Hook Heaps and Live Free
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 Hooking - T1179 Hooking |
Common Information
| Type | Value |
|---|---|
| UUID | fdb7471e-da96-4c06-981b-f75688a8f104 |
| Fingerprint | ee059a537e2515c8 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 8, 2021, midnight |
| Added to db | Jan. 18, 2023, 11 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Hook Heaps and Live Free |
| Title | Hook Heaps and Live Free |
| Detected Hints/Tags/Attributes | 50/2/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 13 | ired.team |
|
| Details | Domain | 2 | guidedhacking.com |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 80 | msvcrt.dll |
|
| Details | File | 2126 | cmd.exe |
|
| Details | Github username | 5 | ccob |
|
| Details | Github username | 7 | tsudakageyu |
|
| Details | Github username | 4 | waldo-irc |
|
| Details | Url | 3 | https://github.com/ccob/beaconeye |
|
| Details | Url | 2 | https://docs.microsoft.com/en-us/windows/win32/api/heapapi/nf-heapapi-heapwalk |
|
| Details | Url | 2 | https://www.ired.team/offensive-security/code-injection-process-injection/import-adress-table-iat-hooking. |
|
| Details | Url | 2 | https://guidedhacking.com/threads/how-to-hook-import-address-table-iat-hooking.13555 |
|
| Details | Url | 2 | https://github.com/tsudakageyu/minhook. |
|
| Details | Url | 1 | https://github.com/waldo-irc/lockdexedemo. |
|
| Details | Url | 2 | https://docs.microsoft.com/en-us/windows/win32/api/heapapi/nf-heapapi-heapalloc |
|
| Details | Url | 2 | https://github.com/waldo-irc/lockdexedemo |