ioc[.]one - OSINT Cyber Threat Intelligence Database

Microsoft-365-Defender-Hunting-Queries/exchange-iis-worker-dropping-webshell.md at master · microsoft/Microsoft-365-Defender-Hunting-Queries

Tags

attack-pattern:

Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	fd3f7f58-27b1-42b5-85f9-205bdc397785
Fingerprint	f7419242afb65817
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 1, 2022, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 15, 2024, 9:31 p.m.
Headline	Exchange Server IIS dropping web shells and other artifacts
Title	Microsoft-365-Defender-Hunting-Queries/exchange-iis-worker-dropping-webshell.md at master · microsoft/Microsoft-365-Defender-Hunting-Queries
Detected Hints/Tags/Attributes	34/1/6

Source URLs

	Redirection	Url
Details	Source	https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Execution/exchange-iis-worker-dropping-webshell.md

URL Provider

Details	Provider	Source level domain
Details	github.com	github.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		exchange-iis-worker-dropping-webshell.md
Details	Domain	397		asp.net
Details	File	8		'w3wp.exe
Details	File	5		'.tmp
Details	File	5		'.xml
Details	File	4		'.js