How Falcon Complete Stops Microsoft Exchange Server Exploits
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f856b275-c04f-4d49-a568-2c85ba5b4ebe |
| Fingerprint | 34791acfe8f6b781 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 4, 2021, 12:03 p.m. |
| Added to db | Jan. 18, 2023, 10:59 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Falcon Complete Stops Microsoft Exchange Server Zero-Day Exploits |
| Title | How Falcon Complete Stops Microsoft Exchange Server Exploits |
| Detected Hints/Tags/Attributes | 71/1/30 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 184 | cve-2021-26855 |
|
| Details | CVE | 90 | cve-2021-26857 |
|
| Details | CVE | 92 | cve-2021-26858 |
|
| Details | CVE | 126 | cve-2021-27065 |
|
| Details | CVE | 71 | cve-2020-0688 |
|
| Details | CVE | 8 | cve-2021-24085 |
|
| Details | Domain | 397 | asp.net |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | File | 128 | w3wp.exe |
|
| Details | File | 59 | csc.exe |
|
| Details | File | 5 | multiup.aspx |
|
| Details | File | 6 | y.js |
|
| Details | File | 8 | error.aspx |
|
| Details | File | 14 | logout.aspx |
|
| Details | File | 5 | outlookjp.aspx |
|
| Details | File | 20 | shell.aspx |
|
| Details | File | 5 | redirsuiteserverproxy.aspx |
|
| Details | File | 5 | outlookru.aspx |
|
| Details | File | 4 | online.aspx |
|
| Details | File | 6 | discover.aspx |
|
| Details | File | 5 | outlooken.aspx |
|
| Details | File | 5 | httpproxy.aspx |
|
| Details | IPv4 | 4 | 104.248.49.97 |
|
| Details | IPv4 | 4 | 161.35.1.207 |
|
| Details | IPv4 | 4 | 161.35.1.225 |
|
| Details | IPv4 | 6 | 157.230.221.198 |
|
| Details | IPv4 | 7 | 165.232.154.116 |
|
| Details | IPv4 | 4 | 167.99.239.29 |
|
| Details | IPv4 | 619 | 0.0.0.0 |
|
| Details | Microsoft Patch Numbers | 2 | KB5000871 |