{\rtf1\ansi\ansicpg1252\cocoartf1671\cocoasubrtf200
{\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fswiss\fcharset0 ArialMT;}
{\colortbl;\red255\green255\blue255;\red108\green108\blue108;}
{\*\expandedcolortbl;;\cssrgb\c49804\c49804\c49804;}
\margl1440\margr1440\vieww13440\viewh12840\viewkind0
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0

\f0\fs24 \cf0 Ticket: 473822\
Incident: Tangerine Yellow\
Date: 2/15/2019 14:54:03\
Description: cmd.exe commands via Pineapple RAT\
Status: Assigned\
\
The following commands were collected via Sysmon following Pineapple RAT \
execution on the beachhead box.\
\
\
ipconfig /all\
arp -a\
echo %USERDOMAIN%\\%USERNAME%\
tasklist /v\
sc query\
systeminfo\
net group "Domain Admins" /domain\
net user /domain\
net group "Domain Controllers" /domain\
netsh advfirewall show allprofiles\
netstat -ano\
\
\
\pard\pardeftab720\sl560\partightenfactor0

\f1\fs22 \cf2 \expnd0\expndtw0\kerning0
\'a92019 The MITRE Corporation. ALL RIGHTS RESERVED\'a0 Approved for public release. Distribution unlimited 18-1528-43. }