| {\rtf1\ansi\ansicpg1252\cocoartf1671\cocoasubrtf200 | |
| {\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fswiss\fcharset0 ArialMT;} | |
| {\colortbl;\red255\green255\blue255;\red108\green108\blue108;} | |
| {\*\expandedcolortbl;;\cssrgb\c49804\c49804\c49804;} | |
| \margl1440\margr1440\vieww13440\viewh12840\viewkind0 | |
| \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0 | |
| \f0\fs24 \cf0 Ticket: 473822\ | |
| Incident: Tangerine Yellow\ | |
| Date: 2/15/2019 14:54:03\ | |
| Description: cmd.exe commands via Pineapple RAT\ | |
| Status: Assigned\ | |
| \ | |
| The following commands were collected via Sysmon following Pineapple RAT \ | |
| execution on the beachhead box.\ | |
| \ | |
| \ | |
| ipconfig /all\ | |
| arp -a\ | |
| echo %USERDOMAIN%\\%USERNAME%\ | |
| tasklist /v\ | |
| sc query\ | |
| systeminfo\ | |
| net group "Domain Admins" /domain\ | |
| net user /domain\ | |
| net group "Domain Controllers" /domain\ | |
| netsh advfirewall show allprofiles\ | |
| netstat -ano\ | |
| \ | |
| \ | |
| \pard\pardeftab720\sl560\partightenfactor0 | |
| \f1\fs22 \cf2 \expnd0\expndtw0\kerning0 | |
| \'a92019 The MITRE Corporation. ALL RIGHTS RESERVED\'a0 Approved for public release. Distribution unlimited 18-1528-43. } |