Rule Library

Sigma Rules

3 rules found for "CVE-2021-40444"

3,731Total

3,132Detection

457Emerging

139Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threathightest

Suspicious Word Cab File Write CVE-2021-40444

Detects file creation patterns noticeable during the exploitation of CVE-2021-40444

WindowsFile Event

Florian Roth (Nextron Systems)+1Fri Sep 102021

Emerging Threathightest

Potential CVE-2021-40444 Exploitation Attempt

Detects potential exploitation of CVE-2021-40444 via suspicious process patterns seen in in-the-wild exploitations

WindowsProcess Creation

Florian Roth (Nextron Systems)Wed Sep 082021

Emerging Threathightest

Potential Exploitation Attempt From Office Application

Detects Office applications executing a child process that includes directory traversal patterns. This could be an attempt to exploit CVE-2022-30190 (MSDT RCE) or CVE-2021-40444 (MSHTML RCE)

WindowsProcess Creation

Christian Burkard (Nextron Systems)+1Thu Jun 022021