ioc[.]one - OSINT Cyber Threat Intelligence Database

MobileIron Log4Shell Exploitation Survey | Forged in Fire

Tags

country:

attack-pattern:

Data Bash History - T1552.003 Confluence - T1213.001 Credentials - T1589.001 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Bash History - T1139

Show in Graph

Common Information

Type	Value
UUID	284b9303-3ea6-488c-abe2-e6794dc5f8d4
Fingerprint	6681dd91c02735a0
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 28, 2022, midnight
Added to db	Oct. 22, 2023, 11:19 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
Title	MobileIron Log4Shell Exploitation Survey \| Forged in Fire
Detected Hints/Tags/Attributes	129/2/76

Source URLs

	Redirection	Url
Details	Source	https://www.mandiant.com/resources/blog/mobileiron-log4shell-exploitation
Details	Source	https://www.mandiant.com/resources/mobileiron-log4shell-exploitation

URL Provider

Details	Provider	Source level domain
Details	mandiant.com	www.mandiant.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	330	✔	Threat Intelligence	https://www.mandiant.com/resources/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	397	cve-2021-44228
Details	Domain	3	libxqagv.ns.dns3.cf
Details	Domain	3	eu.org
Details	Domain	1	335b5282.dns.1433.eu.org
Details	Domain	4	microsoftfile.com
Details	Domain	1	vpn599147072.softether.net
Details	Domain	1	111111.note.down-flash.com
Details	Domain	1	2f2640fb.dns.1433.eu.org
Details	Domain	1	63fac511.dns.1433.eu.org
Details	Domain	1	d5922235.dns.1433.eu.org
Details	Domain	1	e1cc4a4b.dns.1433.eu.org
Details	File	165	reg.exe
Details	File	2	vpn_bridge.config
Details	File	1	wtower_in.png
Details	File	2126	cmd.exe
Details	md5	2	00352d167c44272dba415c36867a8125
Details	md5	2	9fb1191ba0064d317a883677ce568023
Details	md5	1	f4dd330ff093e69a181854eccaa2432c
Details	md5	2	31c49b87463f4e4ce6ae4c442319d3a2
Details	IPv4	1	103.242.133.48
Details	IPv4	1	198.13.40.130
Details	IPv4	1	103.224.80.44
Details	IPv4	4	107.181.187.184
Details	IPv4	1	45.76.98.184
Details	IPv4	1	187.109.15.2
Details	IPv4	2	34.102.54.152
Details	IPv4	2	35.189.145.119
Details	IPv4	1	45.61.136.188
Details	IPv4	1	54.237.46.129
Details	IPv4	3	103.238.225.37
Details	IPv4	1	149.28.71.70
Details	IPv4	4	149.28.200.140
Details	IPv4	1	154.204.58.135
Details	IPv4	1	154.204.58.145
Details	IPv4	1	162.33.178.149
Details	IPv4	3	182.239.92.31
Details	IPv4	2	185.172.129.215
Details	IPv4	1	195.149.87.87
Details	IPv4	1	203.160.86.92
Details	Mandiant Security Validation Actions	1	A102-206
Details	Mandiant Security Validation Actions	1	A102-207
Details	Mandiant Security Validation Actions	1	A102-208
Details	Mandiant Security Validation Actions	1	A102-209
Details	Mandiant Security Validation Actions	1	A102-210
Details	Mandiant Security Validation Actions	1	A102-211
Details	Mandiant Security Validation Actions	1	A102-212
Details	Mandiant Security Validation Actions	1	A102-213
Details	Mandiant Security Validation Actions	1	A102-214
Details	Mandiant Security Validation Actions	1	A102-215
Details	Mandiant Security Validation Actions	1	A102-216
Details	Mandiant Security Validation Actions	1	A102-217
Details	Mandiant Security Validation Actions	1	A102-218
Details	Mandiant Security Validation Actions	1	A102-219
Details	Mandiant Security Validation Actions	1	A102-220
Details	Mandiant Security Validation Actions	1	A102-221
Details	Mandiant Security Validation Actions	1	A102-222
Details	Mandiant Security Validation Actions	1	A102-223
Details	Mandiant Security Validation Actions	1	A102-224
Details	Mandiant Security Validation Actions	1	A102-225
Details	Mandiant Security Validation Actions	1	A102-226
Details	Mandiant Security Validation Actions	1	A102-227
Details	Mandiant Security Validation Actions	1	A102-228
Details	Mandiant Uncategorized Groups	20	UNC2448
Details	Mandiant Uncategorized Groups	2	UNC3500
Details	Mandiant Uncategorized Groups	10	UNC961
Details	Mandiant Uncategorized Groups	1	UNC3007
Details	Mandiant Uncategorized Groups	1	UNC3543
Details	Mandiant Uncategorized Groups	1	UNC3569
Details	Mandiant Uncategorized Groups	1	UNC3581
Details	Mandiant Uncategorized Groups	1	UNC3594
Details	Mandiant Uncategorized Groups	1	UNC3510
Details	Mandiant Uncategorized Groups	1	UNC3582
Details	Mandiant Uncategorized Groups	1	UNC3614
Details	Mandiant Uncategorized Groups	1	UNC3535
Details	Threat Actor Identifier - APT	522	APT41
Details	Url	1	http://103.224.80.44:8080/kernel