Tag
This rule detects suspicious file creations by the Microsoft Exchange Server Unified Messaging service, potentially indicative of exploitation of CVE-2021-26858, leading to web shell deployment for initial access, lateral movement, and persistence.