CVE2022

CVE-2022-41082

4Rules

3References

1Folders

2023-01-02Latest

Summary

CVE-2022-41082 is tracked here through 4 Sigma detections for exploitation attempts and related post-exploitation behavior observed in 2022. Coverage centers on proxy, webserver.

Related Detections

Search this threat

Emerging Threatcriticaltest

OWASSRF Exploitation Attempt Using Public POC - Webserver

Detects exploitation attempt of the OWASSRF variant targeting exchange servers using publicly available POC. It uses the OWA endpoint to access the powershell backend endpoint

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationdetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022

Emerging Threathightest

Potential OWASSRF Exploitation Attempt - Webserver

Detects exploitation attempt of the OWASSRF variant targeting exchange servers It uses the OWA endpoint to access the powershell backend endpoint

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationdetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022

Emerging Threatcriticaltest

OWASSRF Exploitation Attempt Using Public POC - Proxy

Detects exploitation attempt of the OWASSRF variant targeting exchange servers using publicly available POC. It uses the OWA endpoint to access the powershell backend endpoint

Proxy Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationdetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022

Emerging Threathightest

Potential OWASSRF Exploitation Attempt - Proxy

Detects exploitation attempt of the OWASSRF variant targeting exchange servers It uses the OWA endpoint to access the powershell backend endpoint

Proxy Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationdetection.emerging-threats

Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022

References