Afternoon fellow blue teamers. I have some queries to detect IOCs from the recent 3CX compromise. I have a JSON file with an analytics rule you could import, as well as Defender advanced hunting queries.
melatonein5/3CXBeacoingKQLQuery: KQL to detect beaconing to IOCs from the 3CX compromise (github.com...
I thought I would make some of your lives easier. Happy Thursday!