Investigate a Compromised Exchange Server using SIEM and Sysmon
Tags
Show in Graph
Common Information
Type Value
UUID b2cfccf2-2de1-4a28-a5da-ecbffb10d4bd
Fingerprint b7170d1da4bf0192
Analysis status DONE
Considered CTI value 2
Text language
Published March 12, 2023, 5:48 p.m.
Added to db March 12, 2023, 7:23 p.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline Investigate a Compromised Exchange Server using SIEM and Sysmon
Title Investigate a Compromised Exchange Server using SIEM and Sysmon
Detected Hints/Tags/Attributes 0/0/8
Source URLs
Redirection Url
Details Source https://medium.com/@kelvin_ling/investigate-a-compromised-exchange-server-using-siem-and-sysmon-eee1d45a4e24?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 63 
cve-2020-0796
Details CVE 10 
cve-2018-13374
Details CVE 150 
cve-2018-13379
Details Domain 397 
asp.net
Details Domain 207 
learn.microsoft.com
Details Domain 768 
www.youtube.com
Details File 1 
c:\users\administrato\documents\cmd.exe
Details File 1 
c:\\users\\administrator\\documents\\cmd.exe