(800) 989-2647

[email protected]

Cyberthreat Research

Microsoft IOC Detection Tool for Exchange Server vulnerabilities

Fortify Security Team
Mar 16, 2021

Microsoft has released the EOMT.ps1 tool that can automate portions of both the detection and patching process and help your organization check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities.

In addition, CISA has added seven Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities: https://us-cert.cisa.gov/ncas/alerts/aa21-062a. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actors can upload a webshell to enable remote administration of the affected system.

CISA has also added information on ransomware activity associated with exploitation of the Exchange Server products, including DearCry ransomware.

CISA encourages users and administrators to review the following resources for more information.

Recent Posts

CVE-2021-36934 – HiveNightmare

Jul 27, 2021 |

Summary The default configuration in Microsoft Windows 10 v1809 and newer includes an elevation of privilege vulnerability, because of overly permissive Access Control Lists (ACLs) in the Security Accounts Manager (SAM) database, as well as multiple other system...

Kaseya IOC

Jul 3, 2021 |

Indicators of Compromise agent.crt encoded dropper 2093c195b6c1fd6ab9e1110c13096c5fe130b75a84a27748007ae52d9e951643 agent.exe dropper d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e Payloads...

Trickbot Hash List

Mar 14, 2021 |

f2874391df65d47da6e5b72c904fd8d91c85232382dad677bb074767e51ffd85 879e8fc3f83f3444f12ca1f98389a1f5ee8c90deb713e33b35456ade8261ee91 7b7c58829aa5ead726e159c20def670e430b67d4cb995df00bc619edcde246c8 d07a963a14b759050f21fe96335876ff2bddd7c4a301c6625a6dba55c634310b...

Increase in PYSA Ransomware Targeting Education Institutions

FBI reporting has indicated a recent increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom. PYSA, also known as Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on...

Trickbot Hash List

f2874391df65d47da6e5b72c904fd8d91c85232382dad677bb074767e51ffd85 879e8fc3f83f3444f12ca1f98389a1f5ee8c90deb713e33b35456ade8261ee91 7b7c58829aa5ead726e159c20def670e430b67d4cb995df00bc619edcde246c8 d07a963a14b759050f21fe96335876ff2bddd7c4a301c6625a6dba55c634310b...

Sodinokibi Ransomware Hash List

Threat actors using the Sodinokibi ransomware made “at least” $123 million in 2020, stealing roughly 21.6 terabytes of data. Sodinokibi was the most-used ransomware observed by the researchers, accounting for 22% of all incidents in 2020....