Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities | Mandiant
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 0c5897f6-c342-4eeb-8495-d1bbe4f9092b |
| Fingerprint | 37798ad7efb494c5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 4, 2021, midnight |
| Added to db | Nov. 8, 2023, 10:43 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
| Title | Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities | Mandiant |
| Detected Hints/Tags/Attributes | 69/2/22 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 330 | ✔ | Threat Intelligence | https://www.mandiant.com/resources/blog/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 184 | cve-2021-26855 |
|
| Details | CVE | 90 | cve-2021-26857 |
|
| Details | CVE | 92 | cve-2021-26858 |
|
| Details | CVE | 126 | cve-2021-27065 |
|
| Details | Domain | 397 | asp.net |
|
| Details | File | 10 | umworkerprocess.exe |
|
| Details | File | 128 | w3wp.exe |
|
| Details | File | 8 | help.aspx |
|
| Details | File | 9 | iisstart.aspx |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 8 | c:\windows\system32\inetsrv\w3wp.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | md5 | 3 | 4b3039cf227c611c45d2242d1228a121 |
|
| Details | md5 | 3 | 0fd9bffa49c76ee12e51e3b8ae0609ac |
|
| Details | md5 | 2 | 79eb217578bed4c250803bd573b10151 |
|
| Details | IPv4 | 7 | 165.232.154.116 |
|
| Details | IPv4 | 5 | 182.18.152.105 |
|
| Details | IPv4 | 6 | 89.34.111.11 |
|
| Details | IPv4 | 6 | 86.105.18.116 |
|
| Details | Mandiant Uncategorized Groups | 9 | UNC2639 |
|
| Details | Mandiant Uncategorized Groups | 9 | UNC2640 |
|
| Details | Mandiant Uncategorized Groups | 11 | UNC2643 |