CVE-2022-41082 Configuration

« CVE-2022-41082 »
v0.4 by crowdsecurity
Attack scenarioremediation:truetype:exploit service:exchangespoofable:0MITRE:T1595MITRE:T1190confidence:3

Detect CVE-2022-41082 exploits

Installation

cscli scenarios install crowdsecurity/CVE-2022-41082

YAML Configuration

1type: trigger
2#debug: true
3name: crowdsecurity/CVE-2022-41082
4description: "Detect CVE-2022-41082 exploits"
5filter: |
6  Upper(evt.Meta.http_path) contains Upper('/autodiscover/autodiscover.json') &&
7  Upper(evt.Parsed.http_args) contains Upper('powershell')
8
9blackhole: 1m
10groupby: "evt.Meta.source_ip"
11labels:
12  type: exploit
13  remediation: true
14  classification:
15    - attack.T1595
16    - attack.T1190
17    - cve.CVE-2022-41082
18  spoofable: 0
19  confidence: 3
20  behavior: "http:exploit"
21  service: exchange
22  label: "Microsoft Exchange CVE-2022-41082"
23

Hub configuration

« CVE-2022-41082 »v0.4 by crowdsecurityAttack scenarioremediation:truetype:exploit service:exchangeCVE-2022-41082spoofable:0MITRE:T1595MITRE:T1190confidence:3

« CVE-2022-41082 »
v0.4 by crowdsecurity
Attack scenarioremediation:truetype:exploit service:exchangespoofable:0MITRE:T1595MITRE:T1190confidence:3