Rule Library

Sigma Rules

9 rules found for "Sittikorn S"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection

Detects the suspicious file that is created from PoC code against Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527 (PrinterNightmare), CVE-2021-1675 .

Antivirus Alert

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1055 · Process Injectiondetection.emerging-threats+2

Sittikorn S+2Thu Jul 012021

Emerging Threathightest

VMware vCenter Server File Upload CVE-2021-22005

Detects exploitation attempts using file upload vulnerability CVE-2021-22005 in the VMWare vCenter Server.

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-22005detection.emerging-threats

Sittikorn SFri Sep 242021

Emerging Threathighstable

Pulse Connect Secure RCE Attack CVE-2021-22893

This rule detects exploitation attempts using Pulse Connect Secure(PCS) vulnerability (CVE-2021-22893)

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-22893detection.emerging-threats

Sittikorn STue Jun 292021

Emerging Threathightest

Potential CVE-2021-26084 Exploitation Attempt

Detects potential exploitation of CVE-2021-260841 a Confluence RCE using OGNL injection

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-26084detection.emerging-threats

Sittikorn S+1Tue Dec 132021

Emerging Threatcriticaltest

CVE-2021-31979 CVE-2021-33771 Exploits by Sourgum

Detects patterns as noticed in exploitation of Windows CVE-2021-31979 CVE-2021-33771 vulnerability and DevilsTongue malware by threat group Sourgum

WindowsFile Event

TA0001 · Initial AccessTA0002 · ExecutionTA0006 · Credential AccessT1566 · Phishing+4

Sittikorn SFri Jul 162021

Emerging Threatcriticaltest

CVE-2021-31979 CVE-2021-33771 Exploits

Detects patterns as noticed in exploitation of Windows CVE-2021-31979 CVE-2021-33771 vulnerability and DevilsTongue malware by threat group Sourgum

WindowsRegistry Set

TA0001 · Initial AccessTA0002 · ExecutionTA0006 · Credential AccessT1566 · Phishing+4

Sittikorn S+1Fri Jul 162021

Emerging Threathightest

Suspicious Word Cab File Write CVE-2021-40444

Detects file creation patterns noticeable during the exploitation of CVE-2021-40444

WindowsFile Event

TA0042 · Resource DevelopmentT1587 · Develop Capabilitiesdetection.emerging-threats

Florian Roth (Nextron Systems)+1Fri Sep 102021

Emerging Threatcriticaltest

CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit

Detects an authentication bypass vulnerability affecting the REST API URLs in ADSelfService Plus (CVE-2021-40539).

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing ApplicationTA0003 · PersistenceT1505.003 · Web Shell+2

Sittikorn S+1Fri Sep 102021

Emerging Threatmediumtest

Suspicious Set Value of MSDT in Registry (CVE-2022-30190)

Detects set value ms-msdt MSProtocol URI scheme in Registry that could be an attempt to exploit CVE-2022-30190.

WindowsRegistry Set

TA0005 · Defense Evasionattack.t1221detection.emerging-threats

Sittikorn SSun May 312022