-blog-still-alive.html
Details	Url	1	https://twitter.com/c_apt_ure/status/1092035814387798016
Details	Url	1	https://www.theregister.co.uk/2018/12/03/notpetya_ncc_eternalglue_production_network
Details	Windows Registry Key	3	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\WDigest
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA
Details	Windows Registry Key	2	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa