Source Static Parser relevance 10/10 ATT&CK ID Reads the registry for installed applicationsĪdversaries may attempt to get a listing of open application windows.įound an IP/URL artifact that was identified as malicious by at least one reputation engineġ/72 reputation engines marked "" as malicious (1% detection rate)įound pattern type "Executable file name" with value: "Cmd.exe"įound pattern type "E-mail address" with value: pattern type "URL" with value: ""įound pattern type "Executable file name" with value: "Word.Application"įound pattern type "URL" with value: """, Found pattern type "URL" with value: """įound pattern type "URL" with value: """, Found pattern type "Executable file name" with value: "", Found pattern type "URL" with value: """įound pattern type "URL" with value: " _ga=1.127073677.1479843546.1474516806"įound pattern type "Executable file name" with value: "Outlook.Application"įound pattern type "Executable file name" with value: "explorer.exe" Process injection is a method of executing arbitrary code in the address space of a separate live process.įound a string that may be used as part of an injection methodĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Installs hooks/patches the running process Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Microsoft Office is a fairly common application suite on Windows-based operating systems within an enterprise network.Ĭontains embedded VBA macros with keywords that indicate auto-execute behaviorĬontains embedded VBA macros (normalized) Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager.Īn adversary may rely upon specific actions by a user in order to gain execution.Ĭontains embedded VBA macros with interesting stringsĬontains embedded VBA macros with suspicious keywords
0 kommentar(er)
