日本語のみで絞り込む
条件を指定して検索しています。すべての条件を解除する
Windows: Suspicious Rundll32 Activity
- https://help.fortinet.com
- Public_Resource_Access
- rules
- https://help.fortinet.com
- Public_Resource_Access
- rules
2023/12/22 -Adversaries may abuse rundll32.exe to proxy execution of malicious code. Rundll32.exe is commonly associated with executing DLL payloads. ... zipfldr\.dll.*" AND ...
Potentially Suspicious Rundll32 Activity - Tidal Cyber
- https://app.tidalcyber.com
- analytics
- https://app.tidalcyber.com
- analytics
2024/2/12 -Detects suspicious execution of rundll32, with specific calls to some DLLs with known LOLBIN functionalities ... zipfldr.dll - RouteTheCall- CommandLine|contains ...
Defending new vectors: Threat actors attempt SQL Server to cloud lateral ...
- https://www.microsoft.com
- security
- blog
- 2023/10/03
- https://www.microsoft.com
- security
- blog
- 2023/10/03
2023/10/3 -Microsoft security researchers recently identified a campaign where attackers attempted to move laterally to a cloud environment through a SQL Server ...
Onenote Malicious Attachment as Initial Vector - Logpoint
- https://www.logpoint.com
- blog
- onenote-malicious-atta...
- https://www.logpoint.com
- blog
- onenote-malicious-atta...
2023/10/30 -PowerShell makes the remote connection to download dll file and run rundll32 to run a malicious dll for loading IcedID. Process Execution on executing Sample ...
sql-server-abuse.md - GitHub
- https://github.com
- master
- Execution
- sql-server-abuse
- https://github.com
- master
- Execution
- sql-server-abuse
2023/11/16 -This query detects instances of a SQL Server process launching a shell to run one or more suspicious commands. Query. DeviceProcessEvents | where Timestamp >= ...
Short command line tips - Rob van der Woude's Scripting Pages
- https://www.robvanderwoude.com
- shorts
- https://www.robvanderwoude.com
- shorts
2023/10/30 -RUNDLL32.EXE ZIPFLDR.DLL,RouteTheCall zipfile.ZIP, Unfortunately, there seems to be no (native) command to copy files into the .ZIP file. Notes: (1), When ...
Inside DarkGate: Exploring the infection chain and capabilities
- https://www.logpoint.com
- blog
- inside-darkgate
- https://www.logpoint.com
- blog
- inside-darkgate
2024/3/4 -One of the DLL files contains instructions to download the payload from the C2, so when the DLL is executed via rundll32.exe it connects to C2, and downloads ...
Potential Masquerading as System32 DLL | Elastic Security Solution [8.13]
- https://www.elastic.co
- guide
- security
- current
- poten...
- https://www.elastic.co
- guide
- security
- current
- poten...
2023/9/9 -Command Shell Activity Started via RunDLL32 ... zipfldr.dll", "bootsvc.dll", "halextintcpsedma.dll ... name : "DismHost.exe" and dll.path : "C:\\Windows ...
Modify Registry, Technique T1112 - Enterprise | MITRE ATT&CK®
- https://attack.mitre.org
- techniques
- https://attack.mitre.org
- techniques
2023/8/14 -Blue Mockingbird has used Windows Registry modifications to specify a DLL payload. ... rundll32.exe\shell\open . S0679 · Ferocious ... command line via reg.exe ...
api/lolbas.csv
- https://lolbas-project.github.io
- api
- lolbas
- https://lolbas-project.github.io
- api
- lolbas
2024/4/5 -... exe",".NET Tool used for updating cache files for ... rundll32.exe dfshim.dll,ShOpenVerbApplication http://www ... ZIP file from a folder in a remote drive ...
Q.--関連付けの変更-- WinXPです。 zipファイルをDLしようとしてクリックすると、「関連づけされたプログラムが存在しない為、「~~~zip」を開けませんでした 関連づけを変更してください...
解決済み-回答:3件-2008/9/18