Exchange zero-day detection

Notices Alias todayMarch 5, 2021 197 1 1

Background
share close

Exchange zero-day vulnerability detection

If you think you were impacted from the Exchange zero-day vulnerability, you can run the list of IPs below in Virus Total to search for any potential indicators of compromise.

PowerShell scripts for hunting threats:

Download them here.

NMAP script for hunting vulnerable servers and validating patches:

Download the NMAP script here.

Bad IPs:

165.232.154.116
157.230.221.198
104.248.49.97
103.77.192.219
104.140.114.110
104.250.191.110
108.61.246.56
149.28.14.163
167.99.168.251
185.250.151.72
192.81.208.169
203.160.69.66
211.56.98.146
5.254.43.18
5.2.69.14
80.92.205.81
91.192.103.43
161.35.45.41
45.77.252.175

Reach out to the team here at Alias if you have any questions at all regarding the zero-day.

We’re here to bring you peace of mind.

Written by: Alias

Rate it

Previous post