ioc[.]one - OSINT Cyber Threat Intelligence Database

Detecting Exploitation of chainable zero-days vulnerabilities in Microsoft Exchange server

Tags

attack-pattern:

Data Ip Addresses - T1590.005 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Web Shell - T1505.003 Vulnerabilities - T1588.006 Powershell - T1086 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	c29ea19f-efd5-4798-9aad-5c51b14046e5
Fingerprint	b7a900d7aeb49513
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 5, 2021, 11:56 a.m.
Added to db	Sept. 29, 2024, 1:17 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Detecting Exploitation of chainable zero-days vulnerabilities in Microsoft Exchange server
Title	Detecting Exploitation of chainable zero-days vulnerabilities in Microsoft Exchange server
Detected Hints/Tags/Attributes	65/1/72

Source URLs

	Redirection	Url
Details	Source	https://www.logpoint.com/en/blog/microsoft-exchange-server-vulnerabilities/

URL Provider

Details	Provider	Source level domain
Details	logpoint.com	www.logpoint.com

Attributes

Details	Type	#Events	Value
Details	CVE	184	cve-2021-26855
Details	CVE	90	cve-2021-26857
Details	CVE	92	cve-2021-26858
Details	CVE	126	cve-2021-27065
Details	Domain	339	system.net
Details	Domain	47	microsoft.exchange
Details	Domain	22	duckduckgo.com
Details	Domain	335	www.facebook.com
Details	Domain	46	www.baidu.com
Details	Domain	88	www.bing.com
Details	Domain	454	www.google.com
Details	Domain	5	help.yahoo.com
Details	Domain	155	yandex.com
Details	Domain	4	www.googlebot.com
Details	File	10	umworkerprocess.exe
Details	File	51	wermgr.exe
Details	File	81	werfault.exe
Details	File	2	cachecleanup.bin
Details	File	2	cleanup.bin
Details	File	128	w3wp.exe
Details	File	1	w2wp.exe
Details	File	2126	cmd.exe
Details	File	1208	powershell.exe
Details	File	6	vs_setup_bootstrapper.exe
Details	File	11	dismhost.exe
Details	File	12	backgrounddownload.exe
Details	File	8	c:\windows\system32\cleanmgr.exe
Details	File	198	msmpeng.exe
Details	File	6	c:\windows\syswow64\onedrivesetup.exe
Details	File	97	mpcmdrun.exe
Details	File	32	powershell_ise.exe
Details	File	10	powercat.ps1
Details	File	256	net.exe
Details	File	48	net1.exe
Details	File	4	duckduckbot.html
Details	File	5	externalhit_uatext.php
Details	File	6	spider.html
Details	File	85	www.bin
Details	File	6	bingbot.htm
Details	File	12	bot.html
Details	File	17	main.css
Details	Github username	6	besimorhino
Details	IPv4	4	103.77.192.219
Details	IPv4	4	104.140.114.110
Details	IPv4	4	104.250.191.110
Details	IPv4	4	108.61.246.56
Details	IPv4	4	149.28.14.163
Details	IPv4	6	157.230.221.198
Details	IPv4	6	167.99.168.251
Details	IPv4	4	185.250.151.72
Details	IPv4	4	192.81.208.169
Details	IPv4	4	203.160.69.66
Details	IPv4	4	211.56.98.146
Details	IPv4	4	5.254.43.18
Details	IPv4	4	80.92.205.81
Details	IPv4	7	165.232.154.116
Details	IPv4	5	182.18.152.105
Details	IPv4	6	89.34.111.11
Details	IPv4	6	86.105.18.116
Details	IPv4	619	0.0.0.0
Details	Mandiant Uncategorized Groups	9	UNC2639
Details	Mandiant Uncategorized Groups	9	UNC2640
Details	Mandiant Uncategorized Groups	11	UNC2643
Details	Url	3	https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1
Details	Url	4	http://duckduckgo.com/duckduckbot.html
Details	Url	5	http://www.facebook.com/externalhit_uatext.php
Details	Url	5	http://www.baidu.com/search/spider.html
Details	Url	6	http://www.bing.com/bingbot.htm
Details	Url	12	http://www.google.com/bot.html
Details	Url	4	http://help.yahoo.com/help/us/ysearch/slurp
Details	Url	4	http://yandex.com/bots
Details	Url	3	http://www.googlebot.com/bot.html