Exchange Exploitation CVE-2021-28480

calendar Aug 12, 2024 · attack.initial-access attack.t1190 cve.2021-28480 detection.emerging-threats  ·
Share on: linkedin copy

Detects successful exploitation of Exchange vulnerability as reported in CVE-2021-28480

Sigma rule (View on GitHub)

 1title: Exchange Exploitation CVE-2021-28480
 2id: a2a9d722-0acb-4096-bccc-daaf91a5037b
 3status: test
 4description: Detects successful exploitation of Exchange vulnerability as reported in CVE-2021-28480
 5references:
 6    - https://twitter.com/GossiTheDog/status/1392965209132871683?s=20
 7author: Florian Roth (Nextron Systems)
 8date: 2021-05-14
 9modified: 2023-01-02
10tags:
11    - attack.initial-access
12    - attack.t1190
13    - cve.2021-28480
14    - detection.emerging-threats
15logsource:
16    category: webserver
17detection:
18    selection:
19        cs-uri-query|contains: '/owa/calendar/a'
20        cs-method: 'POST'
21    filter_main_status:
22        sc-status: 503
23    condition: selection and not 1 of filter_*
24falsepositives:
25    - Unknown
26level: critical

References

Related rules

to-top