ioc[.]one - OSINT Cyber Threat Intelligence Database

Azure SSRF Metadata

Tags

attack-pattern:

Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Ip Addresses - T1590.005 Local Accounts - T1078.003 Server - T1583.004 Server - T1584.004 Web Services - T1583.006 Web Services - T1584.006 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	f0bacf19-d970-4374-a346-96986ae078b6
Fingerprint	bd719d114fd1b2c5
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 22, 2023, 7:35 a.m.
Added to db	Aug. 31, 2024, 11:04 a.m.
Last updated	Nov. 18, 2024, 8:35 a.m.
Headline	Azure SSRF Metadata
Title	Azure SSRF Metadata
Detected Hints/Tags/Attributes	59/1/43

Source URLs

	Redirection	Url
Details	Redirection	https://blog.cybercx.com.au/azure-ssrf-metadata
Details	Redirection	https://cybercx.com.au/azure-ssrf-metadata/
Details	Source	https://cybercx.com.au/blog/azure-ssrf-metadata/

URL Provider

Details	Provider	Source level domain
Details	cybercx.com.au	blog.cybercx.com.au
Details	cybercx.com.au	cybercx.com.au

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	449	✔	CyberCX \| AU \| Blog	https://blog.cybercx.com.au/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4129	github.com
Details	Domain	12	management.azure.com
Details	Domain	150	www.w3.org
Details	Domain	208	learn.microsoft.com
Details	File	1	z28.blob
Details	File	1	umsak00qv445s1dkcjcd.blob
Details	File	1	umsacrcxrndpdpzplkwl.blob
Details	File	1	umsah0twc0d25lndsc0j.blob
Details	File	1	azuredefenderforservers.mde
Details	File	1	umsagxkprqml1tpvhwph.blob
Details	File	1	09_manifest.xml
Details	File	1	umsazgcntdcv5lncvgz0.blob
Details	File	1	umsakhqq1rhdnwhj0cjr.blob
Details	File	1	7a_manifest.xml
Details	File	1	umsafng1jksvbltk1h01.blob
Details	File	3	temp.key
Details	File	3	temp.crt
Details	File	2	payload.pfx
Details	File	2	wireserver.key
Details	File	1	protected_settings.raw
Details	File	2	goalstate10.xsd
Details	File	5	1.xml
Details	Github username	21	azure
Details	IPv4	88	169.254.169.254
Details	IPv4	7	168.63.129.16
Details	IPv4	1	1.0.8.139
Details	IPv4	1	1.0.3.7
Details	Mandiant Temporary Group Assumption	3	TEMP.KEY
Details	Mandiant Temporary Group Assumption	3	TEMP.CRT
Details	Url	1	https://github.com/azure/walinuxagent/issues/443
Details	Url	4	http://169.254.169.254/metadata/instance?api
Details	Url	7	https://management.azure.com
Details	Url	1	http://169.254.169.254/metadata/v1/instanceinfo
Details	Url	1	http://168.63.129.16/?comp=versions
Details	Url	1	http://168.63.129.16:32526/versions
Details	Url	2	http://168.63.129.16:32526/vmsettings
Details	Url	1	https://md-ssd-l2l3rrfl3qfm.z28.blob.storage.azure.net/$system/metadatahost..."},"invmmetadata":{"subscriptionid":"84...49","resourcegroupname":"rg-metadatadiscovery-test-westus2","vmname":"metadatahost","location":"westus3","vmid":"ce3...e6","vmsize":"standard_b1ls","ostype":"linux","vmimage":{"publisher":"canonical","offer":"0001-com-ubuntu-server-jammy","sku":"22_04-lts-gen2","version":"22.04.202304200"}},"gafamilies":[{"name":"prod","uris":["https://umsak00qv445s1dkcjcd.blob.core.windows.net/...","https://umsacrcxrndpdpzplkwl.blob.core.windows.net/...l","https://umsah0twc0d25lndsc0j.blob.core.windows.net/..."]}],"extensiongoalstates":[{"name":"microsoft.azure.azuredefenderforservers.mde.linux","version":"1.0.3.7","location":"https://umsagxkprqml1tpvhwph.blob.core.windows.net/60...09/60...09_manifest.xml","failoverlocation":"https://umsazgcntdcv5lncvgz0.blob.core.windows.net/60...09/60...09_manifest.xml","state":"enabled","autoupgrade":true,"runasstartuptask":false,"isjson":true,"useexactversion":true,"settingsseqno":2,"ismulticonfig":false,"settings":[{"protectedsettingscertthumbprint":"9b...47","protectedsettings":"mi...w=","publicsettings":"{\"azureresourceid\":\"/subscriptions/84...49/resourcegroups/rg-metadatadiscovery-test-westus2/providers/microsoft.compute/virtualmachines/metadatahost\",\"forcereonboarding\":false,\"vnextenabled\":false,\"autoupdate\":true}"}]},{"name":"microsoft.enterprisecloud.monitoring.omsagentforlinux","version":"1.14.23","location":"https://umsakhqq1rhdnwhj0cjr.blob.core.windows.net/68...7a/68...7a_manifest.xml","failoverlocation":"https://umsafng1jksvbltk1h01.blob.core.windows.net/68...7a/68...7a_manifest.xml
Details	Url	2	http://168.63.129.16/machine/?comp=goalstate
Details	Url	50	http://www.w3.org/2001/xmlschema-instance
Details	Url	1	http://168.63.129.16:80/machine/5a...db/a7...a6._metadatahost?comp=config&amp
Details	Url	1	http://168.63.129.16:80/machine/5a...db/a75...a6._metadatahost?comp=config&amp
Details	Url	1	http://168.63.129.16:80/machine/5a...db/a7...a6._metadatahost?comp=certificates&amp
Details	Url	1	https://learn.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16