Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857)
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Control Panel - T1218.002 Credentials - T1589.001 Email Account - T1087.003 Exploits - T1587.004 Exploits - T1588.005 Malicious File - T1204.002 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Web Services - T1583.006 Web Services - T1584.006 Vulnerabilities - T1588.006 Powershell - T1086 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 17db9633-421b-4525-b72f-7ba19a7a0a15
Fingerprint bd8914c5b9a5b0c7
Analysis status DONE
Considered CTI value 2
Text language
Published June 16, 2021, 12:02 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857)
Title Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857)
Detected Hints/Tags/Attributes 62/2/20
Source URLs
Redirection Url
Details Source https://bi-zone.medium.com/hunting-down-ms-exchange-attacks-part-1-proxylogon-cve-2021-26855-26858-27065-26857-6e885c5f197c
URL Provider
Details Provider Source level domain
Details medium.com bi-zone.medium.com
Attributes
Details Type #Events CTI Value
Details CVE 184 
cve-2021-26855
Details CVE 90 
cve-2021-26857
Details CVE 92 
cve-2021-26858
Details CVE 126 
cve-2021-27065
Details Domain 47 
microsoft.exchange
Details Domain 32 
ysoserial.net
Details Email 1 
user1@lab.local
Details File 15 
x.js
Details File 3 
rpcproxy.dll
Details File 2 
test.aspx
Details File 1 
resetvirtualdirectory.aspx
Details File 2130 
cmd.exe
Details File 128 
w3wp.exe
Details File 1212 
powershell.exe
Details File 1 
umcommon.dll
Details File 1 
umcore.dll
Details File 10 
umworkerprocess.exe
Details IPv4 1 
10.3.132.20
Details IPv4 16 
192.168.1.20
Details Url 1 
https://exchange/ecp/vdirmgmt/resetvirtualdirectory.aspx?pwmcid=6&returnobjecttype=1&id=7a466ca6