Rule Library
Sigma Rules
4 rules found for "HAFNIUM"
3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathighstable
Potential CVE-2021-26857 Exploitation Attempt
Detects possible successful exploitation for vulnerability described in CVE-2021-26857 by looking for | abnormal subprocesses spawning by Exchange Server's Unified Messaging service
WindowsProcess Creation
Bhabesh RajWed Mar 032021
Emerging Threathightest
CVE-2021-26858 Exchange Exploitation
Detects possible successful exploitation for vulnerability described in CVE-2021-26858 by looking for creation of non-standard files on disk by Exchange Server’s Unified Messaging service which could indicate dropping web shells or other malicious content
WindowsFile Event
Bhabesh RajWed Mar 032021
Emerging Threatcriticaltest
HAFNIUM Exchange Exploitation Activity
Detects activity observed by different researchers to be HAFNIUM group activity (or related) on Exchange servers
WindowsProcess Creation
Florian Roth (Nextron Systems)Tue Mar 092021
Emerging Threathightest
Exchange Exploitation Used by HAFNIUM
Detects exploitation attempts in Exchange server logs as described in blog posts reporting on HAFNIUM group activity
Web Server Log
Florian Roth (Nextron Systems)Wed Mar 032021