Hide Navigation Hide TOC

Mailbox Export to Exchange Webserver (516376b4-05cd-4122-bae0-ad7641c38d48)

Detects a successful export of an Exchange mailbox to untypical directory or with aspx name suffix which can be used to place a webshell or the needed role assignment for it

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Mailbox Export to Exchange Webserver (516376b4-05cd-4122-bae0-ad7641c38d48)	Sigma-Rules	1
Web Shell - T1505.003 (5d0d3609-d06d-49e1-b9c9-b544e0c618cb)	Attack Pattern	Server Software Component - T1505 (d456de47-a16f-4e46-8980-e67478a12dcb)	Attack Pattern	2