Automated Data Exfiltration With XXE | Aon
Tags
attack-pattern: Data Credentials - T1589.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Web Service - T1481 Tool - T1588.002 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID 4fea8f24-33b3-4518-8005-156dbb9d6487
Fingerprint 3b4a921076570385
Analysis status DONE
Considered CTI value 0
Text language
Published April 29, 2015, midnight
Added to db Jan. 18, 2023, 8:30 p.m.
Last updated Nov. 17, 2024, 5:55 p.m.
Headline Automated Data Exfiltration With XXE
Title Automated Data Exfiltration With XXE | Aon
Detected Hints/Tags/Attributes 29/1/15
Source URLs
Redirection Url
Details Source https://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html
URL Provider
Details Provider Source level domain
Details gdssecurity.com blog.gdssecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 831 
example.com
Details Domain 66 
redacted.com
Details Domain 1 
xxeclient.py
Details Domain 1 
catalina.properties
Details Domain 70 
evil.com
Details Email 1 
jdoe@redacted.com
Details Email 1 
jdoe@example.com
Details File 1 
ncontext.xml
Details File 1 
nserver.xml
Details File 1 
ntomcat-users.xml
Details File 1 
nweb.xml
Details File 1 
xxeclient.py
Details File 2 
context.xml
Details File 2 
javax.sql
Details Url 1 
http://evil.com/evil.dtd