Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity
Tags
| attack-pattern: | Data Ip Addresses - T1590.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Powershell - T1086 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | c80a2bd0-05b0-4f88-a80d-8794638520d9 |
| Fingerprint | 350ab0d5f92bc4e7 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 19, 2022, 4:01 p.m. |
| Added to db | Oct. 24, 2023, 1:36 p.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity |
| Title | Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity |
| Detected Hints/Tags/Attributes | 28/1/31 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 105 | cve-2022-41040 |
|
| Details | CVE | 127 | cve-2022-41082 |
|
| Details | Domain | 258 | nmap.org |
|
| Details | Domain | 1 | powershell.dewd79hxlu.com |
|
| Details | Domain | 454 | www.google.com |
|
| Details | 1 | foo_var/owa/=&email=autodiscover/autodiscover.json?a@foo.var |
||
| Details | File | 16 | autodiscover.json |
|
| Details | File | 4 | nse.html |
|
| Details | IPv4 | 1 | 91.245.255.98 |
|
| Details | IPv4 | 1 | 152.89.198.108 |
|
| Details | IPv4 | 1 | 199.47.92.216 |
|
| Details | IPv4 | 1 | 192.241.217.237 |
|
| Details | IPv4 | 1 | 192.241.217.39 |
|
| Details | IPv4 | 1 | 192.241.219.153 |
|
| Details | IPv4 | 1 | 192.241.219.69 |
|
| Details | IPv4 | 1 | 192.241.213.162 |
|
| Details | IPv4 | 1 | 192.241.219.73 |
|
| Details | IPv4 | 1 | 192.241.212.186 |
|
| Details | IPv4 | 1 | 192.241.216.62 |
|
| Details | IPv4 | 1 | 192.241.212.202 |
|
| Details | IPv4 | 1 | 192.241.216.14 |
|
| Details | IPv4 | 1 | 192.241.218.85 |
|
| Details | IPv4 | 1 | 192.241.215.205 |
|
| Details | IPv4 | 1 | 192.241.220.212 |
|
| Details | IPv4 | 1 | 192.241.202.142 |
|
| Details | IPv4 | 1 | 192.241.220.87 |
|
| Details | IPv4 | 1 | 192.241.218.123 |
|
| Details | IPv4 | 1 | 192.241.212.173 |
|
| Details | IPv4 | 1 | 192.241.192.0 |
|
| Details | IPv4 | 4 | 104.0.0.0 |
|
| Details | Url | 4 | https://nmap.org/book/nse.html |