ioc[.]one - OSINT Cyber Threat Intelligence Database

Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty

Tags

attack-pattern:

Data Direct Domain Account - T1087.002 Domain Account - T1136.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	f547ce62-eaf9-40e3-91be-d93d2bdfdae3
Fingerprint	1679c7d6f83502e0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 4, 2024, midnight
Added to db	Sept. 5, 2024, 5:47 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty
Title	Exploiting Exchange PowerShell After ProxyNotShell: Part 1 - MultiValuedProperty
Detected Hints/Tags/Attributes	33/1/19

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty/86070
Details	Source	https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news
Details	thezdi.com	www.thezdi.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08
Details	400	✔	Zero Day Initiative - Blog	https://www.zerodayinitiative.com/blog/?format=rss	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	105		cve-2022-41040
Details	CVE	127		cve-2022-41082
Details	CVE	18		cve-2023-21529
Details	CVE	28		cve-2023-32031
Details	CVE	168		cve-2021-34473
Details	CVE	142		cve-2021-34523
Details	CVE	143		cve-2021-31207
Details	CVE	6		cve-2023-36756
Details	Domain	47		microsoft.exchange
Details	Domain	3		microsoft.exchange.data
Details	Domain	61		system.windows
Details	File	5		exchange.dat
Details	File	1		mvpscheme-new.png
Details	File	2125		cmd.exe
Details	File	312		calc.exe
Details	TippingPoint Zero Day Initiative	1		ZDI-23-163
Details	TippingPoint Zero Day Initiative	2		ZDI-23-881
Details	TippingPoint Zero Day Initiative	2		ZDI-23-162
Details	Url	1		https://images.squarespace-cdn.com/content/v1/5894c269e4fcb5e65a1ed623/9db6113e-04e2-4682-8428-0241111c9817/mvpscheme-new.png?format=1000w