Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

5 rules found for "CVE-2022-36804"

3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest

Atlassian Bitbucket Command Injection Via Archive API

Detects attempts to exploit the Atlassian Bitbucket Command Injection CVE-2022-36804

Web Server Log
Nasreddine Bencherchali (Nextron Systems)Thu Sep 292022
Emerging Threathightest

Potential OWASSRF Exploitation Attempt - Proxy

Detects exploitation attempt of the OWASSRF variant targeting exchange servers It uses the OWA endpoint to access the powershell backend endpoint

Proxy Log
Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022
Emerging Threatcriticaltest

OWASSRF Exploitation Attempt Using Public POC - Proxy

Detects exploitation attempt of the OWASSRF variant targeting exchange servers using publicly available POC. It uses the OWA endpoint to access the powershell backend endpoint

Proxy Log
Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022
Emerging Threathightest

Potential OWASSRF Exploitation Attempt - Webserver

Detects exploitation attempt of the OWASSRF variant targeting exchange servers It uses the OWA endpoint to access the powershell backend endpoint

Web Server Log
Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022
Emerging Threatcriticaltest

OWASSRF Exploitation Attempt Using Public POC - Webserver

Detects exploitation attempt of the OWASSRF variant targeting exchange servers using publicly available POC. It uses the OWA endpoint to access the powershell backend endpoint

Web Server Log
Nasreddine Bencherchali (Nextron Systems)Thu Dec 222022