THREATOPS
THREAT OPSThreat News › Threat hunting case study: ToolShell

Threat hunting case study: ToolShell

infointel471Published 2025-09-23

In July 2025 threat actors exploited zero-day vulnerabilities in on-premises Microsoft SharePoint servers in an incident known as ToolShell. In this case study, we conduct a threat hunt for ToolShell-related activity.

MITRE ATT&CK techniques

Original source: https://www.intel471.com/blog/threat-hunting-case-study-toolshell