[Blue Team Labs Online Write-up] Ozarks
Tags
cmtmf-attack-pattern: Process Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Spearphishing Attachment - T1566.001 Tool - T1588.002 Credential Dumping - T1003 Powershell - T1086 Process Injection - T1055 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID fb9b4be9-897e-45e5-b024-d8ffdd59fbdb
Fingerprint b4292d9789a615b1
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 11, 2024, 8:32 p.m.
Added to db Nov. 11, 2024, 10:09 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline [Blue Team Labs Online Write-up] Ozarks
Title [Blue Team Labs Online Write-up] Ozarks
Detected Hints/Tags/Attributes 61/3/19
Source URLs
Redirection Url
Details Source https://medium.com/@chaoskist/blue-team-labs-online-write-up-ozarks-d8d7ec0f1aa1?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 3 
xxx.xxx.xx.xxx
Details Domain 4127 
github.com
Details Domain 1 
ozarks.md
Details File 2 
logparser.exe
Details File 1 
c:\users\btlotest\desktop\tools\output.csv
Details File 1 
0-win-x64.exe
Details File 1 
sysmon.html
Details File 7 
output.csv
Details File 54 
mmc.exe
Details File 49 
nltest.exe
Details File 256 
net.exe
Details File 4 
spooler.exe
Details File 1 
sls.exe
Details File 1 
code-tunnel.exe
Details Github username 5 
chickenloner
Details MITRE ATT&CK Techniques 310 
T1566.001
Details MITRE ATT&CK Techniques 440 
T1055
Details Threat Actor Identifier - APT 115 
APT43
Details Url 2 
https://github.com/chickenloner/write_it_up/blob/main/security