Product
medium
threat
Suspicious File Creation by Microsoft Exchange Unified Messaging Service
2 rules 3 TTPs 1 CVEThis rule detects suspicious file creations by the Microsoft Exchange Server Unified Messaging service, potentially indicative of exploitation of CVE-2021-26858, leading to web shell deployment for initial access, lateral movement, and persistence.
exploited
Microsoft Exchange Server
exchange
webshell
cve-2021-26858
initial-access
2r
3t
1c
medium
threat
Exchange PowerShell Used to Add New ActiveSync Allowed Device
2 rules 3 TTPsAn adversary may use the Exchange PowerShell cmdlet, Set-CASMailbox, to add a new ActiveSync allowed device, potentially gaining persistent access to a user's email and sensitive information.
exploited
Microsoft Exchange Server
exchange
powershell
activesync
persistence
2r
3t