Emerging Threats
CVE2021
CVE-2021-44228
3Rules
9References
1Folders
2023-01-02Latest
Summary
CVE-2021-44228 is tracked here through 3 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2021. Coverage centers on webserver, windows / process_creation.
Related Detections
Search this threatEmerging Threathightest
Log4j RCE CVE-2021-44228 in Fields
Detects exploitation attempt against log4j RCE vulnerability reported as CVE-2021-44228 in different header fields found in web server logs (Log4Shell)
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-44228detection.emerging-threats
Florian Roth (Nextron Systems)Fri Dec 102021
Emerging Threathightest
Log4j RCE CVE-2021-44228 Generic
Detects exploitation attempt against log4j RCE vulnerability reported as CVE-2021-44228 (Log4Shell)
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationdetection.emerging-threats
Florian Roth (Nextron Systems)Fri Dec 102021
Emerging Threathightest
Potential CVE-2021-44228 Exploitation Attempt - VMware Horizon
Detects potential initial exploitation attempts against VMware Horizon deployments running a vulnerable versions of Log4j.
WindowsProcess Creation
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-44228detection.emerging-threats
kostastsaleFri Jan 142021
References