ioc[.]one - OSINT Cyber Threat Intelligence Database

Windows Remote Assistance XXE vulnerability

Tags

attack-pattern:

Data Remote Desktop Protocol - T1021.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Remote Desktop Protocol - T1076

Show in Graph

Common Information

Type	Value
UUID	a538dfb2-3c55-4f68-ba47-ed6479607167
Fingerprint	ac99015174a7d207
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 20, 2018, midnight
Added to db	Feb. 17, 2023, 9:24 p.m.
Last updated	Oct. 31, 2024, 4:54 a.m.
Headline	Windows Remote Assistance XXE vulnerability
Title	Windows Remote Assistance XXE vulnerability
Detected Hints/Tags/Attributes	28/1/8

Source URLs

	Redirection	Url
Details	Source	https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/

URL Provider

Details	Provider	Source level domain
Details	krbtgt.pw	krbtgt.pw

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	6		cve-2018-0878
Details	Domain	2		krbtgt.pw
Details	File	4		xxe.xml
Details	File	58		win.ini
Details	File	8		c:\windows\win.ini
Details	File	3		mapi32.dll
Details	Url	1		http://krbtgt.pw:8080/xxe.xml
Details	Url	1		http://krbtgt.pw:8080/?%payload