security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
80098113d06750ddb9ab275d7df1049f88d4ea7c
blue-team-tools/rules/web/web_cve_2021_28480_exchange_exploit.yml
T
Nasreddine Bencherchali f527b8eb4c Rename Web CVE Rules 
Renamed WEB CVE rules to the format "web_cve_20XX_XXXX_rest_of_name"
2022-06-14 19:22:26 +01:00

23 lines
605 B
YAML
Raw Blame History

title: Exchange Exploitation CVE-2021-28480
id: a2a9d722-0acb-4096-bccc-daaf91a5037b
status: experimental
description: Detects successful exploitation of Exchange vulnerability as reported in CVE-2021-28480
references:
- https://twitter.com/GossiTheDog/status/1392965209132871683?s=20
author: Florian Roth
date: 2021/05/14
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
c-uri|contains: '/owa/calendar/a'
cs-method: 'POST'
filter:
sc-status: 503
condition: selection and not filter
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink