Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 2a3eb9a7-6eb3-49b5-a18f-1b9e5c2d3a68 |
| Fingerprint | 24ebae57813eb495 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 6, 2022, 1:28 a.m. |
| Added to db | Sept. 11, 2022, 12:35 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration |
| Title | Will the Real Msiexec Please Stand Up? Exploit Leads to Data Exfiltration |
| Detected Hints/Tags/Attributes | 0/0/51 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 249 | ✔ | The DFIR Report | https://thedfirreport.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 15 | cve-2021-44077 |
|
| Details | Domain | 1 | logctl.zip |
|
| Details | Domain | 339 | system.net |
|
| Details | File | 5 | ekern.exe |
|
| Details | File | 1 | c:\program files\manageengine\supportcenterplus\bin\msiexec.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 1 | site24x7windowsagent.msi |
|
| Details | File | 1 | c:\program files\manageengine\supportcenterplus\bin\ which means the msiexec.exe |
|
| Details | File | 1 | c:\program files\manageengine\supportcenterplus\custom\login\fm2.jsp |
|
| Details | File | 1 | fm2.jsp |
|
| Details | File | 1 | c:\windows\temp\logctl.zip |
|
| Details | File | 1 | catalina.txt |
|
| Details | File | 1 | fxs.bat |
|
| Details | File | 1 | c:\windows\temp\fxs.bat |
|
| Details | File | 28 | plink.exe |
|
| Details | File | 53 | ekrn.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 69 | comsvcs.dll |
|
| Details | File | 127 | c:\windows\system32\rundll32.exe |
|
| Details | File | 27 | c:\windows\system32\comsvcs.dll |
|
| Details | File | 54 | file.exe |
|
| Details | File | 1 | c:\windows\temp\ekern.exe |
|
| Details | Github username | 27 | sigmahq |
|
| Details | md5 | 1 | 05cee9b71bdd99c22dde19957a6169e7 |
|
| Details | md5 | 1 | 03cbb2227284c4842906d3576372e604 |
|
| Details | md5 | 1 | 848f7edb825813aee4c09c7f2ec71d27 |
|
| Details | md5 | 1 | 0be5d9235059cb4f8b16fe798e822444 |
|
| Details | md5 | 1 | 9872E0A47E2F44BF6E22E976F061DAC0 |
|
| Details | sha1 | 1 | a188d7283c2b4744c4e91f18c59588c8471a2a86 |
|
| Details | sha1 | 1 | 8aeb24b51b339446cac2cb0a4c93ad98f709cf53 |
|
| Details | sha1 | 3 | 4709827c7a95012ab970bf651ed5183083366c79 |
|
| Details | sha1 | 1 | d18c88294c776815a5b1be0bd4508c9442b3877a |
|
| Details | sha1 | 1 | 916952c5407233eec5c0176c0e04f88af9e63978 |
|
| Details | sha1 | 1 | b4cb047ae720b37b11f8506de7965dc29d5920be |
|
| Details | sha1 | 1 | 329074d935ac81dd91cafdce5e5a43c95cca068d |
|
| Details | sha256 | 1 | 8703f52c56b3164ae0becfc5a81bfda600db9aa6d0f048767a9684671ad5899b |
|
| Details | sha256 | 1 | 6e5289df8be0403eda9f63f14c3b3c753a11e924e00484958166d03fcf922510 |
|
| Details | sha256 | 2 | 828e81aa16b2851561fff6d3127663ea2d1d68571f06cbd732fdf5672086924d |
|
| Details | sha256 | 1 | 4d8f797790019315b9fac5b72cbf693bceeeffc86dc6d97e9547c309d8cd9baf |
|
| Details | sha256 | 1 | c7862701ad23b631ef854570c67fc33331f6853dca65d4c3e825e2c3bb9b16ee |
|
| Details | IPv4 | 1 | 2.58.56.14 |
|
| Details | IPv4 | 1 | 185.220.101.76 |
|
| Details | IPv4 | 109 | 1.0.0.0 |
|
| Details | IPv4 | 1 | 23.81.246.84 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 192.221.154.141 |
|
| Details | IPv4 | 1 | 8.0.26.137 |
|
| Details | IPv4 | 1 | 5.239.37.78 |
|
| Details | IPv4 | 1 | 5.114.3.200 |
|
| Details | IPv4 | 1 | 5.113.111.4 |
|
| Details | IPv4 | 1 | 35.196.132.85 |