Microsoft Exchange ProxyNotShell Exploit Traffic - Proxy

Rule Info

Name
Microsoft Exchange ProxyNotShell Exploit Traffic - Proxy
Author
pH-T
Description
Detects Microsoft Exchange exploit traffic for CVE-2022-41040 and CVE-2022-41082 (A.K.A ProxyNotShell)
Reference
https://github.com/testanull/ProxyNotShell-PoC
Date
2022-11-21 00:00:00
Modified
2023-03-28 00:00:00
Id
6ee5187f-4e7d-406d-8338-01b2cd0385e6
Tags
attack.execution
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022