# Not as so transparent ## Table of Contents * [Malware analysis](#Malware-analysis) * [Threat Intelligence](#Intel) * [Cyber kill chain](#Cyber-kill-chain) * [Indicators Of Compromise (IOC)](#IOC) * [Yara Rules](#Yara) * [References MITRE ATT&CK Matrix](#Ref-MITRE-ATTACK) * [Links](#Links) + [Original Tweet](#tweet) + [Link Anyrun](#Links-Anyrun) + [Ressources](#Ressources)
Command | Description |
---|---|
-procl | Get the list of process |
-thumb | Get info of a picture |
-clping | Check activity |
-putsrt | Push the persistence in a Run key |
-filsz | Get infos of a specific file |
-rupth | Push the data received |
-dowf | Save to a file the data pushed on the system |
-endpo | Kill a process |
-scrsz | Get the size of the screen |
-cownar | Download and run a executable file |
-cscreen | Get a screenshot |
-dirs | List all the drives and directories |
-stops | stop the mod for get periodical screenshot |
-scren | start the mod for get periodical screenshot |
-cnls | Allow index, send data and disable continue screenshot |
-udlt | Download and execute an executable for remove an user ? |
-delt | Delete a specific file |
-listf | List files |
-file | Get a specific file |
-info | Get user and system infos, check if the AV is on blacklist |
-runf | Execute a specific file |
-dowr | Download a file on the system |
-fldr | Get folders and go silent mod |
pdb path | g:\ulhtagnias\ulhtagnias\obj\Debug\ulhtagnias.pdb |
Compilation time | 2020-01-09 21:21:34 |
Creator | Dell-R |
Last Modified By | Bipin |
Creation date | 2020-01-15 10:02:00 |
Last Modified Date | 2020-01-17 04:41:00 |
Software used | Microsoft Office Word 12.0 (2007) |
Creator | Bipin |
Last Modified By | Bipin |
Creation date | 2020-01-12 07:14:43 |
Last Modified Date | 2020-01-12 07:14:43 |
Software used | Microsoft Office Word 12.0 (2007) |
Creator | |
Last Modified By | |
Creation date | 2020-01-12 07:04:53 |
Last Modified Date | 2020-01-12 07:08:59 |
Software used | Microsoft Office Word 12.0 (2007) |