ioc[.]one - OSINT Cyber Threat Intelligence Database

Making Clouds Rain :: Remote Code Execution in Microsoft Office 365

Tags

attack-pattern:

Data Model Control Panel - T1218.002 Dns - T1071.004 Dns - T1590.002 Domain Account - T1087.002 Domain Account - T1136.002 Email Accounts - T1585.002 Email Accounts - T1586.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Trap - T1546.005 Connection Proxy - T1090 Powershell - T1086 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	a4c01f9c-87b1-45d0-a952-e86d4f6b7288
Fingerprint	8e791b5928055652
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 12, 2021, 2 p.m.
Added to db	Jan. 18, 2023, 10:28 p.m.
Last updated	Nov. 17, 2024, 12:58 p.m.
Headline	Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
Title	Making Clouds Rain :: Remote Code Execution in Microsoft Office 365
Detected Hints/Tags/Attributes	58/1/50

Source URLs

	Redirection	Url
Details	Source	https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html

URL Provider

Details	Provider	Source level domain
Details	srcincite.io	srcincite.io

Attributes

Details	Type	#Events	Value
Details	CVE	1	cve-2020-168751
Details	CVE	4	cve-2019-1373
Details	CVE	10	cve-2020-16875
Details	CVE	2	cve-2020-171324
Details	CVE	9	cve-2020-17132
Details	Domain	397	asp.net
Details	Domain	47	microsoft.exchange
Details	Domain	9	microsoft.exchange.management
Details	Domain	3	this.page
Details	Domain	2	httppostedfile.inputstream.read
Details	Domain	13	this.name
Details	Domain	26	outlook.office365.com
Details	Domain	12	outlook.office.com
Details	Domain	339	system.net
Details	Domain	1	qpjx5jhw5iepwty74syonufe85ev2k.burpcollaborator.net
Details	Domain	1	namprd18.prod.outlook.com
Details	Domain	452	msrc.microsoft.com
Details	Domain	3	office365itpros.com
Details	File	10	management.dll
Details	File	2	base.dat
Details	File	1	controlpanel.dll
Details	File	2	page.reg
Details	File	1	managepolicyfromisv.aspx
Details	File	10	poc.xml
Details	File	1	c:\path\to\some\poc.xml
Details	File	18	this.dat
Details	File	12	mscorlib.dll
Details	File	11	system.core
Details	File	19	system.xml
Details	File	2	keyvaluepair.key
Details	File	15	powershell.core
Details	IPv4	1	15.0.2.0
Details	IPv4	1	20.181.63.14
Details	IPv4	8	255.255.255.192
Details	IPv4	1	20.181.63.4
Details	IPv4	1	169.254.10.45
Details	IPv4	23	255.255.0.0
Details	IPv4	1	172.22.160.1
Details	IPv4	3	255.255.240.0
Details	IPv4	619	0.0.0.0
Details	IPv6	1	2603:10b6:806:9c::14
Details	IPv6	1	fe80::5cb7:b22d:4b7e:cf08%4
Details	IPv6	1	2603:10b6:806:9c::4
Details	IPv6	1	fe80::48e1:93d:5474:330d%9
Details	IPv6	1	fe80::5c31:25e9:ba27:e6bc
Details	Url	1	http://qpjx5jhw5iepwty74syonufe85ev2k.burpcollaborator.net
Details	Url	1	https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-16875
Details	Url	1	https://office365itpros.com/2019/10/24/office-365-hits-200-million-monthly-active-users
Details	Url	1	https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_language_modes?view=powershell-7.1
Details	Url	1	https://msrc.microsoft.com/update-guide/vulnerability/cve-2020-17132