ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Brief: OWASSRF Vulnerability Exploitation

Tags

country:	Japan
attack-pattern:	Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Lsass Memory - T1003.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Serverless - T1583.007 Serverless - T1584.007 Ssh - T1021.004 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	f6e7d4a7-e9dd-4a8f-909f-d2f0b8f48081
Fingerprint	343900d6ba3fd963
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 23, 2022, 1:30 a.m.
Added to db	Dec. 23, 2022, 3:14 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Threat Brief: OWASSRF Vulnerability Exploitation
Title	Threat Brief: OWASSRF Vulnerability Exploitation
Detected Hints/Tags/Attributes	59/2/19

Source URLs

	Redirection	Url
Details	Source	https://unit42.paloaltonetworks.com/threat-brief-owassrf/

URL Provider

Details	Provider	Source level domain
Details	paloaltonetworks.com	unit42.paloaltonetworks.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	256	✔	Unit 42	https://unit42.paloaltonetworks.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	50		cve-2022-41080
Details	CVE	127		cve-2022-41082
Details	CVE	105		cve-2022-41040
Details	Domain	272		outlook.com
Details	Email	3		owa/mastermailbox@outlook.com
Details	Email	4		mastermailbox@outlook.com
Details	File	1		pta.exe
Details	File	128		w3wp.exe
Details	File	51		wermgr.exe
Details	File	13		wmiapsrv.exe
Details	File	172		dllhost.exe
Details	File	1208		powershell.exe
Details	IPv4	3		216.128.146.38
Details	IPv4	3		95.179.162.125
Details	IPv4	4		192.248.176.138
Details	IPv4	3		140.82.52.35
Details	IPv4	3		45.32.144.71
Details	IPv4	3		217.69.10.255
Details	IPv4	3		45.76.246.112