360 Netlab Blog - Network Security Research Lab at 360
  • Botnet
  • DNSMon
  • DDoS
  • PassiveDNS
  • Mirai
  • DTA

CVE-2021-26855

A collection of 2 posts
CVE-2021-26855

Microsoft Exchange Vulnerability (CVE-2021-26855) Scan Analysis

Background On March 2, 2021, Microsoft disclosed a remote code execution vulnerability in Microsoft Exchange server[1]。 We customized our Anglerfish honeypot to simulate and deploy Microsoft Exchange honeypot plug-in on March 3, and soon we started to see a large amount of related data, so far, we have already
  • Genshen Ye
    Genshen Ye
  • houliuyang
    houliuyang
Mar 25, 2021 12 min read
CVE-2021-26855

Microsoft Exchange 漏洞(CVE-2021-26855)在野扫描分析报告

背景介绍 2021年3月2号,微软披露了Microsoft Exchange服务器的远程代码执行漏洞[1]。 2021年3月3号开始,360网络安全研究院Anglerfish蜜罐开始模拟和部署Microsoft Exchange蜜罐插件,很快我们搜集到大量的漏洞检测数据,目前我们已经检测到攻击者植入Webshell,获取邮箱信息,甚至进行XMRig恶意挖矿(http://178.62.226.184/run.ps1)的网络攻击行为。根据挖矿文件路径名特征,我们将该Miner命名为Tripleone。 2021年3月6号开始,ProjectDiscovery和微软CSS-Exchange项目相继披露了漏洞检测脚本[2][3]。 Microsoft Exchange服务器的远程代码执行漏洞利用步骤复杂,一般从PoC公布到黑色产业攻击者利用需要一定的时间,我们看到这个攻击现象已经开始了。 CVE-2021-26855 植入Webshell POST /ecp/j2r3.js HTTP/1.1 Host: {target} Connection: keep-alive
  • Genshen Ye
    Genshen Ye
  • houliuyang
    houliuyang
Mar 25, 2021 13 min read
360 Netlab Blog - Network Security Research Lab at 360 © 2025
Powered by Ghost