Seven Malware Analysis Reports (MARs) have been added to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actors can upload a webshell to enable remote administration of the affected system.
d-PIT encourages users and administrators to review the following resources for more information.
- Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
- MAR-10328877-1.v1: China Chopper Webshell
- MAR-10328923-1.v1: China Chopper Webshell
- MAR-10329107-1.v1: China Chopper Webshell
- MAR-10329297-1.v1: China Chopper Webshell
- MAR-10329298-1.v1: China Chopper Webshell
- MAR-10329301-1.v1: China Chopper Webshell
- MAR-10329494-1.v1: China Chopper Webshell