Techniques
Sample rules
Java Payload Strings
- source: sigma
- technicques:
- t1190
Description
Detects possible Java payloads in web access logs
Detection logic
condition: keywords
keywords:
- '%24%7B%28%23a%3D%40'
- ${(#a=@
- '%24%7B%40java'
- ${@java
- u0022java
- '%2F%24%7B%23'
- /${#
- new+java.
- getRuntime().exec(
- getRuntime%28%29.exec%28