Search
Keyword: hktl_mimikatz64
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
Installation This Trojan adds the following processes: %System%\WScript.exe %MalwareDirectory%\{Malware Name}.vbs schtasks /create /ru system /sc MINUTE /mo 50 /st 07:00:00 /tn "\Microsoft\windows
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Hacking Tool arrives on a
\powershell.exe" -Enc {Base 64 code} -ExecutionPolicy Bypass -W Hidden -NonI --> for deleting system logs "%Program Files%\Windows Defender\mpcmdrun.exe" -removedefinitions -all --> for removing Windows Defender
following files: {Malware Path}\mkatz.ini - mimikatz note It drops and executes the following files: {Malware Path}\m2.ps1 - detected as Trojan.PS1.MIMIKATZ.ADW It adds the following processes: {malware name
1.1.1.1 --TargetPort 445 --OutputFile %Windows%\{random characters}\UnattendGC\Shellcode.ini --Protocol SMB --Architecture x64 --Funciton OutputInstall It executes its Mimikatz component using the ff.
\Shellcode.ini --Protocol SMB --Architecture x64 --Funciton OutputInstall It executes its Mimikatz component using the ff. parameters: %Windows%\lkbcceulc\Corporate\vfshost.exe privilege::debug
(MS17-010) MSSQL Brute forcing Dumping Windows Domain Credentials using any of the following techniques/tools: Mimikatz Pass-The-Hash It is capable of performing RDP Brute Force Attack using the following
}ol.org:14444 stratum+tcp://{BLOCKED}e.{BLOCKED}pool.com:80 stratum+tcp://{BLOCKED}e.{BLOCKED}l.net:80 It attempts to retrieve affected machine's user credentials using Mimikatz component. It scans for network
following files: {Malware Path}\mkatz.ini - mimikatz note It drops and executes the following files: {Malware Path}\m2.ps1 - detected as Trojan.PS1.MIMIKATZ.ADW It adds the following processes: {malware name
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Coinminer arrives on a system as
propagating in the local network via the following means: SMB Exploit (MS17-010) MSSQL and SSH Brute-Forcing Dumping Windows Domain Credentials using any of the following techniques/tools Mimikatz Pass-The-Hash
%All Users Profile%\mmkt.exe -> Mimikatz module %All Users Profile%\uname %All Users Profile%\upass %Temp%\Ssession (Note: %All Users Profile% is the common user's profile folder, which is usually C:
in the local network via the following means: Mimikatz It uses Windows Management Instrumentation (WMI) to do the following: WMI Event Subscription: For Windows 10: It creates the following WMI Classes
account Spawn a session in a process with elevated rights Enable privileges assigned to current access token Execute Mimikatz to recover user logon passwords Scan ports Enumerate network and hosts
This ransomware, also known as Bad Rabbit, reportedly spread to networks of some high profile companies located in Ukraine and Russia. It spreads via network shares. It also modifies the Master Boot
This ransomware known as Bad Rabbit infected systems belonging to several high profile companies in Ukraine and Russia. It arrives via watering hole attack on compromised websites. This Ransomware
Execute arbitrary files Perform custom mimikatz metasploit commands Use “espia” commands to gather the following information: Clipboard dump Keyboard dump Video/Image dump Use “stdapi” commands to execute
Execute arbitrary files Perform custom mimikatz metasploit commands Use “espia” commands to gather the following information: Clipboard dump Keyboard dump Video/Image dump Use “stdapi” commands to execute
Mimikatz Pass-The-Hash Capable of performing Brute Force Attack. It uses the following credentials: Username: Administrator admin Password: !@#$%^&* 000000 1 1111 111111 111111111 112233 11223344 12