Microsoft updated MSERT to detect web shells used in attacks against Microsoft Exchange installs
Administrators could use MSERT to make a full scan of the install or they can perform a ‘Customized scan’ of the paths where malicious files from the threat actor have been observed.
