Hafnium Update: Continued Microsoft Exchange Server Exploitation
Tags
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Vulnerabilities - T1588.006 Powershell - T1086 Rundll32 - T1085 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 9084c5b5-b700-4e6e-a27a-e3820f56d0b2
Fingerprint bb3c0bd7c9348765
Analysis status DONE
Considered CTI value 2
Text language
Published March 9, 2021, 7:52 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 5:56 p.m.
Headline Vulnerability Information
Title Hafnium Update: Continued Microsoft Exchange Server Exploitation
Detected Hints/Tags/Attributes 50/1/25
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2021/03/hafnium-update.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details CVE 90 
cve-2021-26857
Details CVE 184 
cve-2021-26855
Details CVE 92 
cve-2021-26858
Details CVE 126 
cve-2021-27065
Details CVE 8 
cve-2021-24085
Details Domain 291 
raw.githubusercontent.com
Details Domain 9 
microsoft.exchange.management
Details Domain 904 
snort.org
Details Domain 2 
owa.conf1g.com
Details Domain 3 
box.conf1g.com
Details Domain 3 
cdn.chatcdn.net
Details Domain 6 
estonine.com
Details File 380 
notepad.exe
Details File 14 
notepad++.exe
Details File 1 
%powercat.ps1
Details Github username 6 
besimorhino
Details Url 2 
http://cdn.chatcdn.net/p?hig190509
Details Url 2 
http://cdn.chatcdn.net/p?hig190521
Details Url 2 
http://cdn.chatcdn.net/p?hig200720
Details Url 2 
http://cdn.chatcdn.net/p?hig210304
Details Url 2 
http://cdn.chatcdn.net/p?hig210305
Details Url 2 
http://cdn.chatcdn.net/p?low190617
Details Url 2 
http://p.estonine.com/low?ipc
Details Url 4 
http://p.estonine.com/p?e
Details Url 2 
http://p.estonine.com/p?smb