This plugin detects the potential presence of a web shell in selected directories and this can be indicative that the host might have been targeted in the Hafnium campaign. It is recommended that the results are manually verified and appropriate remediation actions taken.
Note that Nessus has not tested for this issue but has instead looked for .aspx files that could potentially indicate compromise.
Binary data hafnium_ioc_detect.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | exchange_server | cpe:/a:microsoft:exchange_server |