ProxyShell vulnerabilities in Microsoft Exchange: What to do
Tags
Common Information
| Type | Value |
|---|---|
| UUID | ff2efa99-46c9-4853-aa57-6f28c807a2df |
| Fingerprint | b55da857beb56607 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 23, 2021, 6 p.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | ProxyShell vulnerabilities in Microsoft Exchange: What to do |
| Title | ProxyShell vulnerabilities in Microsoft Exchange: What to do |
| Detected Hints/Tags/Attributes | 0/0/26 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 168 | cve-2021-34473 |
|
| Details | CVE | 142 | cve-2021-34523 |
|
| Details | CVE | 143 | cve-2021-31207 |
|
| Details | Domain | 47 | microsoft.exchange |
|
| Details | 1 | evilcorp/ews/exchange.asmx?&email=autodiscover/autodiscover.json?@evil.corp |
||
| Details | File | 128 | w3wp.exe |
|
| Details | File | 86 | service.exe |
|
| Details | File | 16 | autodiscover.json |
|
| Details | File | 17 | exchange.asmx |
|
| Details | File | 1 | webshell_name.aspx |
|
| Details | File | 1 | 'autodiscover.json |
|
| Details | File | 1 | c:\inetpub\wwwroot\aspnet_client\654253568.aspx |
|
| Details | File | 1 | c:\inetpub\wwwroot\aspnet_client\system_web\%.aspx |
|
| Details | File | 1 | c:\inetpub\wwwroot\aspnet_client\%.aspx |
|
| Details | File | 1 | c:\program files\microsoft\exchange server\v15\frontend\httpproxy\owa\auth\%.aspx |
|
| Details | File | 1 | c:\program files\microsoft\exchange server\v15\frontend\httpproxy\ecp\auth\%.aspx |
|
| Details | File | 1 | c:\program files\microsoft\exchange server\v15\frontend\httpproxy\owa\auth\current\%.aspx |
|
| Details | File | 1 | c:\program files\microsoft\exchange server\v15\frontend\httpproxy\owa\auth\current\themes\%.aspx |
|
| Details | File | 1 | c:\programdata\%.aspx |
|
| Details | File | 1 | %.aspx |
|
| Details | File | 1 | '%.aspx |
|
| Details | File | 7 | applicationhost.config |
|
| Details | File | 3 | c:\windows\system32\inetsrv\config\applicationhost.config |
|
| Details | File | 1 | c:\windows\system32\createhidetask.exe |
|
| Details | File | 1 | c:\windows\system32\applicationupdate.exe |
|
| Details | File | 1208 | powershell.exe |