Erkennung von und Reaktion auf die Ausnutzung von Microsoft Exchange-spezifischen Zero-Day-Schwachstellen | Mandiant
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID aa80e564-6728-4092-899a-ef3de153008d
Fingerprint 6688c053fead89f6
Analysis status DONE
Considered CTI value 2
Text language
Published March 4, 2021, midnight
Added to db Sept. 29, 2024, 1:12 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Erkennung von und Reaktion auf die Ausnutzung von Microsoft Exchange-spezifischen Zero-Day-Schwachstellen
Title Erkennung von und Reaktion auf die Ausnutzung von Microsoft Exchange-spezifischen Zero-Day-Schwachstellen | Mandiant
Detected Hints/Tags/Attributes 35/2/22
Source URLs
Redirection Url
Details Source https://www.mandiant.de/resources/blog/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities
URL Provider
Details Provider Source level domain
Details mandiant.de www.mandiant.de
Attributes
Details Type #Events CTI Value
Details CVE 184 
cve-2021-26855
Details CVE 90 
cve-2021-26857
Details CVE 92 
cve-2021-26858
Details CVE 126 
cve-2021-27065
Details Domain 397 
asp.net
Details File 10 
umworkerprocess.exe
Details File 128 
w3wp.exe
Details File 8 
help.aspx
Details File 9 
iisstart.aspx
Details File 2127 
cmd.exe
Details File 8 
c:\windows\system32\inetsrv\w3wp.exe
Details File 478 
lsass.exe
Details md5 3 
4b3039cf227c611c45d2242d1228a121
Details md5 3 
0fd9bffa49c76ee12e51e3b8ae0609ac
Details md5 2 
79eb217578bed4c250803bd573b10151
Details IPv4 7 
165.232.154.116
Details IPv4 5 
182.18.152.105
Details IPv4 6 
89.34.111.11
Details IPv4 6 
86.105.18.116
Details Mandiant Uncategorized Groups 9 
UNC2639
Details Mandiant Uncategorized Groups 9 
UNC2640
Details Mandiant Uncategorized Groups 11 
UNC2643