ioc[.]one - OSINT Cyber Threat Intelligence Database

LetsDefend SA Event ID: 189, SOC227 — Microsoft SharePoint Server Elevation of Privilege —…

Tags

cmtmf-attack-pattern:	Code Injection
country:	China
attack-pattern:	Code Injection - T1540 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Ssh - T1021.004 Vulnerabilities - T1588.006 Whois - T1596.002

Show in Graph

Common Information

Type	Value
UUID	4defd658-59f5-48da-b01f-73f84356d0d6
Fingerprint	3da03113fa5f1040
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 28, 2024, 4:19 a.m.
Added to db	Sept. 28, 2024, 6:37 a.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	LetsDefend SA Event ID: 189, SOC227 — Microsoft SharePoint Server Elevation of Privilege — Possible CVE-2023–29357 Exploitation
Title	LetsDefend SA Event ID: 189, SOC227 — Microsoft SharePoint Server Elevation of Privilege —…
Detected Hints/Tags/Attributes	40/3/23

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@abalonpsalmer/letsdefend-sa-event-id-189-soc227-microsoft-sharepoint-server-elevation-of-privilege-c3cfead5b3ab?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	48	cve-2023-29357
Details	Domain	268	www.virustotal.com
Details	Domain	9	www.abuseipdb.com
Details	Domain	55	otx.alienvault.com
Details	Domain	107	talosintelligence.com
Details	Domain	17	whois.domaintools.com
Details	Domain	4127	github.com
Details	Domain	55	exploit.py
Details	File	17	base64.url
Details	File	7	self.url
Details	File	7	json.json
Details	File	55	exploit.py
Details	Github username	4	chocapikk
Details	IPv4	1	172.16.17.233
Details	IPv4	1	39.91.166.222
Details	Url	1	https://www.picussecurity.com/resource/blog/cve-2023-29357-sharepoint-server-privilege-escalation-vulnerability
Details	Url	1	https://socprime.com/blog/cve-2023-29357-detection-microsoft-sharepoint-server-elevation-of-privilege-vulnerability-exploitation-can-lead-to-pre-auth-rce-chain
Details	Url	1	https://www.virustotal.com/gui/ip-address/39.91.166.222/detection
Details	Url	1	https://www.abuseipdb.com/check/39.91.166.222?page=5#report
Details	Url	1	https://otx.alienvault.com/indicator/ip/39.91.166.222
Details	Url	1	https://talosintelligence.com/reputation_center/lookup?search=39.91.166.222
Details	Url	1	https://whois.domaintools.com/39.91.166.222
Details	Url	1	https://github.com/chocapikk/cve-2023-29357/blob/main/exploit.py