Using Precalculated String Hashes when Reverse Engineering Shellcode | Mandiant
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | fb4a12c9-6170-4046-8f6c-3fb5db235158 |
| Fingerprint | 8a530f32e03c626f |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 29, 2012, midnight |
| Added to db | Nov. 9, 2023, 12:28 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Using Precalculated String Hashes when Reverse Engineering Shellcode |
| Title | Using Precalculated String Hashes when Reverse Engineering Shellcode | Mandiant |
| Detected Hints/Tags/Attributes | 27/1/13 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | lsd-pl.net |
|
| Details | Domain | 1 | winasm.zip |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 16 | www.hex-rays.com |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 1 | winasm.zip |
|
| Details | File | 1 | make_sc_hash_db.py |
|
| Details | File | 2 | shellcode_hash_search.py |
|
| Details | File | 4 | shellcode_hashes_search_plugin.py |
|
| Details | Github username | 19 | mandiant |
|
| Details | Url | 1 | http://lsd-pl.net/projects/winasm.zip |
|
| Details | Url | 1 | https://github.com/mandiant/reversing. |
|
| Details | Url | 1 | http://www.hex-rays.com/products/ida/support/download.shtml |