Rule Library

Sigma Rules

18 rules found for "Bhabesh Raj"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threatcriticaltest

Fortinet CVE-2018-13379 Exploitation

Detects CVE-2018-13379 exploitation attempt against Fortinet SSL VPNs

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2018-13379detection.emerging-threats

Bhabesh RajTue Dec 082018

Emerging Threatcriticaltest

CVE-2020-10148 SolarWinds Orion API Auth Bypass

Detects CVE-2020-10148 SolarWinds Orion API authentication bypass attempts

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2020-10148detection.emerging-threats

Bhabesh Raj+1Sun Dec 272020

Emerging Threathightest

TerraMaster TOS CVE-2020-28188

Detects the exploitation of the TerraMaster TOS vulnerability described in CVE-2020-28188

T1190 · Exploit Public-Facing ApplicationTA0001 · Initial Accesscve.2020-28188detection.emerging-threats

Bhabesh RajMon Jan 252020

Emerging Threathightest

Potential PrintNightmare Exploitation Attempt

Detect DLL deletions from Spooler Service driver folder. This might be a potential exploitation attempt of CVE-2021-1675

WindowsFile Delete

TA0003 · PersistenceTA0005 · Defense EvasionTA0004 · Privilege EscalationT1574 · Hijack Execution Flow+2

Bhabesh RajThu Jul 012021

Emerging Threatcriticaltest

Arcadyan Router Exploitations

Detects exploitation of vulnerabilities in Arcadyan routers as reported in CVE-2021-20090 and CVE-2021-20091.

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-20090cve.2021-20091+1

Bhabesh RajTue Aug 242021

Emerging Threatcriticaltest

Oracle WebLogic Exploit CVE-2021-2109

Detects the exploitation of the WebLogic server vulnerability described in CVE-2021-2109

T1190 · Exploit Public-Facing ApplicationTA0001 · Initial Accesscve.2021-2109detection.emerging-threats

Bhabesh RajWed Jan 202021

Emerging Threathightest

CVE-2021-21972 VSphere Exploitation

Detects the exploitation of VSphere Remote Code Execution vulnerability as described in CVE-2021-21972

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-21972detection.emerging-threats

Bhabesh RajWed Feb 242021

Emerging Threathightest

CVE-2021-21978 Exploitation Attempt

Detects the exploitation of the VMware View Planner vulnerability described in CVE-2021-21978

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-21978detection.emerging-threats

Bhabesh RajTue Mar 102021

Emerging Threatcriticaltest

Fortinet CVE-2021-22123 Exploitation

Detects CVE-2021-22123 exploitation attempt against Fortinet WAFs

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-22123detection.emerging-threats

Bhabesh Raj+1Thu Aug 192021

Emerging Threathightest

Potential Atlassian Confluence CVE-2021-26084 Exploitation Attempt

Detects spawning of suspicious child processes by Atlassian Confluence server which may indicate successful exploitation of CVE-2021-26084

WindowsProcess Creation

TA0001 · Initial AccessTA0002 · ExecutionT1190 · Exploit Public-Facing ApplicationT1059 · Command and Scripting Interpreter+2

Bhabesh RajWed Sep 082021

Emerging Threathighstable

Potential CVE-2021-26857 Exploitation Attempt

Detects possible successful exploitation for vulnerability described in CVE-2021-26857 by looking for | abnormal subprocesses spawning by Exchange Server's Unified Messaging service

WindowsProcess Creation

T1203 · Exploitation for Client ExecutionTA0002 · Executioncve.2021-26857detection.emerging-threats

Bhabesh RajWed Mar 032021

Emerging Threathightest

CVE-2021-26858 Exchange Exploitation

Detects possible successful exploitation for vulnerability described in CVE-2021-26858 by looking for creation of non-standard files on disk by Exchange Server’s Unified Messaging service which could indicate dropping web shells or other malicious content

WindowsFile Event

T1203 · Exploitation for Client ExecutionTA0002 · Executioncve.2021-26858detection.emerging-threats

Bhabesh RajWed Mar 032021

Emerging Threatcriticaltest

Moriya Rootkit File Created

Detects the creation of a file named "MoriyaStreamWatchmen.sys" in a specific location. This filename was reported to be related to the Moriya rootkit as described in the securelist's Operation TunnelSnake report.

WindowsFile Event

TA0003 · PersistenceTA0004 · Privilege EscalationT1543.003 · Windows Servicedetection.emerging-threats

Bhabesh RajThu May 062021

Emerging Threathightest

Pingback Backdoor File Indicators

Detects the use of Pingback backdoor that creates ICMP tunnel for C2 as described in the trustwave report

WindowsFile Event

TA0004 · Privilege EscalationTA0005 · Defense EvasionTA0003 · PersistenceT1574.001 · DLL Search Order Hijacking+1

Bhabesh RajWed May 052021

Emerging Threathightest

Pingback Backdoor DLL Loading Activity

Detects the use of Pingback backdoor that creates ICMP tunnel for C2 as described in the trustwave report

WindowsImage Load (DLL)

TA0004 · Privilege EscalationTA0005 · Defense EvasionTA0003 · PersistenceT1574.001 · DLL Search Order Hijacking+1

Bhabesh RajWed May 052021

Emerging Threathightest

Pingback Backdoor Activity

Detects the use of Pingback backdoor that creates ICMP tunnel for C2 as described in the trustwave report

WindowsProcess Creation

TA0004 · Privilege EscalationTA0005 · Defense EvasionTA0003 · PersistenceT1574.001 · DLL Search Order Hijacking+1

Bhabesh RajWed May 052021

Emerging Threathightest

Potential Nimbuspwn Exploit CVE-2022-29799 and CVE-2022-27800

Detects potential exploitation attempts of Nimbuspwn vulnerabilities CVE-2022-29799 and CVE-2022-27800 in Linux systems.

TA0004 · Privilege EscalationT1068 · Exploitation for Privilege Escalationdetection.emerging-threatscve.2022-29799+1

Bhabesh RajWed May 042022

Emerging Threathightest

Potential CVE-2023-23752 Exploitation Attempt

Detects the potential exploitation attempt of CVE-2023-23752 an Improper access check, in web service endpoints in Joomla

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2023-23752detection.emerging-threats

Bhabesh RajThu Feb 232023