Emerging Threats
CVE2021
CVE-2021-40444
3Rules
8References
1Folders
2023-06-22Latest
Summary
CVE-2021-40444 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on windows / process_creation, windows / file_event.
Related Detections
Search this threatEmerging Threathightest
Suspicious Word Cab File Write CVE-2021-40444
Detects file creation patterns noticeable during the exploitation of CVE-2021-40444
WindowsFile Event
TA0042 · Resource DevelopmentT1587 · Develop Capabilitiesdetection.emerging-threats
Florian Roth (Nextron Systems)+1Fri Sep 102021
Emerging Threathightest
Potential CVE-2021-40444 Exploitation Attempt
Detects potential exploitation of CVE-2021-40444 via suspicious process patterns seen in in-the-wild exploitations
WindowsProcess Creation
TA0002 · ExecutionT1059 · Command and Scripting Interpretercve.2021-40444detection.emerging-threats
Florian Roth (Nextron Systems)Wed Sep 082021
Emerging Threathightest
Potential Exploitation Attempt From Office Application
Detects Office applications executing a child process that includes directory traversal patterns. This could be an attempt to exploit CVE-2022-30190 (MSDT RCE) or CVE-2021-40444 (MSHTML RCE)
WindowsProcess Creation
TA0002 · ExecutionTA0005 · Stealthcve.2021-40444detection.emerging-threats
Christian Burkard (Nextron Systems)+1Thu Jun 022021
References