Hunt for IOCs in IIS Logs - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065
- C2 IP Addresses (used for scanning and exploitation)
- File Names (observed in exploitation attempts)
- Remote Code Execution (RCE)
powershell .\Exchange_IOC_Hunter.ps1
This repository will be updated with new IOC's as our security engagements evolve.